ShadowPlex Active Defense

Passive Defense vs Active Defense

Cyber security defenses can be Passive or Active. Passive solutions focus on “Denial”; essentially denying access to an asset when an attack against it is detected. Active Defense proactively detects and diverts attacks and engages the adversary to learn the attack Tactics, Techniques, and Procedures (TTPs). Active Defense is also about dynamically changing the landscape or the attacker’s perception to detect and mitigate attacks early.

MITRE Engage

MITRE recently launched MITRE Engage, a knowledge base for Active Defense and adversary engagement. Not surprisingly, MITRE Engage features Deception methodologies as the most effective solution for adopting an Active Defense strategy. Deception technology has taken the center stage for Active Defense, as deceptions do not affect legitimate traffic and transactions, but are deployed to detect and respond to malicious activities.

Acalvio ShadowPlex Active Defense, built on ShadowPlex Autonomous Deception platform, provides early detection of cyber threats with precision and speed. ShadowPlex is built on 25+ issued patents and leverages AI to make deployment and management of deception autonomous. Based on unique DeceptionFarms® architecture, ShadowPlex Active Defense delivers distributed deception at enterprise scale, across on-premises, OT and Cloud workloads. Advanced Threats have evolved to living-off-the-land, file-less, malware-less, becoming stealthier and persistent, making them very hard to detect. ShadowPlex Active Defense combines breakthrough Deception Technology with Advanced Analytics, to detect and respond to such advanced threats.

Wide Range of Support

Customized Deception for IT & OT Networks

Covers On-Premises & Cloud workloads and Remote Users

On-Premises IT Networks

OT/ICS Networks

Cloud Workloads

Remote Users

Comprehensive Deception Palette

ShadowPlex provides a variety of deceptions to cast a wide net to arrest threats before they can cause harm. The deception types span Decoys that are added to the network, Breadcrumbs that are deployed on existing enterprise assets, Baits that act as tripwires on endpoints and Lures that are deliberately mis-configured or vulnerable services or applications that can be effectively used in ferreting latent threats. The extensible framework allows customers to add new deception types.

Flexible Deployment Options

Cloud to On-Premises

Easy deployment from your favorite cloud provider

On-Premises to On-Premises

On-premises hosting of our cloud-scalable deception platform

Cloud to Cloud

Protect cloud workloads with deceptions delivered from the cloud

Agentless Endpoint Deception Deployment and Refresh

  • Breadcrumbs/baits automatically configured and personalized for every individual host
  • No footprint left behind on assets. Ensures no additional attack surface and no fingerprints
  • Breadcrumbs and Baits periodically updated to keep fresh and dynamic

Autonomous Deception

Unique “Deception Playbooks” technology

Separates Design of Deception from Deployment of Deception

Ease of Use – Configuring and Managing thousands of deceptions

Effective Deception – Blended and Relevant Deception for every subnet and every endpoint

Use Cases

Detection of Endpoint Exploits and Lateral Movement

  • Deploy a comprehensive layer of deception across endpoints and enterprise network to detect attacks, even zero-day exploits

Comprehensive Active Directory Protection

  • Protect the Production Domain at an early stage of attack and also against advanced AD Attacks

Protection Against Ransomware Attacks

  • Specialized Deceptions to detect known and zero-day ransomware
Protection of Key Assets

  • Specialized Deceptions and Analytics to protect key assets in the Enterprise network

Detection of LLMNR Poisoning

  • Automatic LLMNR requests to detect poisoning attempts

Log4Shell Protection

  • Provides visibility into vulnerable assets and detects exploit attempts

Auto-triaging of ShadowPlex Detection Events

  • Leverages multiple data sources and advanced analytics to auto-triage all deception events.
  • Auto-triaging ensures only high-fidelity detection incidents are highlighted and forwarded to the SIEM, SOAR or IR platforms.
  • Maps to MITRE ATT&CK Framework and covers MITRE Engage

Powerful Response Capabilities

Integration with Security Ecosystem

ShadowPlex integrates with a wide range of solutions such as SOAR, SIEM, EDR, AD, Network Management Solutions, Email Servers, Software Management Solutions (such as SCCM, Chef, Puppet, and other platform-specific tools) among other solutions. ShadowPlex leverages integrations with these defense systems for network discovery, gathering forensic data from endpoints, breadcrumb and bait deployment on network endpoints and assets, as well as for automated response.

Next Steps

Explore our patented technologies to enable Active Defense and Identity Security in your enterprise.