Skyhawk Security is at the collision of two trends within cloud security – for more than a decade it is clear that the cloud is perimeter less, attackers are logging in and not breaking in, and in addition, threat actors are using AI to generate more accurate and deadly attacks at higher volume and velocity, with Gen AI they can do this faster than ever and with lower skillset. That puts security practitioners and the SOC at a unique challenge to prevent cloud breaches.
Skyhawk Security has evolved its cloud threat detection and response to include a preemptive approach to cloud threat detection and response with the Continuous Autonomous Purple Team. The CDR is looking for suspicious behaviors in the cloud right now and correlating them, at runtime, to detect threat actors who are trying to breach your cloud. The Continuous Autonomous Purple Team evaluates the weaponized risks and exposure and uses this output to preemptively identify, improve and adapt its CDR.
Gartner Critical Insight: “Preemptive exposure management enables adaptive threat detection with continuous evaluation.”
Skyhawk’s Continuous Autonomous Purple Team extends Cloud Threat Detection and Response with a preemptive approach to cloud security and adapts the CDR detection models. It is constantly looking for weaponized threats in the cloud attack surface to identify what needs to be addressed now, before a threat actor leverages this security gap to breach your cloud. How does it work?
- Discover: Identifies all cloud assets and maps out the paths threat actors could use to gain access.
- Analyze: Investigates the configuration, vulnerabilities, and security controls that are in place are fully analyzed and attack recipes are created.
- Simulate Attacks: Leveraging the attack recipes, the Simulation Digital Twin is used to fully execute the attacks, to identify weaknesses in the cloud attack surface through intelligent simulation.
- Evaluate Defenses: Where the attack is successful, is prioritized based on the business value of the asset that is vulnerable.
- Adapt: CDR machine learning models and advanced analytics are updated for more accurate detections and pre-verified automated response is put in place for verified alerts for more precise mitigation actions.
Gartner States: “Preemptive exposure management is not a separate technology category; it is a progressive approach to executing exposure management. It leverages emerging technologies such as AI, intelligent simulation and advanced analytics to enable faster and more precise mitigation actions.”
Understand which Simulations are more Critical to the Business
The Continuous Autonomous Purple Team helps organizations understand which attack recipes are creating the most risk to the business which are targeting their crown jewel assets. First, it uses data classification services to identify assets with sensitive data. Then, the system maps based on policies, including the data classification, and locates the crown jewels in your cloud. This context is used to prioritize the attack recipes that present the most risk to your crown jewels, and therefore, your business. Then, the security team can prepare the detections and security team for these weaponized threats. This also supports more precise mitigation actions as the security team focuses on what matters most for the business.
What about the credentials?
As mentioned earlier, in 60%-70% of the breaches, threat actors are not breaking into your cloud. If they were, you would find them in minutes if not seconds. Skyhawk Security’s three layers of machine learning models detect threats, even when the user is credentialed.
- Malicious Behavior Indicators: AI-based anomaly detection is the first indication of compromise. This first level of analysis identifies indicators that could present a threat. One MBI represents dozens of indicators that are indicative of malicious behavior.
- Attack Sequence: As threat actors make lateral movements through the cloud, they generate more MBIs that are being correlated into a single attack. This attack sequence clearly shows the type of attack that is emerging stopping the attacker from achieving their goal, for example, exfiltrate data, or leverage resources for cryptomining.
- Generative AI CISO: One of our evaluations of risk is our AI-based CISO. It is trained based on your cloud threats and behaviors and can promote an attack sequence to an alert up to 78% faster without increasing false positives.
Please review Incident three in this blog and check out the platform stopped an employee from using the company’s cloud resources for cryptomining. Even when the threat actor is an insider with the correct permissions and credetials, Skyhawk Security will alert the SOC on the threat that is happening in real time.
If you don’t know where to start with your preemptive cybersecurity strategy, try Skyhawk Security for free – sign up today!
Gartner subscribers can read the full report at www.gartner.com.
Gartner, Emerging Tech: Building Preemptive Security Solutions to Improve Threat Detection (Part 2) by Luis Castillo Published April 2, 2025
GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved.
Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.
