Acalvio Technologies, the leader in cyber deception technology, announced a partnership with CrowdStrike that enables customers to integrate Acalvio’s technology with CrowdStrike Falcon Identity Protection to combat increasingly sophisticated identity-based attacks. Available on the CrowdStrike Store, this integration empowers CrowdStrike customers to use Acalvio’s automation and AI-based recommendations to accelerate the creation and deployment of honeytokens and honey accounts via Falcon Identity Protection.
According to the 2023 CrowdStrike Global Threat Report, “adversaries are doubling down on stolen credentials,” continuing the trend from 2022 where 80% of cyberattacks leveraged identity-based techniques. According to Gartner1, “Modern identity threats can subvert traditional identity and access management (IAM) preventive controls, such as multifactor authentication (MFA). This makes identity threat detection and response (ITDR) a top cybersecurity priority for 2022 and beyond.”
Currently, there exists a fundamental asymmetry in the security industry – the defenders must get it right all the time, but the threat actor needs to succeed only once. Honeytokens turn this asymmetry on its head – with this approach the threat actor is much more likely to get caught. Honeytoken accounts are accounts created in Active Directory (AD) that are specifically designed to lure attackers and deflect them away from real identities. Honeytokens are specially designed data resources corresponding to the honeytoken accounts that are embedded in legitimate assets, such as endpoints.
Falcon Identity Protection has built-in support for monitoring honeytoken accounts and a policy-based identity threat containment and response mechanism. Any engagement with honeytoken accounts triggers high-fidelity detection and response by the CrowdStrike Falcon Platform, giving the SOC analysts visibility into the adversary’s attack path.
The Acalvio solution provides an automated AI-driven recommendation for high value honeytoken account creation, extending the power of Falcon Identity Protection to lure adversaries away from critical resources. It also offers automated creation, seamless deployment, and lifecycle management of a variety of sophisticated, fingerprint resistant honeytokens at scale on enterprise endpoints. The pre-integrated solution leverages the CrowdStrike Falcon platform and requires no Acalvio software or agent to be installed in the customer’s network.
“As identity-based attacks continue to rise, we see honeytokens playing a critical role to lure adversaries from high-value resources,” said Elia Zaitsev, chief technology officer at CrowdStrike. “With Acalvio now available on the CrowdStrike Store, customers can leverage the power of Falcon Identity Protection and accelerate their defense-in-depth strategy.”
“Our honeytoken offering expands our robust partnership with CrowdStrike and complements CrowdStrike Falcon Identity Protection by adding new automation to its deception capabilities to combat identity attacks”, said Ram Varadarajan, CEO and co-founder of Acalvio Technologies. “CrowdStrike customers can use our agentless solution to maximize their preexisting investments in the CrowdStrike Falcon platform.”
SOURCE: Businesswire