HoneyToken - Acalvio

Products
- Products
  
  Platform
  ShadowPlex Advanced Threat Defense
  Deception for early detection of cyber threats with precision and speed
  
  ShadowPlex Identity Protection
  Visibility, management and protection of identity stores and attack paths
  Acalvio Active Defense Platform
  Comprehensive and Award-winning Distributed Deception Platform
  
  What is Active Defense?
  Active defense detects and diverts attacks.
  
  Why do I need Acalvio Active Defense?
  Active Defense deceives and disrupts attackers.
Solutions
- Technology Solutions
  
  Industry Solutions
  Breach Detection
  Active Defense for breach detection and response, both in on-premises and cloud workloads
  
  Identity Threat Detection & Response
  Visibility into Identity attack surface and effective detect & respond solution for identity attacks
  
  OT / ICS Security
  Passive and low-risk agentless solution that is easy to deploy
  
  Active Directory Protection
  Visibility into AD attack surfaces and detection of AD Attacks
  
  Threat Hunting
  Active threat hunting, based on targeted deception, to confirm hunting hypothesis
  
  Ransomware
  AI-Driven Advanced Deception Technology to combat even zero-day Ransomware
  
  Honeytokens for CrowdStrike
  Honeytokens are deceptive credentials and data that are embedded in legitimate assets
  Public Sector
  Targeted solution for protecting Federal agencies in conformation with NIST and CISA recommendations
Resources
Partners
- Strategic Partners
- Technology Partners
Company

What is a HoneyToken?

A “honeytoken” (or “honey token”) is a cybersecurity concept that involves using a piece of fake or deliberately misleading information to detect unauthorized access or monitor malicious activity.

Unlike honey pots or honey accounts, which simulate entire systems or accounts, honeytokens are typically discrete pieces of data that are placed within a system or network but are not supposed to be accessed or used by legitimate users. For example, a honeytoken could be a fake username and password, a specific file with an enticing name, a URL, or an email address that doesn’t correspond to an actual user. If any of these honeytokens are accessed or used, it’s a clear sign that unauthorized activity is occurring.

Honeytokens can be extremely valuable in identifying breaches or unauthorized access because they are rarely used by legitimate users. Therefore, any activity involving a honeytoken is highly likely to be malicious in nature. Monitoring honeytoken activity can provide insights into the methods and techniques used by attackers, as well as help organizations respond more quickly to security incidents.

How does Acalvio use HoneyTokens for identity security?

Acalvio provides an enterprise-scale implementation of Honey Accounts and HoneyTokens with automated life cycle management.

Acalvio Honey Accounts are deceptive accounts (representing human and service accounts) created in the Active Directory (AD) that are specifically designed to lure attackers and deflect them away from real identities.

HoneyTokens are deceptive credentials and data that are embedded in legitimate assets such as endpoints and cloud workloads. Any usage or manipulation of these deception artifacts is a very reliable indicator of an identity threat.

Acalvio recommends the count and types of Honey Accounts that can be registered on CrowdStrike. Acalvio also deploys HoneyTokens on endpoints. CrowdStrike monitors the activity on Honey Accounts and effectively blocks the identity threat based on that information.

Available on the CrowdStrike Store, the solution empowers customers to use Acalvio’s HoneyTokens and Honey Accounts seamlessly to detect identity threats.