Skyhawk Security Interactive Cloud Threat Detection and Response Supports Cloud Native Zero Trust

Blog AWS Security Cloud Infrastructure Cloud Security

Skyhawk Security is proud to announce the expansion of its cloud threat detection and response capabilities with Interactive CDR. This new capability expands the team that can verify if an activity is malicious or not, by going to the alleged source of the activity, incorporating principles of Zero Trust. This crowdsourcing of threat verification reduces the burden on the SOC and accelerates the time to response 

The SOC is overwhelmed with alerts. The team is inundated with events, with no context, so they have to treat all of the events the same – as a threat. Data indicates that 70% of cloud breaches start with compromised credentials, API Keys etc., so even if an authenticated identity is involved, the SOC still has to investigate to ensure the activity is an actual business activity. This greatly increases the burden on the SOC as even the activities that look legitimate require questioning and review. This is the problem that Interactive CDR will solve – fast, real-time verification of anomalous suspicious activity directly from the asset owner 

Skyhawk Security Cloud Threat Detection and Response continuously monitors cloud asset behavior, including users, roles, machines, and more. If a behavior deviates from the norm, the new Interactive CDR automatically sends a notification to the user who owns the asset or identity, asking them to authorize and validate the activities that triggered the alert. This aligns with Zero Trust and the core concept of CDR’s detection flow, which happens regardless of the user’s role or location, even inside the network, eliminating the assumption that users inside the cloud perimeter are trustworthy.   

The SOC is able to share some of the burden of alert verification. This team is already understaffed, this new capability is one small way to alleviate the burden on this team.  

How does this work?

Through a mobile app, we are able to ensure accuracy of the threat and reduce the burden on the SOC, fast, by bringing the asset owner into the threat verification process quickly and easily.  

First, a malicious activity is detected. Then, Skyhawk categorizes the activity and determines if the activity being executed is a user or cloud asset. If it is an asset, we identify the owner of the asset. There are then two possibilities forward depending on if the activity is verified by the user or is being executed by a threat actor. 

If they are aware of this activity, and they are responsible for the activity, then the user simply indicates that they are executing this activity. The platform still monitors the activity, just in case there is a future malicious insider activity. The risk score is of the activity is reduced with the verification from the owner and it is flagged as user verified.

If it turns out they are not aware of this activity, and it is in fact malicious, this means their credentials are most likely compromised. The SOC team is then alerted to the fact that there is an unverified activity in the cloud, it is suspicious and needs to be addressed now. The SOC is able to act fast and they know they are not wasting their time as the owner has said, I am not doing this.

With Interactive CDR, your organization will realize: 

  • Faster MTTR: Faster incident resolution through enhanced user engagement to secure accounts and a stronger, more efficient defense against cloud data breaches 
  • Interactive Protection: Real-time distributed detection and verification of activities verified with the source or owner, reducing the window of opportunity for attackers to exploit compromised credentials or vulnerabilities  
  • Minimized Disruption: Legitimate actions are quickly cleared, avoiding unnecessary investigations, allowing the SOC to focus on real suspicious activities to immediately address 
  • Improved Security Efficiency: Security teams can focus on actual threats, as context aware false positives are resolved quickly through user verification, reducing manual investigation efforts 
  • Added on top of Skyhawk’s Proactive CDR: Proactive CDR helps pre-verify scenarios that are agreed to be malicious and their response. The new capability adds another protection mechanism on top 

 

Would you like to try the platform for free? Sign up today! 

 

Blog

Skyhawk Synthesis Security Platform mentioned in the 2024 Gartner® Emerging Tech Impact Radar: Preemptive Cybersecurity

Skyhawk Security’s AI-based Autonomous Purple Team enables organizations to take a proactive approach to cloud security, preempting threats so security teams can be prepared for what threat actors are going to do. Through AI-based rehearsals, which leverage a Simulation Twin

7 Best Practices for a Cloud Detection and Response Framework
Blog

How did the Chinese manage to penetrate the entire communications infrastructure of the United States? How will the privacy of US citizens improve?

We may have recently been exposed to the largest cyber campaign of all times, in which China managed to completely penetrate the communications infrastructure of its great rival, the United States.In doing so, gained access to huge amounts of invaluable

Cloud Breach
Blog

Your Identities are your vulnerability.

The global cloud market continues to grow rapidly, growing 23% year-over-year. This year, Google captured 13%, up from 10% last year. Google complements this impressive growth rate with an emphasis on privacy and security. The commitment to security is clear,

Cloud BreachCloud SecurityCSPM
Blog

Skyhawk Security re:Invent Recap

Re:Invent has come to a close and we had a great week! We kicked off the week with our product announcement. Did you know that most threat actors (70%) are logging into the cloud – they are not “breaking in”.

Cloud BreachCloud SecurityThreat Detection
Blog

Skyhawk Security Interactive Cloud Threat Detection and Response Supports Cloud Native Zero Trust

Skyhawk Security is proud to announce the expansion of its cloud threat detection and response capabilities with Interactive CDR. This new capability expands the team that can verify if an activity is malicious or not, by going to the alleged

AICloud BreachCloud SecurityThreat Detection
Blog

New Enhancements to Skyhawk Security

Skyhawk Security announces the availability of new features and integrations of its Autonomous Purple Team, aimed at extending detection and improving security validation as well as pre-validating threat detection alerts, to effectively manage the security of your cloud. The company

AICloud BreachCloud SecurityThreat Detection

Thanks For Reaching Out!

One of our expert will get back to you
promptly at asafshachar@gmail.com

Continue
See the Purple Team
See the breach before it happens
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.