Acalvio Technology’s ShadowPlex aims to detect advanced attackers with precision and speed. It addresses the limitations of hard-to-install, difficult-to-maintain solutions otherwise not suited for enterprise-scale environments and allows organizations to deploy enterprise-wide deception solutions for accurate, timely and cost-effective detection.

The company includes a rich palette of deception including decoys, breadcrumbs, baits and lures that attract and maintain the interest of attackers.

ShadowPlex responds with a high-fidelity alerts feed, automated workflows and rich and actionable forensics; uses breach detection; and engages with attackers to understand their adversaries and TTPs for timely and accurate responses. AI algorithms based on network discovery and set-forth playbooks autonomously and intelligently create “appropriate” deceptions for an environment.

Decoys are automatically project onto subnets. Sensors build bridges to servers, where all decoys are born. The decoys are then projected into an environment where the sensor collects IP addresses from decoysso they look as though they are from the environment from which they were deployed. The ability to project decoys from afar is a huge advantage because organizations can then manipulate the decoys, making them come and go, and distribute deception across multi-cloud environments and on-premises. Security teams can programmatically change decoy counts and façades at will without doing harm to the production system. Because the decoys do not require the use of agents and cannot be used as launching pads, ShadowPlex offers excellent containment.  

With Fluid Deception, decoy instances are hidden until attacked. An instance is created in 100ms. The VM is woken up in real-time, and the RDP client launches seamlessly. The methodology in conjunction with just-in-time capability reduce resource usage.

Playbooks separate the design and operation of deception with the goal of designing the deception once but deploying it many times. They set the path by creating sites, approving sensors and configuring of VLANs on trunk ports. Deceptions are rolled out with imported or customized playbooks. Data and scope are associated and playbooks are approved and deployed at scale.

Breadcrumbs can be deployed on any host using a single deployment script. Personalized breadcrumbs can be deployed per host and on multiple levels. And attackers cannot obtain the fingerprints.

Custom decoys piqued our interest for a number of reasons. Decoys can also be registered with Active Directory to become part of the Active Directory Domain. A Heartbleed vulnerability can be exposed to make custom decoys more attractive. This ‘Expose Heartbleed’ can make the attack continue their interaction by pointing them to another decoy within the data.

The vendor has incorporated deception-based security for the hybrid cloud with centralized administration and focused on minimizing IT overheads with open, automated and real-time security and visibility.

ShadowPlex offers complete deception at scale, symbiotically combining decoys and breadcrumbs to achieve maximum effectiveness while manipulating attackers into revealing their capabilities for evaluation. ShadowPlex comes MSSP ready. Starting prices is $1,000 per month and is based on the number of IPs protected.

Tested by: Matthew Hreben