Copyright 2019. Acalvio Technologies Inc. Proprietary & Confidential 1
Emre KulaliVice President of Business Development
CriticalAcclaim!
Copyright 2019. Acalvio Technologies Inc. Proprietary & Confidential
About Us
Seasoned, Proven team with deep experience in security, start-up, profitable growth, innovation and shareholder value creation.
25 issued patents, 15 pending
Dave Markel• ex-CTO, Mandiant• Co-founder, CEO, Expel.io
Dr. Taher El Gamal• Security CTO, Salesforce• Inventor SSL• Founder, Securify• Chief Scientist, Netscape
Dr. Gerhard Eschelbeck• VP – Security, Google• CTO, Sophos• CTO, Webroot
Prof Eugene Spafford• Prof – Purdue Univ• Co-inventor TripWire
Prof Dawn Song• Professor – UC Berkeley• MacArthur Fellow• Founder, Ensighta (acquired by FireEye)
Academic Advisors
Industry Advisors
Investors
TeamIzak Mutlu• ex-CISO, Salesforce,
Silicon Graphics, Solectron 2
Copyright 2019. Acalvio Technologies Inc. Proprietary & Confidential
Connected World poses new security challenges
3
Intelligent EDGE
DATACENTER CLOUD: Public & Private
ENTERPRISE
Attacks & BreachesKeep Growing
Source: Verizon DBIR 2018
Attackers will penetrate perimeter defenses.(And there will always be Insider Threats.)
Today it takes >100 daysto detect the attacker!(Too late!)
SOCs are burdened with false positives and skill shortages
While Dwell Time is in Months
Attackers are Getting In
Copyright 2018. Acalvio Technologies Inc. Proprietary & Confidential 4
Copyright 2018. Acalvio Technologies Inc. Proprietary & Confidential 5
Old Detection Techniques are not Effective
Anomaly BasedSignature Based
Generate too many False Positives and False Negatives
It is an asymmetric battle
We have to be right all the time
The attacker has to be right only once!
We are getting deceived all the time!
DEFENDERS CHALLENGE
Deception Changes the Game
Copyright 2018. Acalvio Technologies Inc. Proprietary & Confidential 7
Unique Deception Benefits• Total Visibility• High Fidelity, Low Volume Alerts
• Only True Signature-less Detection• Capture Current TTPs of Your Attacker
• Misinformation Increases Cost & Risk for the Attacker
Pretend Inferiority and ENCOURAGE HIS IGNORANCE– Sun Tzu
Gartner’s Top 10 Technologies for
Information Security for 2018
1. Cloud Workload Protection Platforms
2. Remote Browser
3. Deception
4. Endpoint Detection and Response
5. Network Traffic Analysis
6. Managed Detection and Response
7. ….
Copyright 2019. Acalvio Technologies Inc. Proprietary & Confidential 8
https://www.gartner.com/newsroom/id/3744917
Managed detection and response (MDR) providers deliver
services for buyers looking to improve their threat
detection, incident response and continuous-monitoring
capabilities, but don't have the expertise or resources to do it on their own. Demand from the small or midsize business (SMB) and small-enterprise space has been particularly strong, as MDR services hit a "sweet spot" with these organizations, due to their lack of investment in threat detection capabilities.
Deception technologies are defined by the use of deceits,
decoys and/or tricks designed to thwart, or throw off, an attacker's cognitive processes, disrupt an attacker's automation tools, delay an attacker's activities or detect an attack. By using deception technology behind the enterprise firewall, enterprises can better detect attackers that have penetrated their defenses with a high level of confidence in the events detected. Deception technology implementations now span multiple layers within the stack, including endpoint, network, application and data.
Gartner on Deception
9
Gartner Report - “Improve Your Threat Detection Function With Deception Technologies” [ID G00382589, 27 March 2019]
“Security and risk management leaders looking for tools to build or expand their threat detection and response function should include deception tools in their stack. These tools are enterprise-ready and fully capable of delivering on five key use cases discussed in this document”.
A Closer Look at Deception
Copyright 2019. Acalvio Technologies Inc. Proprietary & Confidential 10
He Who is Prudent and LIES IN WAIT FOR AN ENEMY WHO IS NOT, Will be Victorious
– Sun Tzu
Copyright 2019. Acalvio Technologies Inc. Proprietary & Confidential 11
Deception in Nature
VENUS FLY TRAP BUFF TIP MOTH
ANGLER FISHRYEDEAD NETTLE
12
Deception in Warfare SECRET OPERATIONS are Essential in War; Upon Them the Army Relies to Make its Every Move
– Sun Tzu
Feigned retreat
Fictional units
Strategic envelopment
Smoke screens
Trojan horse
Copyright 2019. Acalvio Technologies Inc. Proprietary & Confidential
Copyright 2019. Acalvio Technologies Inc. Proprietary & Confidential
History of Deception Technology
Honeypots 1st Generation Deception• Static honeypots• Mostly low-interaction elements• Lacking density and authenticity• Expensive to manage
• Limited automation• Uses brute force deception • Limited integration with IT tools• Rules-based approach
Early 2000’s Recent years Today
Enterprise Deception • Distributed decoys• Self-learning & adaptive• Vast Deception Fabric• AI driven
13
Copyright 2019. Acalvio Technologies Inc. Proprietary & Confidential 14
Deception is NOT just Honeypots
Start with Multiple Decoy Types
Low Interaction
• Network services and applications
• Attacker cannot login
• Often done via emulation leading to lower quality decoys
• Can deploy many decoys
High Interaction
• Real VM Hosts, Applications, Database Servers, Shares
• Attacker can login – full interaction higher quality decoys
• Can only deploy Few Decoys
Copyright 2018. Acalvio Technologies Inc. Proprietary & Confidential 15
Add Lures to make Decoys Attractive
Deliberately place Lures1. Vulnerabilities in OS,
Application, Protocols2. Weak configurations and
permissions3. Fake Service Accounts
16Copyright 2018. Acalvio Technologies Inc. Proprietary & Confidential
Copyright 2018. Acalvio Technologies Inc. Proprietary & Confidential 17
Lead Attacks to Decoys
Breadcrumbs extend Deception to existing devices
Many uses for Breadcrumbs• Act as Micro-sensors• Give mis/information• Give booby trapped tools
Key Requirements:1. Need deployment Automation and
Intelligence2. Need to kept fresh and unique3. Avoid Accidental Alerts by Users4. Agentless
Blend Deception into Neighborhood
Copyright 2018. Acalvio Technologies Inc. Proprietary & Confidential 18
Need believable Deceptions
Hard to blend manually if there are 100s of VLANs
Need Automated and continuous Blending of deceptions• Networks can change• Adversary behavior will change• Threats will change
Copyright 2018. Acalvio Technologies Inc. Proprietary & Confidential 19
Keep Deception Dynamic
Static Deceptions• Hardly changes• Easy to fingerprint & avoid
Dynamic Deceptions• Always auto-changing• Hard to predict or identify
Shape-Shifting Mimic Octopus
Copyright 2018. Acalvio Technologies Inc. Proprietary & Confidential 20
Industrialize Deception
Industrialization requires TWO key
ingredients.
1. Enterprise Scale
Ø Ability to deploy thousands of deceptions
Ø Across multiple physical locations
2. Ease of Use
Ø In both configuring and managing
thousands of deceptions
Ø Automation, Automation, Automation
Finally - DO NO HARM
Deception must not introduce new risk into the environment.vA decoy cannot become a base for Pivot Attacks
• High Interaction decoys provide shell access to the attacker to gather TTPs• Decoys may have intentional vulnerabilities to attract attacks• Decoys may not be updated as frequently as enterprise hosts
vAttack containment should be designed into the deception fabric• Attacker will have privileged credentials to the decoy• Ad-hoc containment approaches can always be compromised
Copyright 2018. Acalvio Technologies Inc. Proprietary & Confidential 21
The Ideal Deception Solution
Copyright 2018. Acalvio Technologies Inc. Proprietary & Confidential 22
• Servers• Workstations• Applications• Database Servers• Printers• Custom Images• Network Services
DECOYSAdd to Network
• Registry entries• Files and Folders• Memory Credentials• Browser History• Mapped Drive• Credential Store
BREADCRUMBSLead to Decoys
• Files and Folders• Beaconing Docs• Database Rows• DNS records• Processes• Directory browsing• Content
BAITSTripwires
• Vulnerabilities • Mis-configurations• Default/Weak credentials
LURESMake Deceptions Attractive
• Weak Permission• Registration in Catalogs like AD• Entity names
Rich Palette of Deceptions
Copyright 2019. Acalvio Technologies Inc. Proprietary & Confidential 23
Autonomous Deception
• Scale• Efficacy• Ease of use/mgt• Cost Effective• Automation & Intelligence • Architected For Cloud
Copyright 2018. Acalvio Technologies Inc. Proprietary & Confidential 24
Threat AnalysisEngine
AI Engines
Sensor
Sensor
Enterprise NetworkOn-premises
SERVER
SOFTWARE TUNNELS
Network 1
VPC 1Projections
Projections
SERVER
SDNFabric
Cloud VPC
Acalvio Deception Farm
VPC 1
Network 1
SERVER
SERVER
SERVER
Patented Architecture : Deception Farms®
Copyright 2019. Acalvio Technologies Inc. Proprietary & Confidential 25
Scale – Supports Geographically Distributed & Hybrid Networks
• Central Management & Monitoring of Deceptions
• Decoys are dynamicallyProjected onto subnets
• Distributed Deceptions across multi-Cloud & on-premises network
• Automatically change Decoy count and façade on central ADC
• Enterprise scale
• Low TCO
• Resource efficient
A3
HIA4A5A6
LI
Fluid Deception: Scale AND Depth
SDN
Fabric
A1 A2
Sensor
A3
Low Interaction DeceptionsHigh Interaction Deceptions
ATTACK
A4 A5 A6Acalvio Deception Farm
B1 B2 B3
SOFTWARE TUNNEL
Enterprise NetworkOn-premises
Projected Deceptions
Copyright 2019. Acalvio Technologies Inc. Proprietary & Confidential 26
Deception Playbooks
Acalvio Confidential 27
Separate Design of Deception from Deployment of Deception.
DesignDeception Playbook
AutonomousDeployment & Management
of Deception
Copyright 2019. Acalvio Technologies Inc. Proprietary & Confidential 28
Authentic Deception : Reflections Technology
Effective – Authentic Deception
Unique Decoy TargetsProjected into real network
(hundreds or thousands)
Patented method of projecting false apparent hosts onto a network, while preserving fully authentic virtual machines for high interaction.
Adaptive Reflection FabricCreates One:Many RelationshipLow Processing Requirements
SQL DatabaseIIS Web ServerActive DirectoryExchange Server
File Share Services
DNS Services
Authentic Virtual MachineSingle Instance
One Set: OS / App Licenses
Integrations Woven into the Fabric
©2019 ACALVIO TECHNOLOGIES All rights reserved. 29
Acalvio stands alone
Deception 2.0C
ompl
eten
ess
of D
ecep
tion
Scale
BrandY
Deception 1.0
BrandX
Copyright 2019. Acalvio Technologies Inc. Proprietary & Confidential 30
Success Story
Copyright 2018. Acalvio Technologies Inc. Proprietary & Confidential 31
Copyright 2019. Acalvio Technologies Inc. Proprietary & Confidential 32
Strategic Partnerships
• Verizon offering a new service “Deception as a Service”powered by Acalvio
• Verizon projects 100+ wins in 18 months
Google + Acalvio will make a joint presentation @ Next 2019 in Tokyo
“See your Nemesis: The vital role of Deception Technology in Cloud Security”
Google strategic partnership• Google will resell Acalvio
The goal is to include Acalvio deception as a first party experience while interacting with the GCP console. The vision is a simple purchasing experience with highly automated management and deployment. Customers should receive notification and a recommendation when they do not have deception coverage...
• Acalvio and Honeywell Partner to Protect Industrial Control Systems and Critical Infrastructure
Ensuring the security of our customers’ critical assets (plants, machinery, control systems, processes, intellectual property, etc.) is an important imperative. We are very excited to partner with Acalvio to enhance its award-winning Deception Platform to support CyberDefense capabilities for ICS and IOT assets” Honeywell.
Increasingly, our enterprise customers want to detect malicious activity with precision and speed. Acalvio ShadowPlex is the most innovative solution in the Deception space. Combining our security expertise with Acalvio’s award winning ShadowPlex platform offers customers a highly efficient and cost-effective solution to thwart advanced attackers.”
Copyright 2019. Acalvio Technologies Inc. Proprietary & Confidential 33
World’s Largest Deployment at Broadcom
• ShadowPlex deployed since Jan 2018• Global deployment: US, UK, Germany,
Japan, China, Malaysia, Singapore, India, Israel, South Korea
• Data Center, DMZ and End User networks
• Proven efficacy, scale, ease of management and cost effectiveness
10countries
12datacenters
80enterprise sites
Acalvio Benefits
• East-West visibility for the very first time
• Detection efficacy: “zero day” attacks, Ransomware, APTs, vulnerabilities due to mis-configuration
• Precision in response• Low IT overhead
Enterprise-wide Deployment at Eide Bailly
• ShadowPlex deployed since Jan 2018• US wide deployment: 14 States• Data Center and End User networks• Proven efficacy, scale, ease of
management and cost effectiveness
USA 14States
32Offices
Top 10 CPA firm in USAFounded in 1917
Fortune 500 CompanyFounded in 1961
CyberSource Data – July 2019 – Analyst Report
34
35
ShadowPlex Summary
ü Award winning NextGen Deception solutionü Innovative Patented Solutionü Largest Global Deception Deployment ü World Class partnerships to ensure Customer Success
Copyright 2019. Acalvio Technologies Inc. Proprietary & Confidential
Acalvio provides Advanced Threat Defense (ATD) solutions to detect, engage and respond to malicious activity inside the perimeter. The solutions are anchored on patented innovations in Deception and Data Science. This enables a DevOps approach to ATD, enabling ease of deployment, monitoring and management. Acalvio enriches its threat intelligence by data obtained from internal and partner ecosystems, enabling customers to benefit from defense in depth, reduce false positives, and derive actionable intelligence for remediation.
Copyright 2018. Acalvio Technologies Inc. Proprietary & Confidential
Thank you.
Emre [email protected]+1 (408) 807-4529
36