Jump to Content
Partners

Built with Google Cloud: Google and Acalvio partner to deliver Active Defense to protect customers from advanced threats

September 11, 2023
Dr. Sreenivas Gukal

Chief Product Officer, Acalvio Technologies

Dr. Ali Arsanjani

Director, AI/ML Partner Engineering, Head of AI Center of Excellence, Google Cloud

Security is a top priority for all customers on Google Cloud, whether beginner, intermediate, or advanced users. Through our partnership with Acalvio, we are able to offer Active Defense to Google Cloud customers, providing automated deception management and deployment capabilities, with a simple onboarding experience.

Architecture overview

Acalvio’s patented Active Defense platform, built on award-winning autonomous deception technology, can enable organizations to detect, engage, and respond to malicious activity in cloud and on-premises networks, as well as hybrid deployments. ShadowPlex achieves this goal by using decoys of attackable systems or applications, bread crumbs of false credentials and baits using tripwires to misdirect malicious actors. Any interaction with the deception platform generates a high-fidelity alert. Built on Google Cloud, Acalvio’s platform delivers enterprise-scale distributed deception.

https://storage.googleapis.com/gweb-cloudblog-publish/images/1_oSRJq0G.max-1100x1100.jpg
Figure 1: ShadowPlex Architecture

Acalvio’s Active Defense has two main components (Figure 1): the ShadowPlex service running on Google Cloud, and the projection sensors deployed in customer workloads, which provide point-of-presence. The centralized ShadowPlex service hosts deceptions and projects them across distributed and hybrid enterprise networks. 

Sensors are lightweight components that are installed in the enterprise network, both on-premises and in cloud workloads, and can enable decoy projection from the ShadowPlex service. ShadowPlex service also supports the work-from-home model by enabling deception across remote computers not directly connected to the enterprise network. It leverages a global sensor deployed in Google Cloud.

How ShadowPlex is built on Google Cloud

For effective Active Defense, deception needs to be enterprise scale and Google Cloud provides the elasticity for ShadowPlex to deploy thousands of deceptions across the customer’s network. Acalvio’s patented Fluid Deception technology provides high decoy density and high interaction, with strict containment. This can allow for safe engagement with attacks, while optimizing resource usage.

ShadowPlex is tightly integrated with Google Cloud Security Command Center (SCC), alerting customers through SCC when deception incidents occur (Figure 2). Additionally, Google Cloud customers will also receive notifications in SCC (Figure 3) to consider adding Active Defense protection for any of their Google Cloud projects not covered by ShadowPlex.

https://storage.googleapis.com/gweb-cloudblog-publish/images/2_qSRzV52.max-1100x1100.png
Figure 2: Acalvio Incident on Google Cloud Security Command Center
https://storage.googleapis.com/gweb-cloudblog-publish/images/3_sFx36Yr.max-1100x1100.png
Figure 3: Deception Coverage Alert on Google Cloud Security Command Center

ShadowPlex is also integrated  with Google Cloud Chronicle Security Operations. Customers can configure the deception incidents to be sent to Chronicle and correlated with other alerts. 

Additional Google Cloud services are used by ShadowPlex for internal operations (Figure 4), such as enriching deception incident data by using information from VirusTotal, data management and processing built on Google’s database services, and threat analysis on the GKE platform.

https://storage.googleapis.com/gweb-cloudblog-publish/images/4_rAimWnL.max-1800x1800.png
Figure 4: ShadowPlex integrated into Google Cloud

Better together

Acalvio’s deception-based Active Defense is available in the Google Cloud Marketplace. This partnership delivers Active Defense to help customers detect and respond to the latest advanced threats with precision and speed.

Acalvio ShadowPlex service from Google Cloud not only provides Active Defense to Google Cloud workloads, but also extends security to customers’ on-premises infrastructure. Deception across the on-premises networks is deployed and managed from Google Cloud, bringing additional usage to Google Cloud.

Posted in