This blog was written by Amir Shachar, Director, AI and Research . As we saw in Part 1 of this blog series, New Horizons in Cloud Security , the new approach to leveraging large language models was outlined. In this blog, we will dive into the technical details.   Logs as well as other telemetries (i.e. activity logs, network logs, etc.) from public cloud providers, like AWS, Google, and Azure, offer significant insights into identifying malicious behavior which can lead to the identification of threats. Identifying these threats early in the attack protects organizations from experiencing cloud breaches, which can damage a company’s brand, employees, or worse, their customers, create privacy violations as well as result in significant financial damage. Skyhawk Security’s data science team has conducted a maliciousness classification benchmark comparison of ...

This blog was written by Amir Shachar, Director, AI and Research . The digital landscape constantly evolves, increasing complexity to cloud security. In this dynamic environment, it's becoming more and more challenging to pinpoint and assess the risks associated with cloud incidents, especially when the sequences in question straddle the line between malicious and benign intentions. Traditional methods often falter, unable to navigate this intricate tapestry with the precision and insight required.   However, at Skyhawk Security, we are pioneering a revolutionary approach to decipher this complexity. As the Director of AI and Security Research, I am thrilled to share our journey towards building a more secure digital future.   The Challenge of Assessing Cloud Incident Risks   The first layer of our narrative revolves around the inherent difficulty in ...

If you are reading this blog, you are probably wondering how to detect unknown unknowns in the realm of cybersecurity. The very nature of these unknown threats makes them difficult to detect using conventional security measures. However, by leveraging a platform that harnesses the power of machine learning to decipher behavioral intent, we can uncover these elusive threats. In this blog, we will explore the concept of unknown unknowns in cybersecurity, discuss the importance of identifying behavioral intent, and introduce the Skyhawk Synthesis Security Platform—a cutting-edge solution that employs multiple layers of machine learning to detect both known and unknown attack patterns.   What is an unknown unknown?   To grasp the concept of unknown unknowns, we must first define them. In the context of security, unknown unknowns refer to attack patterns that are ...

This post about models in cybersecurity was written by Jennifer Gill , VP Product Marketing at Skyhawk. In our first blog on the “ Science Behind our Security ”, we talked about the three pillars: Models, MBIs, and the Attack Sequence. In this blog, we will focus on the machine learning models. These models are a true differentiator for Skyhawk Security. I know, everyone says this, but in this blog, we will back it up. Skyhawk Security has an amazing data science team – if you have watched our webinars or videos, you know I have raved about them. This team has taken machine learning models to the next level. Our solution has three levels of machine learning models to contextualize activities, events, and behaviors so that when your security team is alerted – you know it is an alert worth your while. This extensive analysis also means that you will not be overwhelmed ...

Earlier this spring, the Google Cloud team talked about how AI can help organizations close the talent gap. AI and ML are great tools for any security team to use to help augment staffing issues while improving threat detection to prevent breaches. Skyhawk Security also leverages AI and ML in the Skyhawk Synthesis Security Platform and can further help organizations secure their environment, detect threats, and prevent breaches. The first data point: 84% of respondents said that they are “fairly concerned” or “very concerned” that their organization might be missing real threats or incidents because of the volume of alerts and data that they must respond to and analyze.This plays right into Skyhawk’s wheelhouse, and we use machine learning with artificial intelligence to solve it. First, machine learning models are created at several layers within the ...

Security companies are overwhelming security teams with cloud threat detection and response tools, but what does this really mean? What is cloud threat detection and response and what are the capabilities that security teams should look for in a cloud threat detection and response platform? This blog will go over the top capabilities for cloud threat detection and response platforms (CDR Platforms). What is CDR? What should the platform achieve? CDR stands for cloud threat detection and response. CDR products detect threat actors that are  in your environment and prevent them from breaching your environment. The goal is to prevent the breach, keep your company’s name out of the Wall Street Journal, ensure there is no bad press, and most importantly, that your customers’ and employees’ data has not been compromised. There are three main types of breaches, which we ...

Security Information and Event Management (SIEM) tools are often used to detect threats. Rules are set up to monitor the environment and once a rule is violated, it triggers an alert. Security Operation Centers spend months configuring the rules to ensure that they are triggered only when malicious behavior is present. However, as you will learn from this blog, it is very easy to break rules and the SOC doesn’t even know! So, when there are fewer rules being triggered which means fewer alerts, the SOC doesn’t realize that there are actually threat actors in the environment, and that is not good. 25% of the time, the rules are broken. The rules, out-of-the box, are not suitable for the environment, and are broken. The SOC team needs to configure the rules to customize them to the environment. Additionally, patches, updates, and new software when introduced to the ...

SBIs and MBIs from Skyhawk Security – what are they? What do they mean and why do you care?   SBIs are suspicious behavior indicators and individual events, and MBIs are malicious behavior indicators correlating a sequence of SBIs that together are raised to indicate an alert. Differentiating between these two types of behaviors communicates to security teams when action is required to reduce risk in their cloud and prevent a breach.    Suspicious behavior indicators (SBIs) are events or activities that are precursors to MBIs. They are interesting data points that are monitored and consistently reviewed should there be a change in business risk. In the Skyhawk product we label them as activities. These are interesting events which have not yet been sequenced into an alert.    Malicious behavior indicators (MBIs) are activities that Skyhawk has ...

Infrastructure-as-Code is a game-changer for automating cloud resource management - and it’s as popular as ever. AWS quickly got a piece of the pie by launching AWS CloudFormations, a tool that lets you model, manage and provision your AWS cloud resources by leveraging Infrastructure as Code.  If that wasn’t enough - AWS also launched AWS Security Groups to provide additional visibility and protection into your resources. That is handy for organizations as, according to a recent study,  89% of organizations aren’t confident in their ability to protect sensitive data in the cloud.  However, regrettably, you can’t outsource security and call it a day. You still need to properly configure your AWS Security Groups to ensure they are working for you and not making security any more complex than it needs to be. This article discusses seven essential ...

Theoretical vs. Actual Cloud Threat Detection: How Skyhawk Discovers Incidents Before They Become Breaches Today’s security platforms can identify misconfigurations, open ports, unused permissions, and databases exposed to the internet. These are all issues that need to be corrected as they could be exploited to breach your data. The operative word here is could . You do not know if any of these things have happened. Alerts on these issues create panic, with teams working to lock down your environment, hoping that your company will not be in the news.    Hope is not a strategy.   At Skyhawk Security , we know how confusing it is to get potential breach data instead of actual. Companies often confuse the market by calling their alert functionality an ‘attack path’ which sounds a lot like Skyhawk’s Attack Sequence technology. The ...

This post was written by Rotem Klar, Product Manager at Skyhawk . Above all else, security is a culture. Companies who strive to develop the most sophisticated security solutions will need to participate in today’s security culture, keep up with the evolving cybercrime market, as well as talk the cyber-security language and be familiar with the common attack methodologies. With the rapid adoption of cloud and companies being born in the cloud, this has become a challenge because a key characteristic (and benefit) of Cloud Computing is the speed of scalability. Data is being moved and scaled at the highest speeds, visibility is then being highly challenged, keeping track of all your assets, configurations, and access management, which in turn result in endless vulnerability patching and investigating enormous amount of security alerts, these are all part of the bigger ...

This post about ML in cybersecurity was written by Jennifer Gill , VP Product Marketing at Skyhawk. Securing a cloud while meeting the need of developers and the business and supporting compliance initiatives, is difficult to say the least. Analyzing trends across user behavior, application usage, cloud performance, for a single account and then across clouds, this makes things even more difficult. Skyhawk Security leverages advanced machine learning (ML) techniques and artificial intelligence (AI) to build models for ongoing behavioral analysis of the runtime for more accurate threat detection. Now you have likely heard from many, many security vendors that they are also using AI and ML to identify threats. In this blog, we will walk you through Skyhawk Security’s ML, how we are unique, and why our ML is many steps ahead of the market. Skyhawk Synthesis Security ...

This post was written by Jennifer Gill, VP Product Marketing at Skyhawk. Cloud Security Posture Management (CSPM) tools are an important part of any security strategy. However, they fall woefully short in terms of being the end game to secure your public cloud. Why? They only look at the static configuration of your environment, and only for the assets you know you have. Developers and IT teams are spinning up resources all the time – is the security operations center (SOC) aware of those? Have any assets been exploited? How were they exploited? These important questions cannot be answered by CSPM tools alone. Here are the top 5 reasons why CPSM tools are not enough: Not all misconfigurations can be fixed. Most CSPM tools are pretty good at detecting issues – so you find the misconfiguration which is great – but, can you fix it? According to a Gartner® ...

Can already beleaguered CISOs now add possible legal charges to their smorgasbord of job considerations? Disclose a breach to comply and face dismissal, or cover it up and face personal punishment. This is a challenging time to be a CISO. The security community has been eagerly following multiple stories regarding Uber in the past few weeks. From the  play-by-play of their recent major hack , to last week's guilty verdict of former Uber security chief Joe Sullivan, CISOs are facing considerable challenges. The verdict in the Sullivan case found him guilty of obstructing a federal investigation and concealing a felony from the government. According to the New York Times : "Stephanie M. Hinds, the US attorney for the Northern District of California, said in a statement: 'We will not tolerate concealment of important information from the public by corporate executives more ...