Content

Acalvio Technologies, Inc. ShadowPlex v5.2

Acalvio ShadowPlex offers sophisticated investigation features that cover the full attack kill chain, protect against advanced living-off-the-land and zero-day variants, and detect all 12 MITRE tactics. (Source: Acalvio Technologies, Inc.)

Vendor: Acalvio Technologies, Inc.

Price: $25,000

Contact: www.acalvio.com

Quick Read  

What it does: Acalvio ShadowPlex injects deception into enterprise networks and cloud workload environments, leveraging artificial intelligence to detect attacks that breach the security perimeter and mitigate them effectively.

What we liked: We thought this was an innovative, autonomous deception product with sophisticated investigation capabilities that cover the full attack kill chain, protect against advanced living-off-the-land and zero-day variants, and detect all 12 MITRE tactics.

Acalvio ShadowPlex operates as a cloud-based, autonomous product that injects deception into enterprise networks and cloud workload environments, leveraging artificial intelligence to detect attacks that breach the security perimeter and mitigate them effectively. It's designed with differentiated, patented architecture deployed through a single instance with cloud, on-premise, and ICS options. ShadowPlex offers a simple and effective three-pronged defense strategy: detect, investigate, and respond.

The comprehensive ShadowPlex Deception Playbooks contain more than 150 customizable playbooks—including decoys, breadcrumbs, baits, and lures—that cover hosts, credentials, exfiltration, and more. These fully agentless deceptions, impossible to fingerprint, have automated blending capabilities that enhance their realism. ShadowPlex offers deep solutions to emerging threats, such as zero-day ransomware attacks, Active Directory protection, and detection of all twelve of the MITRE ATT&CK tactics. These detection abilities are authentic, adaptive, and resource efficient to maximize the efficiency of both security teams and existing security tools.

The investigative capabilities embedded in ShadowPlex give analysts access to important attack details. The platform logs and captures substantial forensic information during attack engagements, allowing analysts to investigate efficiently and effectively from an attacker’s point of view. It also utilizes targeted threat investigation and hunting tactics, such as analyzing adversary traversals and advanced script attacks. These advanced tools let analysts look for evidence hidden on decoys or endpoints to discover attack origins, even those of modified scripts. Artificial intelligence constructs recent adversary traversals, revealing the paths taken by malware or advanced persistent threats and giving analysts a sense of the hosts that could be, or have been compromised. All of this critical attack information empowers analysts to make assessments and formulate attack responses quickly. The product facilitates threat hunting with hypothesis testing and threat confirmation to improve SOC efficiency and reduce dwell time.

ShadowPlex has automated remediation for threats against all suspected hosts, a feature that expedites response and performance, provides precision at scale, and reduces overall attack surfaces all at the same time. This automated remediation includes standard, at-scale approaches, such as quarantining compromised hosts. However, ShadowPlex also offers more sophisticated remediation processes that divert, slow, and confuse adversaries by deploying relevant and targeted deceptions into environments, onto subnets, and on the fly. ShadowPlex subscribers can relax knowing that these deceptions always engage with adversaries securely, using built-in containment systems that encapsulate domain knowledge. They also never use agents on endpoints and therefore cannot be manipulated into serving as launching pads for more attacks.

Overall, security pros will find Acalvio ShadowPlex an innovative, autonomous deception solution with sophisticated investigation capabilities that cover the full attack kill chain, protect against advanced living-off-the-land and zero-day variants, and detect all 12 MITRE tactics. Native, purpose-built integrations let ShadowPlex work seamlessly with existing security investments, including SIEM, SOAR, and other third-party solutions, providing significant return-on-investment. The differentiated, patented architecture and combination of deception and artificial intelligence are the underpinnings of ShadowPlex, enabling the deployment of flexible, relevant deceptions at scale.

ShadowPlex costs $25,000 and includes 8/5 phone and email support.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.