After two years in stealth mode, security vendor Acalvio officially emerged on July 26, revealing its take on how deception technology can both detect and help stop attackers.
Leading Acalvio is CEO Ram Varadarajan, who had previously founded Arcot Systems in 1997, selling that company to CA in 2010 for $200 million, where he was general manager until 2015.
"My previous gig was about keeping people out of enterprises by enforcing strong authentication and controls," Varadarajan told eWEEK. "This time around, I'm looking for malicious activity once it has already crossed through the enterprise perimeter."
As a metaphor, Varadarajan said that at CA and Arcot, he was concerned about locks and door, while Acalvio is more akin to motion detection inside of a house. To date, over the two years of stealth development, Varadarajan has raised $17 million in venture capital from investors including Accel Ventures, Ignition Partners and Eileses Capital. The funding is being used to build the technology and enable the company's go-to-market activities.
There are a number of deception-based security technologies in the market already, including TrapX, Attivo and Illusive. Varadarajan, noting that security overall is a crowded space, said he wanted to make sure he raised enough money to build a differentiated product.
Among the core innovations behind Acalvio is the idea of fluid deception. Varadarajan said that rather than running through logs looking for suspicious events, he wanted to invert the model and have the anomaly announce itself. Acalvio makes use of a combination of machine learning and data science to solve security problems.
A key challenge with deception technology is having a scalable system that still provides high-quality results, Varadarajan said. To solve the challenge of quality at scale, Acalvio is introducing the concept of fluid deception.
"The response to a malicious probe of a network is intelligently guided," he said.
So, for example, if an attacker sends a network ping request, the network will still respond with the right information to make the ping request successful. But when the attacker then attempts to remotely log in via SSH (Secure Shell), the Acalvio system will start a full virtual machine in order to enable the SSH request. Fluid deception allows for dynamic responses, and it's based on advanced machine learning algorithms.
"We're trying to hit the nail with appropriate hammer, rather than hitting all nails with the same hammer," Varadarajan said.
Going a step beyond just enabling an organization to detect that an attacker is in the network, Acalvio also aims to help remediate security risks. Varadarajan said that his goal is to enable organizations to detect, engage and respond to threats.
"Detection alone isn't enough. Bad guy will keep coming up because there is no penalty for trying again," he said. "Just shooing away attackers isn't enough. You have to learn from the interaction so that you can inoculate yourself from whatever the bad guy was trying to do."
Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.