Logo of Acalvio, a leading company in cyber deception technology

Acalvio ShadowPlex Threat Hunting provides a unique set of threat investigation capabilities that leverage cyber deception to improve Security Operations Center (SOC) efficiency. Rapid threat investigation requires narrowing the set of assets that are likely to have been compromised, quick analysis of the collected attack artifacts and automated threat hunting. ShadowPlex Threat Hunting provides capabilities in each of these three areas, besides also providing unified global visibility and situational awareness into attack progression.

ShadowPlex Threat Hunting Capabilities

Adversary Traversal

  • Uses data from the enterprise data lake to trace the path of the attack through the enterprise network

Active Threat Hunting

Similarity Analysis

  • Leverages data from known compromised machines to determine the list of similar exploitable assets

Link Analysis

  • Links events from various security products and highlights relationships across various observations

Targeted Endpoint Forensics

 

 

Analysis of Attack Artifacts

  • Machine learning based PowerShell script and log analysis, providing capability and attribution
  • Memory snapshot analysis for memory-resident malware

Active Threat Hunting

Threat Hunting activities are mandatory to reduce risk and to meet the requirements of recommendations such as the NIST CyberSecurity Framework. The challenge is to execute these activities with limited staff and budget. Advanced Deception solutions are very well suited to meeting this challenge: You simply configure and deploy deception assets such that attackers who satisfy your hunting hypothesis will be attracted to them.

Adversary Traversal

  • AI-driven automated analysis leverages a known security incident and uses data from the enterprise data lake to trace the path of the attack through the enterprise network
  • Narrows down the set of potential compromised assets and enables rapid investigation

Similarity Analysis

  • Innovative AI-driven automated analysis leverages data collected from known compromised machines to determine the list of similar exploitable enterprise assets
  • Extracts additional value from existing enterprise data lakes

Endpoint Forensics

  • Deep and comprehensive forensics collected on any compromised enterprise endpoint
  • AI-Driven analysis to determine attack TTPs
  • Increases SOC efficiency by making compromised endpoint analysis faster and easier

Many Advanced Analytics

Automated Forensic Evidence Analysis

  • PowerShell Logs
  • PowerShell Scripts
  • Memory dumps
  • Event Logs

Link Analysis

  • Links various security events for holistic view
  • Highlights relationships across various observations
    • Deceptions Events
    • Enterprise Endpoints Events
  • Shows Attack progression
  • Provides context for nodes
  • Provides situational awareness
  • Shows asset activity heat map
Process of threat hunting using advanced deception solutions Adversary traversal in threat hunting using AI-driven automated analysis to leverage data Similarity analysis in threat hunting Forensic data is collected from compromised enterprise endpoint in threat hunting Automated Forensic Evidence Analysis Process of link analysis in cyber threat hunting

Active Threat Hunting

Acalvio ShadowPlex blast radius analysis

Threat Hunting activities are mandatory to reduce risk and to meet the requirements of recommendations such as the NIST CyberSecurity Framework. The challenge is to execute these activities with limited staff and budget. Advanced Deception solutions are very well suited to meeting this challenge: You simply configure and deploy deception assets such that attackers who satisfy your hunting hypothesis will be attracted to them.

Adversary Traversal

ShadowPlex traces the path of the attack through the enterprise network
  • AI-driven automated analysis leverages a known security incident and uses data from the enterprise data lake to trace the path of the attack through the enterprise network
  • Narrows down the set of potential compromised assets and enables rapid investigation

Similarity Analysis

Acalvio ShadowPlex similarity analysis for threat hunting
  • Innovative AI-driven automated analysis leverages data collected from known compromised machines to determine the list of similar exploitable enterprise assets
  • Extracts additional value from existing enterprise data lakes

Endpoint Forensics

Acalvio ShadowPlex lateral movement pathways analysis for threat hunting
  • Deep and comprehensive forensics collected on any compromised enterprise endpoint
  • AI-Driven analysis to determine attack TTPs
  • Increases SOC efficiency by making compromised endpoint analysis faster and easier

Many Advanced Analytics

Acalvio ShadowPlex summary information about the process

Automated Forensic Evidence Analysis

  • PowerShell Logs
  • PowerShell Scripts
  • Memory dumps
  • Event Logs

Link Analysis

Acalvio ShadowPlex link analysis for active threat hunting
  • Links various security events for holistic view
  • Highlights relationships across various observations
    • - Deceptions Events
    • - Enterprise Endpoints Events
  • Shows Attack progression
  • Provides context for nodes
  • Provides situational awareness
  • Shows asset activity heat map

Related Resources

CISO’s Guide to The Modern Threat Hunting

White Papers

CISO’s Guide to The Modern Threat Hunting

Read More
Threat Hunting the Modern Way

Ebook

Definitive Guide to Cyber Deception 2.0

Read More

Next Steps

Explore our patented technologies to enable Active Defense and Identity Protection in your enterprise.

Loading...