Content

Acalvio Technologies ShadowPlex 3.3

Acalvio Technology’s ShadowPlex aims to detect advanced attackers with precision and speed. It addresses the limitations of hard-to-install, difficult-to-maintain solutions otherwise not suited for enterprise-scale environments and allows organizations to deploy enterprise-wide deception solutions for accurate, timely and cost-effective detection.

The company includes a rich palette of deception including decoys, breadcrumbs, baits and lures that attract and maintain the interest of attackers.

ShadowPlex responds with a high-fidelity alerts feed, automated workflows and rich and actionable forensics; uses breach detection; and engages with attackers to understand their adversaries and TTPs for timely and accurate responses. AI algorithms based on network discovery and set-forth playbooks autonomously and intelligently create “appropriate” deceptions for an environment.

Decoys are automatically project onto subnets. Sensors build bridges to servers, where all decoys are born. The decoys are then projected into an environment where the sensor collects IP addresses from decoysso they look as though they are from the environment from which they were deployed. The ability to project decoys from afar is a huge advantage because organizations can then manipulate the decoys, making them come and go, and distribute deception across multi-cloud environments and on-premises. Security teams can programmatically change decoy counts and façades at will without doing harm to the production system. Because the decoys do not require the use of agents and cannot be used as launching pads, ShadowPlex offers excellent containment.  

With Fluid Deception, decoy instances are hidden until attacked. An instance is created in 100ms. The VM is woken up in real-time, and the RDP client launches seamlessly. The methodology in conjunction with just-in-time capability reduce resource usage.

Playbooks separate the design and operation of deception with the goal of designing the deception once but deploying it many times. They set the path by creating sites, approving sensors and configuring of VLANs on trunk ports. Deceptions are rolled out with imported or customized playbooks. Data and scope are associated and playbooks are approved and deployed at scale.

Breadcrumbs can be deployed on any host using a single deployment script. Personalized breadcrumbs can be deployed per host and on multiple levels. And attackers cannot obtain the fingerprints.

Custom decoys piqued our interest for a number of reasons. Decoys can also be registered with Active Directory to become part of the Active Directory Domain. A Heartbleed vulnerability can be exposed to make custom decoys more attractive. This ‘Expose Heartbleed’ can make the attack continue their interaction by pointing them to another decoy within the data.

The vendor has incorporated deception-based security for the hybrid cloud with centralized administration and focused on minimizing IT overheads with open, automated and real-time security and visibility.

ShadowPlex offers complete deception at scale, symbiotically combining decoys and breadcrumbs to achieve maximum effectiveness while manipulating attackers into revealing their capabilities for evaluation. ShadowPlex comes MSSP ready. Starting prices is $1,000 per month and is based on the number of IPs protected.

Tested by: Matthew Hreben  

Product title
Acalvio Technologies ShadowPlex 3.3
Product info
Vendor: Acalvio Technologies, Inc. Contact: https://www.acalvio.com/ Price: Starting prices is $1,000 per month and is based on the number of IPs protected.
Strength
A rich palette of deception tools including decoys, breadcrumbs, baits and lures encompass this solution.
Weakness
None that we found.
Verdict
Acalvio Technology’s ShadowPlex aims to detect advanced attackers with precision and speed while addressing the limitations of hard-to-install, difficult-to-maintain solutions otherwise not suited for enterprise-scale environments for accurate, timely and cost-effective detection.

Related

DevSecOps Scanning Challenges & Tips

There are many ways to do DevSecOps, and each organization — each security team, even — uses a different approach. Questions such as how many environments you have and the frequency of deployment of those environments are important in understanding how to integrate a security scanner into your DevSecOps machinery. The ultimate goal is speed […]
It Should Be ‘Cybersecurity Culture Month’

It’s Cybersecurity Awareness Month, but security awareness is about much more than just dedicating a month to a few activities. Security awareness is a journey, requiring motivation along the way. And culture. Especially culture.That’s the point Proofpoint Cybersecurity Evangelist Brian Reed drove home in a recent appearance on Business Security Weekly.“If your security awareness program […]

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds