Logo of Acalvio, a leading company in cyber deception technology

Most organizations implement relatively static and denial-based cybersecurity defenses. They deploy controls such as firewalls, anti-virus, and vulnerability management, and start monitoring for events. The problem is that attackers can repeatedly probe for weaknesses in these denial-based defenses, and then apply maximum pressure at the defender’s weak point. In addition, defense evasion measures for many of these security solutions are well-known and public. Determined attackers eventually find a way in – it has become a question of “when” and not “if”.

Active Defense built using Cyber Deception technologies uniquely introduces new decoys (fake assets) into the enterprise network. The decoys are not part of the normal business processes, and any attacker interaction results in a high-fidelity alert. In addition to detection, Active Defense also disrupts attacks by confusing and diverting attacks away from enterprise assets and engaging using decoy assets.

AI-Powered Deception

Acalvio operationalized enterprise-scale deception by integrating AI into every step of the deployment and management of deception. Acalvio pioneered innovative use of AI in security – use of pattern recognition and clustering algorithms to automatically detect each network neighborhood, recommendation engines for configuring deception appropriate to each subnet and each endpoint, automatically triaging multiple alerts to generate only high-fidelity events and analyzing attacker activity to generate TTPs (tactics, techniques and procedures). Acalvio also patented multiple AI techniques to speed up SOC investigation.

Recently Acalvio introduced Copilot, our LLM powered AI engine for decoy naming and content that is industry-specific and contextually relevant.

FEATURE: AI Patent # Status

Active Defense is Complementary to Traditional
Cyber Defenses

Traditional cybersecurity defenses monitor all activity against regular assets and alert on suspicious activity – detected based on signatures or anomaly detection using probabilistic machine learning models. This results in a lot of false positives and also misses zero-day exploits.

Active defense is complementary to traditional cyber defenses
Active Defense deploys a pervasive layer of deception across the enterprise network, endpoints and identity stores. Detection is based on activity against deception and does not depend on signatures or anomaly detection. This provides several benefits:

  1. Generates a new stream of low volume and high-fidelity alerts, which adds to and extracts value from the alerts raised by other defenses
  2. Provides another layer of defense based on orthogonal detection methodology, complementary to the traditional cyber defenses
  3. Detects even zero-day exploits, since deception-based detection does not depend on whether the exploit has been seen before

Acalvio Active Defense Provides Dynamic Deception

Denial-based cybersecurity defenses are relatively same throughout the enterprise and even across enterprises. If an attacker manages to evade a specific defense, this monoculture helps attacker use the same strategy to evade that same defense everywhere else as well.

Acalvio Active Defense uses Artificial Intelligence to deploy relevant and blended deception, automatically customized to every endpoint and every subnet, even within the same enterprise. The deception is also automatically updated and kept fresh to match any changes in the network neighborhood. Even if an attacker identifies a deceptive asset, it does not provide any insight into the other deceptive assets anywhere else including in the same neighborhood, which makes deception-based cybersecurity very effective.

Dynamic cyber deception
Cyber deception covers all enterprise assets

Active Defense Covers all Enterprise Assets

Active Defense covers all enterprise assets. ShadowPlex ships with 150+ built-in deception types and, more importantly, includes a framework to easily add additional deception types. The agentless architecture of Acalvio Active Defense Platform can protect all assets where EDR agents cannot be deployed and networks where NDR solutions cannot sit inline. Active Defense works extremely well for protecting OT / ICS networks as it is a low-risk solution that does not need any agents and does not impact the enterprise assets in any way.

Attackers also go after applications (for example, Log4Shell is an exploit typically against web applications). Active Defense is a great mechanism to defend from application threats, by providing new deceptive set of application targets for the attacker and by protecting the real applications by embedding deceptions in them.

Identity Security

Identity is always of interest to attackers, as demonstrated through the APT 29/SolarWinds exploits. Current Detect and Respond security solutions do not have built in awareness of Identity threats. Active Defense is a great security mechanism to detect identity compromise. ShadowPlex provides visibility into attack targets in identity repositories and endpoint identity caches and uses deception to detect and respond to identity compromises.

Active defense technology for identity security

Analyst Recommendations

Recent reports from IDC, KuppingerCole and other technology analysts endorse the importance of cyber deception.

“Deception is no longer a luxury item , but another important security layer in the fight against cyber-attacks”

The Role of Deception Technology in IoT/OT Security

IDC Market Perspective, July 2022

“Deception is an established and growing specialty in cybersecurity”

“By design, distributed deception platforms have a far lower false positive rate than IDS/IPS, SIEMs, and some other tools, which can improve efficiency in SOCs”

Distributed Deception Platforms (DDPs)

KuppingerCole Leadership Compass, Sep 2021

Next Steps

Explore our patented technologies to enable Active Defense and Identity Protection in your enterprise.