Adversaries are increasingly targeting cloud workloads, with cloud-specific threats escalating in both frequency and magnitude. Identity compromise has emerged as the top attack vector in the cloud, with identity-driven attacks accounting for over 80% of all cloud breaches.
Traditional cloud security measures focus heavily on prevention, but as threats evolve, detection becomes essential to defending against these adversarial activities. Honeytokens, a deception-based technology, provides a powerful solution for preemptive detection of threats targeting cloud-native workloads and preventing attack progression early in the threat lifecycle.
Expanding Cloud Attack Surface Increases Risk
The dynamic nature of cloud workloads continuously expands the attack surface as new workloads are provisioned with elastic resources. Even with active posture management, it remains impractical to eliminate the attack surface entirely.
Operational
Errors
Misconfigurations and Overly Permissioned Resources expand the cloud attack surface
Dynamic Cloud
Environments
New vulnerabilities get introduced as resources are provisioned and deployed
Leaked
Credentials
Unintentional exposure of sensitive login information used to access cloud services
Insider
Threats
Malicious insider access to sensitive data and intellectual property
What Makes Threat Detection in the Cloud Challenging
Traditional detection methods don’t adapt well to the unique demands of cloud environments
Agent-Based Methods
Cloud-native workloads can’t support agents everywhere, making endpoint-centric solutions ineffective
Log Analytics
Constant changes in cloud workloads make it difficult to establish baselines or identify unusual behavior
Adversarial activity blends in easily with the high variability of cloud traffic, making anomaly-based detection less reliable.
What Are Honeytokens
Honeytokens is a Deception Technology technique that is proven to be extremely powerful and effective in detecting a variety of threats. ShadowPlex honeytokens cover both IAM directories and cloud workloads. Any usage or manipulation of these honeytokens is a high-fidelity indicator of a threat.
IAM Honeytokens are deceptive credentials (representing user and service accounts, roles, policies) in Identity and Access Management (IAM) that are specifically designed to lure attackers and deflect them away from real credentials.
Workload Honeytokens include deceptive credentials and data embedded in legitimate cloud resources such as compute instances, secrets manager/vault, serverless functions, container clusters etc. where attackers look for exposed credentials.
Acalvio Cloud Detection and Response (CDR)
Preemptive Detection
Multi-cloud Honeytokens, powered by AI and deception technology, set traps for attackers, enabling early detection of threats
High-Fidelity Alerts
Honeytokens aren’t part of normal workflows, so any use of them provides a high-fidelity signal of malicious activity
Detect Cloud-Native Threats
Designed to identify threats targeting cloud-native services, ensuring comprehensive cloud environment protection
Discover More
Learn more about Acalvio Cloud Security
Strengthen your Cloud Security
Achieving comprehensive cloud security requires multiple layers of defense working in harmony. Acalvio ShadowPlex complements CSPM and CNAPP solutions and provides robust protection across cloud-native and multi-cloud workloads.
Reach out today to learn more about our industry leading deception platform and its role in cloud threat detection across multi-cloud workloads