Acalvio ShadowPlex

Organizations are turning to Active Defense solutions based on advanced deception because they are low-risk to deploy and avoid the false-positive issues of alternative approaches. Acalvio’s offering, ShadowPlex, has been architected to set a new standard for APT, ransomware and malware mitigation in the following dimensions:

Acalvio’s key differentiator is our patented Deception Farm architecture. All deception solutions deploy deceptive artifacts that act as tripwires to detect intruders. However, unlike alternatives, ShadowPlex centralizes the process. In the case of decoys (fake hosts or “honeypots”) they are hosted in a single area (on-prem or in the Cloud), and then are strategically “projected” across the enterprise network, where they appear as realistic local assets. Furthermore, we change the complexity of a decoy “on the fly” in response to attacker engagement, another patented Acalvio capability we call Fluid Deception. This unique method of resource efficiency allows ShadowPlex to deliver both high scale and depth of decoy realism.

Another key differentiator is Autonomous Deception: ShadowPlex automates and simplifies the configuration and deployment of deception objects. Combining pre-defined playbooks with an AI-based Recommendation Engine, the system self-generates and places the appropriate deception objects within the environment. This not only reduces the operational effort, but also creates a deception environment that is more credible and maintains credibility over time.

Leveraging over 25 patents, these ShadowPlex differentiators provide several critical benefits:

The ShadowPlex solution offers several other key capabilities:

Rich Palette of Realistic Deception Objects: The solution supports a vast array of deception objects, beginning with decoys that mimic hosts running standard operating systems, including OT and IoT hosts. They also include endpoint lures, breadcrumbs, and baits: fake artifacts including registry entries, credentials, shared drives and many more that either act as tripwires in their own right, or lead the attacker towards the decoys. ShadowPlex supports an extensive set of field-expandable object types and variations, and automates the generation and deployment of these assets so that they blend in with their surroundings.

Active Directory Protection: Three capabilities prevent attacks against Active Directory

• InSights Evaluates AD objects and identifies risks automatically. Includes object information, summary statistics, and detailed identification of dozens of types of potential security risks within the AD object database
• Deception Decoys and Breadcrumbs Obfuscates AD infrastructure and exposes attempts to attack it, using fake domain controllers, AD forests, and baits
• Cached Credential Clean Up Reduces attack surface and diverts attackers from AD

Integrations: Effective security operations depends on integrating security and infrastructure systems to work together. ShadowPlex has extensive out-of-box integrations with solutions, including EDR, SIEM and SOAR, email servers, network management tools and Active Directory.

Incident Response Portal: ShadowPlex gathers intelligence about attack TTPs based on actual observed behavior, which can be used for forensics or threat hunting. The Analyst Portal makes this data available in a simple user interface aligned with the needs of the forensic analyst.