Why do I need

ShadowPlex Cyber Deception

Most organizations implement relatively static and denial-based cybersecurity defenses. They deploy controls such as firewalls, anti-virus, and vulnerability management, and start monitoring for events. The problem is that attackers can repeatedly probe for weaknesses in these denial-based defenses, and then apply maximum pressure at the defender’s weak point. In addition, defense evasion measures for many of these security solutions are well-known and public. Determined attackers eventually find a way in – it has become a question of “when” and not “if”.

Cyber Deception provides Active Defense, by introducing new decoy assets into the enterprise network. The decoy assets are not part of the normal business processes, and any attacker interaction results in a high-fidelity alert. In addition to detection, deception also disrupts attacks not by denying access, but by confusing and diverting attacks away from enterprise assets and engaging using decoy assets.

Deception is Complementary to Traditional Cyber Defenses

Traditional cybersecurity defenses monitor all activity against regular assets and alert on suspicious activity – detected based on signatures or anomaly detection using probabilistic machine learning models. This results in a lot of false positives and also misses zero-day exploits.

Cyber deception deploys a pervasive deceptive layer across the enterprise network and endpoints. Detection is based on activity against deception and does not depend on signatures or anomaly detection. This provides several benefits:

  1. Generates a new stream of low volume and high-fidelity alerts, which adds to and extracts value from the alerts raised by other defenses
  2. Provides another layer of defense based on orthogonal detection methodology, complementary to the traditional cyber defenses
  3. Detects even zero-day exploits, since deception-based detection does not depend on whether the exploit has been seen before

Deception Provides Dynamic Defense

Denial-based cybersecurity defenses are relatively same throughout the enterprise and even across enterprises. If an attacker manages to evade a specific defense, this monoculture helps attacker use the same strategy to evade that same defense everywhere else as well.

ShadowPlex cyber deception uses Artificial Intelligence to deploy relevant and blended deception, automatically customized to every endpoint and every subnet even within the same enterprise. The deception is also automatically updated and kept fresh to match any changes in the network neighborhood. Even if an attacker identifies a deceptive asset, it does not provide any insight into the other deceptive assets anywhere else including in the same neighborhood, which makes deception-based cybersecurity very effective.

Deception Covers all Enterprise Assets

Cyber deception covers all enterprise assets. ShadowPlex ships with 150+ built-in deception types and, more importantly, includes a framework to easily add additional deception types. The agentless architecture of ShadowPlex cyber deception can protect all assets where EDR agents cannot be deployed and networks where NDR solutions cannot sit inline.

Deception works extremely well for protecting OT / ICS networks as it is a low-risk solution that does not need any agents and does not impact the enterprise assets in any way.

Attackers also go after applications (for example, Log4Shell is an exploit typically against web applications). Deception is a great mechanism to defend from application threats, by providing new deceptive set of application targets for the attacker and by protecting the real applications by embedding deceptions in them.

Identity Security

Identity is always of interest to attackers, as demonstrated through the APT 29/SolarWinds exploits. Current Detect and Respond security solutions do not have built in awareness of Identity threats, Deception is a great defense mechanism to detect Identify compromise. ShadowPlex provides visibility into attack targets in identity stores and caches, and uses deception to detect and respond to identity compromises.

Analyst Recommendations

Recent reports from IDC, KuppingerCole and other technology analysts endorse the importance of cyber deception.

“Deception is no longer a luxury item , but another important security layer in the fight against cyber-attacks”

The Role of Deception Technology in IoT/OT Security
IDC Market Perspective, July 2022

“Deception is an established and growing specialty in cybersecurity”
“By design, distributed deception platforms have a far lower false positive rate than IDS/IPS, SIEMs, and some other tools, which can improve efficiency in SOCs”

Distributed Deception Platforms (DDPs)
KuppingerCole Leadership Compass, Sep 2021

Next Steps

Explore our patented technologies to enable Active Defense in your enterprise.