While war and its many connotations have changed over the years, the principle still holds— adversaries present seemingly bona fide realities to confuse and misinform the opponent into making a mistake, and inevitably expose his weakness. Today the battlefield is cyberspace and the war, is over data, intellectual property and information assets; information that we take for granted, now is a kingdom worth defending. If anything, cyberattacks in the last decade have shown the relevance of Tzu’s tactics. Autonomous deception leads the way for a more agile way of detecting, engaging and responding to malicious activity within a network, the very forte of Acalvio.
“In computer security, the enterprise is dealing with an asymmetric war, one where the defendant needs to be right all the time while the attackers need only be once, with no penalties for retrying,” says Nat D. Natraj, Co-founder and President of Acalvio. The company seeks to even the odds, or better still, invert it all together so that even an iota of error on the wrong actor’s part would lead to their discovery in the system. They do so by creating deceptive systems, with assets that look as real as the real deal, undetected by the enemy. The moment that the adversary touches the decoy, the Deception Fabric instantly knows of a potential breach. Acalvio creates a fake network with specific vulnerable points as bait and thus confuse, delay and then catch the attacker red-handed.
Nowadays the risk is high with trends like BYOD, IoT and SaaS, the traditional notion of a well-defined, and a clearly-marked perimeter no longer apply. Our perimeter is porous not due to negligence but by design. Our perimeter defenses (firewalls, endpoint security) are working just fine, it is just that our business imperatives have encompassed BYOD, IoT and SaaS, thus necessitating an advanced defense mechanism. Threats have to be detected with very high precision (low false positives) and in a timely manner, which is where the deception comes into play.
In computer security, the enterprise is dealing with an asymmetric war, one where the defendant needs to be right all the time while the attackers need only be once, with no penalties for retrying
Acalvio can do this at Enterprise scale and even IoT Scale, from the cloud and for the cloud. By scanning the network of an enterprise, or by consuming vulnerability manager data, Acalvio can develop an asset topology and it’s AI engine can generate (realistic looking) fake assets and subsequently automate the deployments of decoys at Enterprise Scale. The decoys can be deployed from an on-premise appliance or from the cloud to protect on-premises or cloud assets. The solution can do cloud to cloud decoys, on-premise to cloud decoys, cloud to on-premise or on-premise to on-premise, Acalvio are very flexible in that respect. ShadowPlex provides dashboards that can be used by IR/SOC personnel. In addition, ShadowPlex provides APIs so that its Deception capabilities can be integrated with 3rd party IR, SOC, SIEM, Service Management solutions.
The company will be increasing their channels of capabilities around the market adding new and different kind of decoys of different types of verticals like the retail industry and healthcare. They see huge growth in the cloud, and as more people move to the cloud. The rising tide of attacks may mean that companies stay ever vigilant on the back foot, but with Acalvio, the attackers would no sooner be caught with their paw in the jar.