Fight AI-based Threats with AI-based Security

Blog AWS Security Cloud Security

Security teams are quickly realizing the benefits of Generative AI and are incorporating this technology into their security products for earlier detection of risks in the environment. AI can help security teams better recognize and resolve threats and exposures in their cloud environment. However, threat actors have also realized that AI offers them benefits as well. Security teams must leverage AI-based security to overcome AI-based threats.

Figure 1. How are Threat Actors are Increasing Their Productivity with AI

  • Improve attacker productivity: Attackers can leverage generative AI to execute more attacks, faster. AI can be used to lower the training required to write a credible lure. Generative AI also assists with automation and scale of attacks.(1)
  • Improve lure believability: LLMs can process large quantities of data to identify which lures work best. (2)
  • Accurate human impersonations: GenAI can create more realistic voices and video, which could undermine identity verification.(3)
  • Multivarious Attack Methods: These attacks can be harder to detect than replacing polymorphism. (4)
  • Using LLM as an autonomous controller to achieve a higher level of action decision.(5)
  • Novel attack types: This is the scariest of things. If a threat actor can conceive of an entirely new method to attack, it would be undetectable in most cases.(6)

 

In our opinion, Skyhawk Security plays a role in all of them, and we will comment on three of them in this blog.

This is the first recommendation:

“Elevate requirements for more adaptive behavioral and ML defenses in your existing security controls.  Currently, only 50% of enterprise endpoints have behavioral-based detection logic.” (7)

Skyhawk Synthesis Security platform can help organizations overcome threats, including AI-based threats in two keyways:

First, our machine learning models observe behaviors in the runtime to identify threats. These three levels of machine learning model sort through logs, data, and telemetry to find interesting events. There are three levels of machine learning models.

  1. Skyhawk Security Cloud. This is an aggregate view of risk across all our customers’ clouds, for roles and assets within the cloud. The models at this level provide a very wide view of context and help assess the overall risk of the attack sequence. To learn more about our attack sequence, check out this blog on The Science Behind our Security.
  2. The Customer Cloud. Several models are created to detect threatening behaviors or events within each customer cloud. For example, models that are built to detect suspicious or malicious behaviors in the network.
  3. Users and Cloud Assets. Finally, the Data Science team creates models for users, roles, assets, and functions to look for suspicious network traffic or API usage.

 

The second keyway is with Continuous Proactive Protection. We leverage AI and machine learning to update these models with Continuous Proactive Protection. This latest advancement introduces the first AI-based, autonomous purple team providing Adaptive Cloud Threat Detection and Response, continuously enhancing its protection of the customer’s cloud.

It continuously analyzes customer cloud infrastructure, proactively runs attack simulation against it and uses the results to prepare verified detections, validated automated response and remediation recommendations to ensure the cloud has the most up to date security defenses in place. This continuous protection process includes learning and automated adaptation of threat detection methods. This enables security teams to take a proactive and adaptive approach to their security strategy for the very first time.

Figure 2: Skyhawk Security Continuous Proactive Protection

It uses AI to continuously execute attacks against your cloud – an AI-based red team. An AI-based blue team continuously defends against these attacks. The results are used to update the threat detection, including the three levels of machine learning models. AI-based red and blue teams do not tire and do not stop fighting each other, to ensure your detection methods are always up to date.

A recommendation in the 2023 Gartner®, 4 Ways Generative AI Will Impact CISOs and Their Teams was as follows:

“Ensure you can measure drift in detection rate from existing controls.” (8)

Skyhawk Security updates threat detection models daily and this does two things. First, it eliminates drift from the models. Second, it ensures that threat actors cannot reverse engineer the detection methods. Threat actors, even GenAI-based threat actors, cannot outrun Skyhawk.

Another Recommendation from Gartner 4 Ways Generative AI Will Impact CISOs and Their Teams, is as follows:

“Reduce the number of ‘blind spots’ – assets, transactions, and business processes that you cannot monitor for anomalies.”(9)

Skyhawk Security’s Generative AI is constantly scanning the environment for posture, identity, and other security gaps. Our Shift Left CDR analyzes pathways to your most precious assets, and once a threat “steps” on one of those paths, we are able to send an alert, so security teams can prevent your most precious data from being accessed.

Generative AI helps security teams improve threat detection, better identify security gaps, and accelerates fixes. However, Generative AI can be used for malicious intent as well. It is important to consider cloud security tools that leverage AI to improve security and to mimic threats that are AI-based. Security teams need to leverage automation. There are too many alerts, too many threats, and too many gaps to address – there just aren’t enough people. Skyhawk Security leverages generative AI to identify gaps in your cloud security and uses automation to make updates to your threat detection.

If you want to learn more, check out our webinar: Fight Fire with Fire.

Check out our blog to understand how Skyhawk Security can help with Novel Attack Types as well, or “Unknown Unknowns”.

Gartner: 4 Ways Generative AI Will Impact CISOs and Their Teams by Jeremy D’Hoinne, Avivah Litan, Peter Firstbrook Published June 29, 2023.

GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved.

1 – 9 Gartner: 4 Ways Generative AI Will Impact CISO’s and Their Teams by Jeremy D’Hoinne, Avivah Litan, Peter Firstbrook Published June 29, 2023

Blog

Skyhawk Security announces the availability of new features and integrations of its Autonomous Purple Team, aimed at extending detection and improving security validation as well as pre-validating threat detection alerts, to effectively manage the security of your cloud. The company

AICloud BreachCloud SecurityThreat Detection
Blog

By Asaf Shahar, VP, Product at Skyhawk Security Securing cloud environments presents unique challenges due to their constantly evolving nature. CERT-IL’s alert on public cloud threats (ALERT-CERT-IL-W-1810) underscores common vulnerabilities—exposed credentials, service misconfigurations, and inadequate tenant isolation—frequently exploited by attackers.

AICloud BreachCloud SecurityThreat Detection
Blog

By Asaf Shahar, VP, Product at Skyhawk Security As cloud security strategies evolve, attackers are staying a step ahead, moving beyond traditional credential theft tactics like phishing to adopt more sophisticated methods- some of which we’ve witnessed in the past.

AICloud BreachCloud SecurityThreat Detection
Blog

AWS re:Invent is less than a month away – stop by booth #2152 to learn about Skyhawk Security and our award-winning AI-based Autonomous Purple Team. With Skyhawk’s Continuous Proactive Protection, our customers have realized: Significant Time Gains: Our customer has

AICloud BreachCloud SecurityThreat Detection
Blog

October is Cybersecurity Awareness Month, and on this last day, let’s talk about cloud security. What started as a United States government initiative some 23 years ago, continues to this day under the leadership of CISA. The agency, which routinely

AICloud BreachCloud SecurityThreat Detection
Blog

Over the past year there have been several prominent cyber incidents involving the cloud. These incidents have illustrated the dependency of organizations on the cloud, the vulnerability of the cloud and the motivation of attackers to utilize this to their

AICloud BreachCloud SecurityThreat Detection

Thanks For Reaching Out!

One of our expert will get back to you
promptly at asafshachar@gmail.com

See the Purple Team
See the breach before it happens
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.