Acalvio Active Defense
Meeting the Adversary Challenge for US Federal
All federal entities (DoD, Intel Community, and Civilian Agencies) are under continuous attack from the most sophisticated adversaries, including nation state actors. Perimeter defenses have repeatedly failed, and it would be foolhardy to assume that this will ever change. Detection systems have recently garnered more attention, but the passive approach still leaves the entity simply waiting for the inevitable, and unable to respond quickly enough to mitigate the damage.
Active Defense engages with incoming threats to better understand and counter them
- It’s not enough to just detect an attack: It must happen immediately, no matter from what vector, and without spurious false positives and minor alerts that obscure the threat.
- Once detected, Active Defense enables the responders to channel and contain the attack, without the adversary knowing about it.
- Now contained, the attacker’s TTPs can safely be observed and understood, and their identity and motivations revealed. High value assets can be obfuscated from the attacker’s perspective.
- With the full picture in hand, the defenders can decide how, when, and where to respond, as well as improve controls to defeat future attempts to use the same TTPs.
Acalvio is a pioneer in Active Defense strategies, leveraging innovations in Distributed Deception, Artificial Intelligence, and Threat Analysis. Our ShadowPlex solution allows government entities to implement Active Defense at scale, across on-premises and cloud infrastructure.
At the most fundamental level, Acalvio strives to provide four key security controls.
Acalvio’s deception-based detection is superior to alternative approaches such as behavioral analytics because it is both more accurate (few false positives) and more efficient and easier to deploy. By adopting an Active Defense strategy, federal, state, and local governments can establish a scalable resistance to attacks of all types: ransomware, data theft, or service denial. They also can implement control activities consistent with the control objectives in NIST CSF, 800-160, and 800-171/172. With a low-operational footprint and integrations with key security architecture components, ShadowPlex is well-suited to supporting government efforts to detect and defeat all types of attackers, including nation states and criminal enterprises.
Frequently Asked Questions
Deception-Based Preemptive Cybersecurity is a proactive defense strategy that uses deceptive artifacts—such as decoys, honeytokens, and fake credentials—to detect attackers already inside the network. These deception layers operate across endpoints, identity systems, and cloud workloads. Because the decoys have no business value, any interaction is a reliable indicator of malicious activity, enabling early, accurate detection and timely response—before adversaries reach their objectives.
Traditional tools often rely on known signatures or behavior tied to real assets—limiting their effectiveness against unknown threats, insider activity, or credential misuse. Preemptive Cybersecurity adds a new dimension of defense by detecting early-stage attacker activity through interaction with deceptive assets. It provides high-fidelity alerts, improves lateral movement visibility, and reduces dwell time—enabling defenders to act earlier and with greater precision.
Honeytokens are deceptive credentials and data artifacts embedded in legitimate systems, such as OS caches or cloud workloads. Honeytoken accounts are fake user or service accounts. Any interaction with these assets is a high-fidelity indicator of malicious activity—making them essential tools for detecting identity threats like lateral movement and credential misuse.