Acalvio Active Defense – Meeting the Adversary Challenge for US Federal
All federal entities (DoD, Intel Community, and Civilian Agencies) are under continuous attack from the most sophisticated adversaries, including nation state actors. Perimeter defenses have repeatedly failed, and it would be foolhardy to assume that this will ever change. Detection systems have recently garnered more attention, but the passive approach still leaves the entity simply waiting for the inevitable, and unable to respond quickly enough to mitigate the damage.
Federal and Industry organizations have recognized the efficacy of Active Defense based on Cyber Deception as the threats become increasingly sophisticated. CISA is urging immediate deployment of Cyber Deception for Network Security in the latest “2022-2026 Strategic Technology Roadmap, Version 4”. NSA has published a detailed report on the effectiveness of cyber deception based on large red-team studies in the “The Next Wave” Vol 23, 2021.
Active Defense is “The employment of limited offensive action and counterattacks to deny a contested area or position to the enemy.” US DoD
When using Active Defense, organizations engage with incoming threats to better understand and counter them, rather than operating static security controls and hoping for the best. In practice, Active Defense requires a process that includes four ingredients:
- High-fidelity detection: It’s not enough to just detect an attack: It must happen immediately, no matter from what vector, and without spurious false positives and minor alerts that obscure the threat.
- Engagement: Once detected, Active Defense enables the responders to channel and contain the attack, without the adversary knowing about it.
- Analysis: Now contained, the attacker’s TTPs can safely be observed and understood, and their identity and motivations revealed. High value assets can be obfuscated from the attacker’s perspective.
- Response: With the full picture in hand, the defenders can decide how, when, and where to respond, as well as improve controls to defeat future attempts to use the same TTPs.
MITRE has come up with MITRE Engage, an Active Defense framework for adversary engagement operations to secure network interior based on deception.
Acalvio is a pioneer in Active Defense strategies, leveraging innovations in Distributed Deception, Artificial Intelligence, and Threat Analysis. Our ShadowPlex solution allows government entities to implement Active Defense at scale, across on-premises and cloud infrastructure.
At the most fundamental level, Acalvio strives to provide four key security controls
Acalvio’s deception-based detection is superior to alternative approaches such as behavioral analytics because it is both more accurate (few false positives) and more efficient and easier to deploy. By adopting an Active Defense strategy, federal, state, and local governments can establish a scalable resistance to attacks of all types: ransomware, data theft, or service denial. They also can implement control activities consistent with the control objectives in NIST CSF, 800-160, and 800-171/172. With a low-operational footprint and integrations with key security architecture components, ShadowPlex is well-suited to supporting government efforts to detect and defeat all types of attackers, including nation states and criminal enterprises.