{"id":2035,"date":"2017-05-03T19:24:31","date_gmt":"2017-05-04T02:24:31","guid":{"rendered":"https:\/\/new.acalvio.com\/?p=2035"},"modified":"2017-05-03T19:24:31","modified_gmt":"2017-05-04T02:24:31","slug":"if-deception-is-so-great-why-isnt-everyone-doing-it","status":"publish","type":"post","link":"https:\/\/acalvio.p2staging.us\/index.php\/2017\/05\/03\/if-deception-is-so-great-why-isnt-everyone-doing-it\/","title":{"rendered":"If Deception is so Great, Why Isn&#8217;t Everyone Doing it?"},"content":{"rendered":"<div class=\"section post-body\">\nUsing deception as a threat detection solution would seem to be a no-brainer: B It can detect malware at multiple points in the kill chain, with no false positives and no modifications or impact to production systems. B Everyone must be doing it you would think. B However, the reality is that deception isnb\u0000\u0019t widely deployed at all. B So whatb\u0000\u0019s the issue and whatb\u0000\u0019s being done about it?<br \/>\nThe problem with most deception solutions boils down to one thing: Operational reality. B In order to be effective, deception needs to be easy to deploy at scale and constantly tuned to be credible. B Sure you can throw a few honeypots around, but youb\u0000\u0019ll lack coverage in most of your network. Just as bad, unless each honeypot is configured to blend in with the surrounding environment, and morph as the environment changes, it will stick out like a sore thumb. B That requires administration time and attention you just donb\u0000\u0019t have. B Think you can improve things by deploying breadcrumbs to lead to the honeypots? B Great, now youb\u0000\u0019re responsible for placing artifacts on production systems and making sure nothing goes wrong. B Thanks but no thanks! B I think by now you get the idea b\u0000\u0013 there are just too many challenges to make it realistic for almost all organizations.<br \/>\nWe at Acalvio would be the first to admit that there are solutions out there that go part way towards solving these issues, for example achieving scale through large numbers of simple decoys. However this is like going from a two wheeled car to a three wheeled car: Thereb\u0000\u0019s progress, but itb\u0000\u0019s still not viable in any production situation.<br \/>\nThe good news is that we listened to the market when we architected our Deception 2.0 solution, ShadowPlex. We focused onB <i>both<\/i>B the necessary credibility to deceive the attacker,B <i>and<\/i>B capabilities required to operationalize at scale:<\/p>\n<ul>\n<li>Automation: ShadowPlex automates pretty much everything: Discovery, deployment, scale-up, and authenticity (read on for more on that). B This means that with very little effort, you can deploy it broadly and with credibility, and immediately get high integrity events (i.e. no false positives) rolling up to your SIEM.<\/li>\n<\/ul>\n<ul>\n<li>Dynamic Authenticity:B ShadowPlex not only configures deception to blend in with each environment to appear credible, it also dynamically modifies the deception based on changes in the environment. B Becoming stale kills effective deception, and trying to stay credible manually is a non-starter.<\/li>\n<li>Scale and Coverage: To be able to scale without breaking the bank, we support large volumes of low interaction decoys. B And since no one wants to implement a solution that canb\u0000\u0019t cover most or all of their environment, we support all the typical operating systems, and the ability to deploy in traditional, public, and private clouds.<\/li>\n<\/ul>\n<p><span class=\"hs_cos_wrapper hs_cos_wrapper_meta_field hs_cos_wrapper_type_rich_text\" data-hs-cos-general-type=\"meta_field\" data-hs-cos-type=\"rich_text\"><br \/>\n<\/span>Deception 1.0 was the two and three wheeled cars: Interesting, but not practical. B Like any 1.0 offering, you probably donb\u0000\u0019t want your job depending on it. B Acalvio ShadowPlex is the first example of Deception 2.0 &#8211; a powerful combination of DevOps, Distributed Deception, Machine Learning and Cloud capability. B We took a great concept and made it operationally viable and cost effective for any size organization. B So itb\u0000\u0019s finally time to take the keys and take it for a test drive. B We think youb\u0000\u0019ll like what you see.\n<\/div>\n<p id=\"hubspot-topic_data\">\n","protected":false},"excerpt":{"rendered":"<p>Using deception as a threat detection solution would seem to be a no-brainer: B It can detect malware at multiple points in the kill chain, with no false positives and no modifications or impact to production systems. B Everyone must be doing it you would think. B However, the reality is that deception isnb\u0019t widely [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":[],"categories":[3],"tags":[87],"_links":{"self":[{"href":"https:\/\/acalvio.p2staging.us\/index.php\/wp-json\/wp\/v2\/posts\/2035"}],"collection":[{"href":"https:\/\/acalvio.p2staging.us\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/acalvio.p2staging.us\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/acalvio.p2staging.us\/index.php\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/acalvio.p2staging.us\/index.php\/wp-json\/wp\/v2\/comments?post=2035"}],"version-history":[{"count":0,"href":"https:\/\/acalvio.p2staging.us\/index.php\/wp-json\/wp\/v2\/posts\/2035\/revisions"}],"wp:attachment":[{"href":"https:\/\/acalvio.p2staging.us\/index.php\/wp-json\/wp\/v2\/media?parent=2035"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/acalvio.p2staging.us\/index.php\/wp-json\/wp\/v2\/categories?post=2035"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/acalvio.p2staging.us\/index.php\/wp-json\/wp\/v2\/tags?post=2035"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}