Acalvio Honeytokens for Falcon Identity Protection
Prevent identity-driven attacks with Acalvio and CrowdStrike
Acalvio ShadowPlex provides visibility into attack vectors in identity repositories and caches across the enterprise network. ShadowPlex combines this visibility with CrowdStrike detections and vulnerability assessments, to show the possible attack paths that an attacker can exploit for privilege escalation and lateral movement. ShadowPlex also integrates with the CrowdStrike Falcon® agent on endpoints to deploy and manage a comprehensive layer of deception in order to detect identity-based attacks and generate high fidelity alerts. Organizations are also enabled with automated real-time responses via the CrowdStrike Falcon platform, simplifying operations and speeding up response.
ShadowPlex offers unique visibility into the attack surface area in identity repositories, such as AD / Azure AD, and the various identity caches in every endpoint.
ShadowPlex analyzes the attack surface area to generate the possible paths that can be exploited to move laterally in the network including identifying attack paths to crown jewels and performing blast radius analysis of compromised identities. ShadowPlex also optimizes the remediation process by prioritizing the actions.
ShadowPlex AD protection uses a combination of decoy users, computers, and SPNs to detect sophisticated attacks against AD. Based on the attack type, ShadowPlex uses an AI module to automatically recommend the deception to deploy. By leveraging the insights gained from identity attack surface visibility, ShadowPlex crafts a set of precise deceptive elements that blend into the contents of the AD and detect that attack type.
ShadowPlex has an extensive palette of deceptions to deploy to endpoint credential caches, including user profiles, pathways for lateral movement, security configurations, application credentials, etc. By integrating with the CrowdStrike Falcon platform, deception on the endpoints detects identity attacks and redirects them to decoys, and provides a variety of response actions, including real time containment of the exploited endpoint.