Products
- Products
  
  Platform
  ShadowPlex Advanced Threat Defense
  Deception for early detection of cyber threats with precision and speed
  
  ShadowPlex Identity Protection
  Visibility, management and protection of identity stores and attack paths
  Acalvio Active Defense Platform
  Comprehensive and Award-winning Distributed Deception Platform
  
  What is Active Defense?
  Active defense detects and diverts attacks.
  
  Why do I need Acalvio Active Defense?
  Active Defense deceives and disrupts attackers.
Solutions
- Technology Solutions
  
  Industry Solutions
  Early Threat Detection
  Detect cyber threats early in the attack lifecycle to prevent adversary breakout
  
  Identity Threat Detection & Response
  Detect identity threats with precision and protect the identity architecture
  
  OT Security
  Protect OT environments from cyber threats with an easy-to-deploy and non-intrusive solution
  
  Red Teaming
  Strengthen defenses to detect red team activities
  
  Threat Hunting
  Active threat hunting to confirm latent threats and gain visibility to attacker TTPs
  
  Ransomware
  AI-driven deception to protect against known and zero-day ransomware variants
  
  Honeytokens for CrowdStrike
  Enterprise-scale honeytokens to protect against current and evolving identity threats
  
  Active Directory Protection
  Visibility to AD attack surface and detection of AD attacks
  
  Zero Trust
  Advance Zero Trust maturity through improved cyber visibility
  
  Insider Threats
  Unmask hidden dangers. Cyber deception for high-fidelity insider threat detection
  Public Sector
  Targeted solution for protecting Federal agencies in conformation with NIST and CISA recommendations
  
  Financial Services
  Transform Financial Cybersecurity with Innovative Cyber Deception and Active Defense
  
  Healthcare
  Active defense solutions thwart healthcare attacks before they can inflict real damage.
Resources
Partners
Company

Tunneling for Network Deceptions

by Team Acalvio | August 19, 2019

Patent Awarded to Acalvio

Acalvio was awarded U.S. Patent No. 20,170,310,706, titled “Tunneling For Network Deceptions”. This patent forms the basis of the Deception Farms® architecture. This blog goes a little deep into the patent to talk about what the patented technology is and the benefits.

Abstract of the Patent

Let’s start with the abstract of the patent, as it covers all the significant aspects:
“Provided are systems, methods, and computer – program products for providing network deceptions using a network tunnel. In various implementations, a network device on a first network can be configured as a projection point. A projection point can be configured as one endpoint of a network tunnel. The other end of the network tunnel can terminate at a deception center. The deception center can host a second network, where the second network includes network devices configured as deception mechanisms. By assigning a deception mechanism a network address from the first network, the network address and the network tunnel enable the deception mechanism to appear as a node in the first network.”

We use a series of figures to illustrate this patent. The first network referred above is the Enterprise Network. A network device on this network is configured to build a network tunnel to deception center, which is located on the same or a different network. We call this network device a “Projection Sensor”.

A “Deception Center”, which is another network device, hosts a second network (shown on the right). This network inside the deception center has a bunch of network devices, as shown in Figure 2. These network devices are the deception mechanisms.

Now the last piece of the innovation, which makes the deception mechanisms part of the first network. We first acquire the required network addresses (essentially IP addresses) that belong to the first network. These addresses are assigned to the deception mechanisms in the second network. All traffic to these network addresses in the first network flow through the Sensor and the tunnel to the deception center, where it is handled by the deception mechanisms corresponding to those network addresses. In essence, the deception mechanisms from the deception center are logically projected into the first network, as shown in Figure 3.

The patent applies to all form factors of “network devices”. The Sensor can be a hardware device, a software device or even install on an existing network device (an enterprise host) in the first network. The Deception Center can be a physical appliance, a virtual appliance or located in the Cloud. It could be located far away from the first network or be part of the first network. A Sensor can connect to one or more Deception Centers. The deception mechanisms themselves can be emulations or real servers, or even physical servers.

Let’s go over the benefits of this patent:

This technology allows deploying deception easily and cost-effectively into a distributed enterprise, including remote offices and branch offices and segmented networks.
Deception across the enterprise can be managed centrally. The deception mechanisms can be programmatically morphed, updated and enhanced in the deception center, without needing any changes to the enterprise network.
Cloud workloads can be protected using the same technology, by just adding a Sensor into the cloud workload. The same deception center can manage deception across hybrid networks and multi-cloud networks.
Deception mechanisms are designed to attract attacks and be easier to exploit compared to the hosts in the enterprise network. When an attacker takes over a deception mechanism, the deception mechanism itself can be used as a base to attack the hosts in the enterprise network – so called pivot-back attacks. This patent avoids pivot-back attacks by design. The deception mechanisms are kept away from the enterprise network, in the deception center. The SDN switch is programmed to automatically recognize and block all pivot-back attacks.

The patent has broad applicability in detecting threats across a variety of areas – edge computing, containerized workloads, Industrial Internet of Things (IIoT), and even autonomous vehicles.

Acalvio’s Autonomous Deception solution, ShadowPlex, leverages this innovation to deploy Deception “at Enterprise Scale”, but that’s the topic for another blog article.