Products
- Products
  
  Platform
  ShadowPlex Advanced Threat Defense
  Deception for early detection of cyber threats with precision and speed
  
  ShadowPlex Identity Protection
  Visibility, management and protection of identity stores and attack paths
  Acalvio Active Defense Platform
  Comprehensive and Award-winning Distributed Deception Platform
  
  What is Active Defense?
  Active defense detects and diverts attacks.
  
  Why do I need Acalvio Active Defense?
  Active Defense deceives and disrupts attackers.
Solutions
- Technology Solutions
  
  Industry Solutions
  Breach Detection
  Active Defense for breach detection and response, both in on-premises and cloud workloads
  
  Identity Threat Detection & Response
  Visibility into Identity attack surface and effective detect & respond solution for identity attacks
  
  OT / ICS Security
  Passive and low-risk agentless solution that is easy to deploy
  
  Active Directory Protection
  Visibility into AD attack surfaces and detection of AD Attacks
  
  Threat Hunting
  Active threat hunting, based on targeted deception, to confirm hunting hypothesis
  
  Ransomware
  AI-Driven Advanced Deception Technology to combat even zero-day Ransomware
  
  Honeytokens for CrowdStrike
  Honeytokens are deceptive credentials and data that are embedded in legitimate assets
  Public Sector
  Targeted solution for protecting Federal agencies in conformation with NIST and CISA recommendations
  
  Healthcare
  Active defense solutions thwart healthcare attacks before they can inflict real damage.
Resources
Partners
- Strategic Partners
- Technology Partners
Company

DECEPTION: YOU KEEP USING THAT WORD…

by Team Acalvio | March 20, 2022

I DO NOT THINK IT MEANS WHAT YOU THINK IT MEANS

If you recognize the quote in the title of this blog entry, then you also know one of my favorite movies of all time is Princess Bride.

If you didn’t recognize it, here’s a relevant reminder: https://www.youtube.com/watch?v=dTRKCXC0JFg

Let’s play a little word association. I say “Deception”, you say…..?

Usually the first word I hear in response to that is “Honeypots!!”.

Well, not quite. Deception is more than honeypots and if you’re trying to decipher all the marketing buzz I hope this discussion can help.

Deception solutions are designed to address the entire enterprise. So, let’s discuss what that means and how this is different from traditional honeypots.

Deception Objects

In order for a solution to truly be an Enterprise Deception Solution, it must incorporate three components: Decoys, Breadcrumbs and Baits.

Decoys: Decoys are IP addressable false targets that can represent anything in the organization’s environment. This is where the traditional “honeypot” comes to mind except with Deception Solutions they should support various “Interaction Levels” as well as be able to represent anything that can hold an IP Address (workstations, servers, network infrastructure, IoT, Industrial Control Systems, VOIP, etc.).

Breadcrumbs: Breadcrumbs are false information planted on your legitimate systems and are designed to lead the adversary away from legitimate targets and to the decoys that are present.

Baits: Baits are Deception Objects planted on your legitimate systems that when interacted with, will generate an alert (notify you that document has been opened, notify you the file has been encrypted indicating possible Ransomware activity, etc.).

An Enterprise Deception solution should autonomously manage and coordinate all these objects in concert with your organization’s infrastructure making it near impossible for the adversary to discern real from “The Matrix” world.

Scale

Implementing honeypots of old was cumbersome, costly and manually intensive. Enterprise Deception solutions should be designed to utilize intelligent analysis, automated discovery and self-generating recommendations to build out deception objects with little to no human interaction. Additionally, effective deception needs to be done en masse. Organizations may need hundreds, thousands of decoys, baits and associated breadcrumbs across all types of subnets (end-user, DMZ, server farms, VOIP, Administrative). “Fewest Number of Mouse Clicks” should be the general rule to getting this done.

Cost

Enterprise Deception also had to solve the cost factor. Honeypots of old required manual setup, hardware or virtualization requirements equivalent to running the real thing, OS and Application licensing, and on top of that…required instrumentation and filtering to capture and record attacker activity while whitelisting benign activity. And that was just to setup one honeypot!

Enterprise Deception Solutions should address each of those areas:

It should be able to minimize or eliminate hardware requirements.
It should be able to take advantage of the virtualization stack without requiring heavy compute resources.
It should not require additional FTEs either to implement the solution or perform on-going maintenance activities.
It should not require additional FTEs to support triage and analysis of generated alerts.
It should be able to scale vast numbers of decoys without requiring additional OS and Application licenses.
It should be able to scale vast numbers of decoys without requiring linear scaling of additional solution components.

So the next time you hear someone say “Deception Solutions are just Honeypots”, quote Inigo Montoya and use these talking points to start a discussion.

John