Identity Threat Detection & Response
Acalvio Identity Threat Detection & Response (ITDR) solution includes visibility and management of the identity attack surface area and an effective deception-based solution to detect and respond against identity attacks. The first step in reducing the attacker’s chance for success is to identify the identity attack surface. For the attack surface that cannot be removed, ShadowPlex provides targeted cyber deception to detect and respond to identity compromise attempts.
Identity Attack Surface Visibility & Management
Identity Attack Surface includes identity repositories and credential caches on endpoints. ShadowPlex provides deep visibility into the attack vectors in both kinds of identity stores and proactive management of the identity attack paths.
ShadowPlex provides insights into the attack targets in on-premises AD deployments, Azure AD, and Hybrid AD deployments. ShadowPlex also provides visibility into M365® email attack surface area. ShadowPlex does not require special privileges or permissions on the domain to generate the attack surface insights and does not affect AD operations.
A credential cache holds credentials (or tickets) on an endpoint so that authenticating to a service or an enterprise asset multiple times doesn’t require repeated contacting the credential store or re-entering the credentials. When adversaries breach the enterprise network, it is rather simple to enumerate cached credentials and select an identity to compromise. ShadowPlex Endpoint Attack Surface Management capability provides in-depth visibility into identity caches.
All sophisticated attacks use pre-analysis tools that can zero in on identities to compromise once they are inside the enterprise and move within the network without being detected. ShadowPlex Attack Paths capability combines identity repository insights and the endpoint attack surface area with vulnerability data and observed exploits to identify attack paths involving exploitable chains of relations.
ShadowPlex provides early detection of identity attacks with precision and speed. ShadowPlex deploys blended and targeted deception in identity repositories and identity caches, to detect identity exploit attempts and lead attacks to decoys.
ShadowPlex AD attack detection uses a combination of decoy users, computers, and SPNs to detect sophisticated attacks against AD. Based on the attack type, ShadowPlex uses an AI module to automatically recommend the deception to deploy. By leveraging the insights gained from identity attack surface visibility, ShadowPlex can craft a set of precise deceptions that address the attack type and blend into the contents of the AD. ShadowPlex provides a pre-built curated palette of non-fingerprintable deceptions designed specifically to detect advanced Active Directory attacks
ShadowPlex also provides management of endpoint attack surface area to reduce the attack surface by removing the cached credentials in various endpoint credential caches, as well as a capability to replace any cached real credentials with deceptions.
ShadowPlex has an extensive palette of identity deceptions to deploy in all endpoint credential caches to detect credential cache exploits and redirect attacks to decoys. This includes
- Privileged User Credentials and Profiles
- Pathways for lateral movement
- Security configurations
- Security configurations
The endpoint identity deceptions are blended and personalized by an AI engine for each endpoint, and the deployment process leaves no fingerprints. The deceptions are customizable and extensible, including customer-specific applications. The deceptions are also automatically refreshed as endpoint configurations change.
Explore our patented technologies to enable Active Defense and Identity Security in your enterprise.