Why do I need
Acalvio Active Defense
Most organizations implement relatively static and denial-based cybersecurity defenses. They deploy controls such as firewalls, anti-virus, and vulnerability management, and start monitoring for events. The problem is that attackers can repeatedly probe for weaknesses in these denial-based defenses, and then apply maximum pressure at the defender’s weak point. In addition, defense evasion measures for many of these security solutions are well-known and public. Determined attackers eventually find a way in – it has become a question of “when” and not “if”.
Active Defense is Complementary to Traditional Cyber Defenses
Traditional cybersecurity defenses monitor all activity against regular assets and alert on suspicious activity – detected based on signatures or anomaly detection using probabilistic machine learning models. This results in a lot of false positives and also misses zero-day exploits.
- Generates a new stream of low volume and high-fidelity alerts, which adds to and extracts value from the alerts raised by other defenses
- Provides another layer of defense based on orthogonal detection methodology, complementary to the traditional cyber defenses
- Detects even zero-day exploits, since deception-based detection does not depend on whether the exploit has been seen before
Acalvio Active Defense Provides Dynamic Deception
Denial-based cybersecurity defenses are relatively same throughout the enterprise and even across enterprises. If an attacker manages to evade a specific defense, this monoculture helps attacker use the same strategy to evade that same defense everywhere else as well.
Active Defense Covers all Enterprise Assets
Attackers also go after applications (for example, Log4Shell is an exploit typically against web applications). Active Defense is a great mechanism to defend from application threats, by providing new deceptive set of application targets for the attacker and by protecting the real applications by embedding deceptions in them.
Recent reports from IDC, KuppingerCole and other technology analysts endorse the importance of cyber deception.
“Deception is no longer a luxury item , but another important security layer in the fight against cyber-attacks”
The Role of Deception Technology in IoT/OT Security
IDC Market Perspective, July 2022
“Deception is an established and growing specialty in cybersecurity”
“By design, distributed deception platforms have a far lower false positive rate than IDS/IPS, SIEMs, and some other tools, which can improve efficiency in SOCs”
Distributed Deception Platforms (DDPs)
KuppingerCole Leadership Compass, Sep 2021
Explore our patented technologies to enable Active Defense in your enterprise.