Logo of Acalvio, a leading company in cyber deception technology

Acalvio ShadowPlex

Autonomous Deception

“Acalvio’s innovations have made deception practical and affordable at scale without sacrificing any of the efficacy.”

Dr Eugene Spafford, Executive Director Emeritus of the
Center for Education and Research in Information Assurance and Security (CERIAS)

Organizations are turning to Active Defense solutions based on advanced deception because they are low-risk to deploy and avoid the false-positive issues of alternative approaches. Acalvio’s offering, ShadowPlex, has been architected to set a new standard for APT, ransomware and malware mitigation in the following dimensions:

Patented Deception Farm Architecture

Acalvio’s key differentiator is our patented Deception Farm architecture. All deception solutions deploy deceptive artifacts that act as tripwires to detect intruders. However, unlike alternatives, ShadowPlex centralizes the process. In the case of decoys (fake hosts or “honeypots”) they are hosted in a single area (on-prem or in the Cloud), and then are strategically “projected” across the enterprise network, where they appear as realistic local assets. Furthermore, we change the complexity of a decoy “on the fly” in response to attacker engagement, another patented Acalvio capability we call Fluid Deception. This unique method of resource efficiency allows ShadowPlex to deliver both high scale and depth of decoy realism.

Autonomous Deception

Another key differentiator is Autonomous Deception: ShadowPlex automates and simplifies the configuration and deployment of deception objects. Combining pre-defined playbooks with an AI-based Recommendation Engine, the system self-generates and places the appropriate deception objects within the environment. This not only reduces the operational effort, but also creates a deception environment that is more credible and maintains credibility over time.
Leveraging over 25 patents, these ShadowPlex differentiators provide several critical benefits:
  • Ease of Use: Because all the decoys are in one place, you don’t have to worry about managing multiple servers all over the network. Deception objects are easy to configure, deploy, and manage, thanks to Autonomous Deception.
  • Scale: You can scale up the number of decoys and their distribution across the enterprise simply by adding compute power in the Deception Farm. Fluid Deception and the sharing of compute resources allows you to minimize the amount of compute, storage, and software licenses required.
  • Effectiveness: Deception objects are automatically customized for each part of the network; decoys and breadcrumbs and baits are autonomously updated to keep them fresh and relevant as network characteristics change.
The ShadowPlex solution offers several other key capabilities:

Rich Palette of Realistic Deception Objects: The solution supports a vast array of deception objects, beginning with decoys that mimic hosts running standard operating systems, including OT and IoT hosts. They also include endpoint lures, breadcrumbs, and baits: fake artifacts including registry entries, credentials, shared drives and many more that either act as tripwires in their own right, or lead the attacker towards the decoys. ShadowPlex supports an extensive set of field-expandable object types and variations, and automates the generation and deployment of these assets so that they blend in with their surroundings.
Active Directory Protection: Three capabilities prevent attacks against Active Directory

  • InSights Evaluates AD objects and identifies risks automatically. Includes object information, summary statistics, and detailed identification of dozens of types of potential security risks within the AD object database
  • Deception Decoys and Breadcrumbs Obfuscates AD infrastructure and exposes attempts to attack it, using fake domain controllers, AD forests, and baits
  • Cached Credential Clean Up Reduces attack surface and diverts attackers from AD
Integrations: Effective security operations depends on integrating security and infrastructure systems to work together. ShadowPlex has extensive out-of-box integrations with solutions, including EDR, SIEM and SOAR, email servers, network management tools and Active Directory.
Incident Response Portal: ShadowPlex gathers intelligence about attack TTPs based on actual observed behavior, which can be used for forensics or threat hunting. The Analyst Portal makes this data available in a simple user interface aligned with the needs of the forensic analyst.
ShadowPlex provides ease of operations and effectiveness at all stages of the deployment lifecycle
ShadowPlex offers rapid time to value for breach detection, response and engagement; proactive Threat Hunting, and more. It can be deployed fully on-premises, in the cloud, or as a service from MSSPs.

Next Steps

Explore our patented technologies to enable Active Defense in your enterprise.