By Byron V. Acohido
Differentiating itself in a forest of cybersecurity vendors has not been a problem for start-up Acalvio Technologies. While hundreds of other security companies tout endless types and styles of intrusion detection and prevention systems, Acalvio has staked out turf in a promising new sub-segment: deception-based security systems.
Related article: Hunting for exposed data
Launched in 2015 by a group of cybersecurity veterans, the Santa Clara, Calif.-based start-up has 50 employees and has raised $22 million in venture capital financing to date. It has achieved this by pioneering technology that lays in wait for intruders who manage to get inside a company’s firewall, and then leads them down a path rife with decoy systems and faux data.
I had the chance to visit with Acalvio marketing chief, Rick Moy, at RSA Conference 2018. For a drill down on our conversation please listen to the accompanying podcast. Here are a few high-level takeaways:
Changing tactics
Deception is an age-old stratagem. Animals and insects use it to survive in the wild. Warring nations use it to gain tactical advantage over each other. Cybercrime and cyber warfare, no surprise, largely revolve around deception. Phishers deceive to gain trust; hackers deceive to avoid detection.
Acalvio seeks to put cyber criminals, for once, on the receiving end of deceptive tactics. It does this by distributing virtual honeypots in scattered locations throughout an organization’s network, and by planting faked data, tokens and credentials where an intruder skulking around the network is likely to find them.
These snares are designed to entice the threat actor to access a decoy system. In doing so, the attacker exposes himself and the advantage goes to the company. Harm gets minimized and the option to commence counterintelligence tracking opens up.
A third option
Acalvio believes deception systems can level a playing field that has been tilted in the attackers’ favor for far too long.
Moy
“Our perspective is we should change the game,” Moy told Last Watchdog. “Change this asymmetry in information warfare. . . instead of just allowing or denying, there should be a third option: we can give them (attackers) partial access to a controlled network, let them think they’ve had success, and now we’re observing their tools, tactics and procedures and learning what they’re really after.”
Open source tools to do this kind of thing have been available for a while. But Acalvio has come up with an enterprise-ready, turn-key solution that’s both scalable and manageable; it can be deployed across the systems and applications widely used in large organizations today.
“Our objective is to present the attacker with something that’s interesting and tempting, to entice them into touching what appears, in their eyes, to be a valuable asset,” Moy says. “But it’s a fake asset. It’s a beacon and an indicator for us. The principle behind deception is to get the attacker to reveal themselves.”
Offensive weapon
It strikes me that deception-based security systems, like the one Acalvio is bringing to market, adds something that has been absent from network defense: an offensive weapon. Instead of continually striving to detect and defuse all incoming fire, companies can begin to think about proactively snaring adversaries who manage to slip inside the firewall.
Moy puts it this way: “We want to actively engage and change the terrain that the attacker sees. We don’t want to give them a fair and accurate picture of where our assets are. We’d like to misrepresent that to them and steer them down a specific path.”
It will be interesting to see how adoption of deception systems advances going forward. It makes sense for companies to begin thinking about tactically engaging hackers on their terms. Many more are going to slip through the fresh attack vectors opened up by ‘digital transformation. This is a new class of weaponry that may prove effective in more thoroughly neutralizing elite hacking groups.
“We want to operationalize high-level strategic thinking by introducing as much intelligence, data science and automation to the process as we can,” Moy says. “As we look over the next few years, the ease of implementing deceptions as a defensive strategy, for detecting the attacker, and then ultimately responding in an automated fashion, is what’s on the horizon.”
(Editor’s note: Last Watchdog has provided consulting services to Acalvio.)
