Products
- Products
  
  Platform
  ShadowPlex Advanced Threat Defense
  Deception for early detection of cyber threats with precision and speed
  
  ShadowPlex Identity Protection
  Visibility of identity attack surface and comprehensive detection of identity threats
  Acalvio Active Defense Platform
  Comprehensive and Award-winning Distributed Deception Platform
  
  What is Active Defense?
  Active defense detects and diverts attacks.
  
  Why do I need Acalvio Active Defense?
  Active Defense deceives and disrupts attackers.
Solutions
- Technology Solutions
  
  Industry Solutions
  Early Threat Detection
  Detect cyber threats early in the attack lifecycle to prevent adversary breakout
  
  Identity Threat Detection & Response
  Detect identity threats with precision and protect the identity architecture
  
  OT Security
  Protect OT environments from cyber threats with an easy-to-deploy and non-intrusive solution
  
  Red Teaming
  Strengthen defenses to detect red team activities
  
  Threat Hunting
  Active threat hunting to confirm latent threats and gain visibility to attacker TTPs
  
  Ransomware
  AI-driven deception to protect against known and zero-day ransomware variants
  
  Honeytokens for CrowdStrike
  Enterprise-scale honeytokens to protect against current and evolving identity threats
  
  Active Directory Protection
  Visibility to AD attack surface and detection of AD attacks
  
  Zero Trust
  Advance Zero Trust maturity through improved cyber visibility
  
  Insider Threats
  Unmask hidden dangers. Cyber deception for high-fidelity insider threat detection
  Public Sector
  Targeted solution for protecting Federal agencies in conformation with NIST and CISA recommendations
  
  Financial Services
  Transform Financial Cybersecurity with Innovative Cyber Deception and Active Defense
  
  Healthcare
  Active defense solutions thwart healthcare attacks before they can inflict real damage.
Resources
Partners
Company

The Solarwinds Attack – Don’t Trust; Always Verify

by Team Acalvio | January 11, 2021

What’s the biggest lesson from the SolarWinds fiasco?

That just focusing security defenses on the most common means of penetrating an organization doesn’t cut it. Sure, you should guard against phishing, fortify your DMZ and Internet-facing applications, train your staff, and so on. That will at least give you a credible response if you get hacked and you’re asked what you were doing to prevent it (which I admit is nothing to sneeze at!). However as we’ve seen, that won’t keep you safe.

The software supply chain risk

Few organizations take software supply chain risk seriously. It’s very common for software packages to “call home” to the vendor for diagnostics, code and data file updates, etc. How many customers, or even the vendors themselves, have any way to monitor this threat vector, or to model the application for behavior changes that indicate compromise? Virtually none. Try asking your vendors “How can you demonstrate to me that your update channel isn’t compromised?“, and watch them squirm. And this doesn’t even address the problem at SolarWinds, which was the insertion of rogue code into the development process. While timely patching is a security best practice, how does one know that the patch itself isn’t compromised? Finally, given the prevalence of open source, and the push for rapid development and software innovation, can anyone seriously believe that the risk from software supply chain compromise will be “solved” anytime soon?

Supply chain attacks such as the Solarwinds incident work because they exploit trust relationships. Most security controls depend on whitelisting of the “known good”, including files, folders, processes, systems, users and groups, domains, IP addresses, and behavior. Typically, security solutions rely on reputation and past behavior patterns to give a free pass to “trusted entities”.

What is needed is a more flexible layer of defense, one built with the attacker’s mindset in mind, not the defenders. These defenses should not rely on signatures, black/white lists, behavior analysis or reputation for threat detection. And what’s the fastest way to implement this type of defense? By implementing a modern, automated Deception solution such as Acalvio ShadowPlex. By automatically overlaying a comprehensive and customized deception fabric over the network, ShadowPlex lies in wait for a threat actor to begin their recon and lateral movement activity.

It doesn’t matter how they got in: spear-phishing, vulnerability exploit, or compromised software – it’s all fair game for ShadowPlex. In all such cases, it’s ready to detect, characterize, and if desired engage your adversary, without a lot of operational overhead or false positives. Will you sleep more soundly knowing ShadowPlex is on the job?

We’d like to think so!