Security is a top priority for all customers on Google Cloud, whether beginner, intermediate, or advanced users. Through our partnership with Acalvio, we are able to offer Active Defense to Google Cloud customers, providing automated deception management and deployment capabilities, with a simple onboarding experience.
Architecture overview
Acalvio’s patented Active Defense platform, built on award-winning autonomous deception technology, can enable organizations to detect, engage, and respond to malicious activity in cloud and on-premises networks, as well as hybrid deployments. ShadowPlex achieves this goal by using decoys of attackable systems or applications, bread crumbs of false credentials and baits using tripwires to misdirect malicious actors. Any interaction with the deception platform generates a high-fidelity alert. Built on Google Cloud, Acalvio’s platform delivers enterprise-scale distributed deception.
Acalvio’s Active Defense has two main components (Figure 1): the ShadowPlex service running on Google Cloud, and the projection sensors deployed in customer workloads, which provide point-of-presence. The centralized ShadowPlex service hosts deceptions and projects them across distributed and hybrid enterprise networks.
Sensors are lightweight components that are installed in the enterprise network, both on-premises and in cloud workloads, and can enable decoy projection from the ShadowPlex service. ShadowPlex service also supports the work-from-home model by enabling deception across remote computers not directly connected to the enterprise network. It leverages a global sensor deployed in Google Cloud.
How ShadowPlex is built on Google Cloud
For effective Active Defense, deception needs to be enterprise scale and Google Cloud provides the elasticity for ShadowPlex to deploy thousands of deceptions across the customer’s network. Acalvio’s patented Fluid Deception technology provides high decoy density and high interaction, with strict containment. This can allow for safe engagement with attacks, while optimizing resource usage.
ShadowPlex is tightly integrated with Google Cloud Security Command Center (SCC), alerting customers through SCC when deception incidents occur (Figure 2). Additionally, Google Cloud customers will also receive notifications in SCC (Figure 3) to consider adding Active Defense protection for any of their Google Cloud projects not covered by ShadowPlex.
ShadowPlex is also integrated with Google Cloud Chronicle Security Operations. Customers can configure the deception incidents to be sent to Chronicle and correlated with other alerts.
Additional Google Cloud services are used by ShadowPlex for internal operations (Figure 4), such as enriching deception incident data by using information from VirusTotal, data management and processing built on Google’s database services, and threat analysis on the GKE platform.
Better together
Acalvio’s deception-based Active Defense is available in the Google Cloud Marketplace. This partnership delivers Active Defense to help customers detect and respond to the latest advanced threats with precision and speed.
Acalvio ShadowPlex service from Google Cloud not only provides Active Defense to Google Cloud workloads, but also extends security to customers’ on-premises infrastructure. Deception across the on-premises networks is deployed and managed from Google Cloud, bringing additional usage to Google Cloud.