Acalvio ShadowPlex Security & Identity Posture Management (SIPM) gives Enterprises unprecedent visibility to the attack surfaces on their endpoints, AD and network. ShadowPlex SIPM also helps Enterprises manage their enterprise security posture as seen by an attacker who is already inside the network perimeter. Security breaches are increasing every year and supply chain attacks have become dominant. Use of stolen credentials is increasingly the main attack vector. Advanced Threats leverage credential caches and credential stores to establish persistence, elevate privileges, and move laterally. ShadowPlex SIPM evaluates the identity posture of the network and endpoints and provides the ability to manage and obfuscate the identities which attacks are likely to compromise.
Active Directory Insights
Active Directory (AD) is at the core of most enterprise infrastructures, and it holds valuable and critical information about user identities, network assets, applications, services, policies, and authentication data. However, given the legacy architecture principles that AD was built upon decades ago, completely securing this crown jewel with today’s diverse technology and infrastructure complexity has been a challenge for most organizations. This challenge is compounded by the rapid and sophisticated evolution of the threat landscape.
ShadowPlex AD InSights provides security and IT administrators continuous visibility into potential security risk exposure introduced by factors such as unprotected administrator accounts, shadow administrators, over-permissioned accounts, kerberoastable accounts, unmanaged SPNs, and service accounts, among other misconfigurations. ShadowPlex generates these extensive insights spanning user and computer accounts, groups, GPOs, ACLs, domains, forests and trust relationships, and other AD artifacts. The AD InSights engine is powered by AI Threat Models that use data from real and evolving attacks against the Active Directory.
ShadowPlex AD Insights also covers Azure AD and provides attack surface visibility into Applications, Storage Accounts, Database Servers, and Virtual Machines. ShadowPlex does not require special privileges or permissions on the domain to generate the attack surface insights and does not affect AD operations.
Network Asset Insights
Discovers network assets and automatically clusters them across multiple dimensions. The outliers are highlighted for evaluation
Continuous Discovery – tracks and evaluates new assets joining the network and provides unique visibility into dynamic network assets
Endpoint Insights
Endpoint Attack Surface Management
- Discovers and surfaces OS and Applications credentials and connections on endpoints that attackers leverage for privilege escalation and lateral movement
- Optionally, deletes the cached credentials and connections or replaces them with deception
Endpoint Security Posture
- Discovers and surfaces endpoint misconfigurations and potential attack vectors
Attack Paths
All sophisticated attacks use pre-analysis tools that can zero in on identities to compromise once they are inside the enterprise and move within the network without being detected. The misconfigurations in identity repositories combined with the unknown and unattended identity caches lying around on the network provide ideal lateral movement paths for the attacks. Adversaries know exactly how to use these to their advantage, and traditional detection systems would be none the wiser as all of these seem like perfectly legitimate traffic on the network.
ShadowPlex Attack Paths capability combines identity repository insights and the endpoint attack surface area with other inputs to identify attack paths involving exploitable chains of relations.
This powerful capability has multiple applications, such as:
- Which users have access to a key enterprise asset?
- Are there any exploitable paths from a member of a group (guests, contractors, interns, etc.) to any key enterprise assets?
- Attack paths from one network segment to another, such as attack paths from IT to OT network
- Blast radius analysis – list of exploitable assets and attack paths from a compromised identity
- What-if analysis – perform scenario analysis prior to making network modifications or policy changes
In addition, ShadowPlex Attack Paths also provides Ranked Attack Surface Analytics. It is common to find repositories such as Active Directory with hundreds and thousands of identity and asset misconfigurations. Mitigating and fixing these misconfigurations may be a time-consuming task for the security and IT teams. Acalvio provides a Ranked Attack Surface view by scoring the attack surface based on pathways to key assets and providing the defense teams a prioritized list of remediations based on impact.
Customer Benefits
Visibility into Attack Surface inside the enterprise network
Enables SOC to eliminate the lateral movement avenues
Reduced Identity Attack Surface on the endpoints
Reduces the ability for privilege escalation
Minimal IT Overhead
All capabilities are driven autonomously with minimal IT resource requirements
Next Steps
Explore our patented technologies to enable Active Defense and Identity Protection in your enterprise.