Skyhawk Security Interactive Cloud Threat Detection and Response Supports Cloud Native Zero Trust

Blog AWS Security Cloud Infrastructure Cloud Security
Skyhawk Security is proud to announce the expansion of its cloud threat detection and response capabilities with Interactive CDR. This new capability expands the team that can verify if an activity is malicious or not, by going to the alleged source of the activity, incorporating principles of Zero Trust. This crowdsourcing of threat verification reduces the burden on the SOC and accelerates the time to response  The SOC is overwhelmed with alerts. The team is inundated with events, with no context, so they have to treat all of the events the same – as a threat. Data indicates that 70% of cloud breaches start with compromised credentials, API Keys etc., so even if an authenticated identity is involved, the SOC still has to investigate to ensure the activity is an actual business activity. This greatly increases the burden on the SOC as even the activities that look legitimate require questioning and review. This is the problem that Interactive CDR will solve – fast, real-time verification of anomalous suspicious activity directly from the asset owner  Skyhawk Security Cloud Threat Detection and Response continuously monitors cloud asset behavior, including users, roles, machines, and more. If a behavior deviates from the norm, the new Interactive CDR automatically sends a notification to the user who owns the asset or identity, asking them to authorize and validate the activities that triggered the alert. This aligns with Zero Trust and the core concept of CDR’s detection flow, which happens regardless of the user’s role or location, even inside the network, eliminating the assumption that users inside the cloud perimeter are trustworthy.    The SOC is able to share some of the burden of alert verification. This team is already understaffed, this new capability is one small way to alleviate the burden on this team.   How does this work? Through a mobile app, we are able to ensure accuracy of the threat and reduce the burden on the SOC, fast, by bringing the asset owner into the threat verification process quickly and easily.   First, a malicious activity is detected. Then, Skyhawk categorizes the activity and determines if the activity being executed is a user or cloud asset. If it is an asset, we identify the owner of the asset. There are then two possibilities forward depending on if the activity is verified by the user or is being executed by a threat actor.

Try for free

If they are aware of this activity, and they are responsible for the activity, then the user simply indicates that they are executing this activity. The platform still monitors the activity, just in case there is a future malicious insider activity. The risk score is of the activity is reduced with the verification from the owner and it is flagged as user verified. If it turns out they are not aware of this activity, and it is in fact malicious, this means their credentials are most likely compromised. The SOC team is then alerted to the fact that there is an unverified activity in the cloud, it is suspicious and needs to be addressed now. The SOC is able to act fast and they know they are not wasting their time as the owner has said, I am not doing this. With Interactive CDR, your organization will realize: 
  • Faster MTTR: Faster incident resolution through enhanced user engagement to secure accounts and a stronger, more efficient defense against cloud data breaches 
  • Interactive Protection: Real-time distributed detection and verification of activities verified with the source or owner, reducing the window of opportunity for attackers to exploit compromised credentials or vulnerabilities  
  • Minimized Disruption: Legitimate actions are quickly cleared, avoiding unnecessary investigations, allowing the SOC to focus on real suspicious activities to immediately address 
  • Improved Security Efficiency: Security teams can focus on actual threats, as context aware false positives are resolved quickly through user verification, reducing manual investigation efforts 
  • Added on top of Skyhawk’s Proactive CDR: Proactive CDR helps pre-verify scenarios that are agreed to be malicious and their response. The new capability adds another protection mechanism on top 
Would you like to try the platform for free?

Blog

This blog was written by Asaf Shahar, VP, Products at Skyhawk Security The UK Information Commissioner’s Office (ICO) recently fined Liverpool-based law firm DDP Law £60,000 following a ransomware attack that exposed highly sensitive criminal case data. The investigation revealed

AICloud BreachData BreachLLMsThreat Detection
Blog

Skyhawk Security is at the collision of two trends within cloud security – for more than a decade it is clear that the cloud is perimeter less, attackers are logging in and not breaking in, and in addition, threat actors

AICloud BreachData BreachLLMsThreat Detection
Blog

In an increasingly cloud-dependent business landscape, a disturbing trend has emerged that threatens the very foundation of cloud security: credential theft. Recent incidents and reports indicate a dramatic surge in credential theft attacks and subsequent abuse. This indicates potentially devastating

Blog

For the second year in a row, Skyhawk Security stands out in a competitive market! The organization is proud to announce that it has been named a finalist in the 2025 Cloud Security Awards program in two categories: Best Cybersecurity

Blog

Skyhawk Security started in the 3rd generation of Cloud Threat Detection and Response (CDR) platforms at its inception in May of 2022, supporting AWS, Azure, and Google Cloud to deliver a robust Preemptive Cloud Security Platform. The several layers of

Blog

In recent Gartner® research, Emerging Tech Disruptors: Top 5 Early Disruptive Trends in Cybersecurity for 2025, it is noted that there will be a shift from detection and response to preemptive cyber defense using key AI-advancements like Simulation Digital Twins.

See the Purple Team
See the breach before it happens
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.