Skyhawk Security Interactive Cloud Threat Detection and Response Supports Cloud Native Zero Trust

Blog AWS Security Cloud Infrastructure Cloud Security
Skyhawk Security is proud to announce the expansion of its cloud threat detection and response capabilities with Interactive CDR. This new capability expands the team that can verify if an activity is malicious or not, by going to the alleged source of the activity, incorporating principles of Zero Trust. This crowdsourcing of threat verification reduces the burden on the SOC and accelerates the time to response  The SOC is overwhelmed with alerts. The team is inundated with events, with no context, so they have to treat all of the events the same – as a threat. Data indicates that 70% of cloud breaches start with compromised credentials, API Keys etc., so even if an authenticated identity is involved, the SOC still has to investigate to ensure the activity is an actual business activity. This greatly increases the burden on the SOC as even the activities that look legitimate require questioning and review. This is the problem that Interactive CDR will solve – fast, real-time verification of anomalous suspicious activity directly from the asset owner  Skyhawk Security Cloud Threat Detection and Response continuously monitors cloud asset behavior, including users, roles, machines, and more. If a behavior deviates from the norm, the new Interactive CDR automatically sends a notification to the user who owns the asset or identity, asking them to authorize and validate the activities that triggered the alert. This aligns with Zero Trust and the core concept of CDR’s detection flow, which happens regardless of the user’s role or location, even inside the network, eliminating the assumption that users inside the cloud perimeter are trustworthy.    The SOC is able to share some of the burden of alert verification. This team is already understaffed, this new capability is one small way to alleviate the burden on this team.   How does this work? Through a mobile app, we are able to ensure accuracy of the threat and reduce the burden on the SOC, fast, by bringing the asset owner into the threat verification process quickly and easily.   First, a malicious activity is detected. Then, Skyhawk categorizes the activity and determines if the activity being executed is a user or cloud asset. If it is an asset, we identify the owner of the asset. There are then two possibilities forward depending on if the activity is verified by the user or is being executed by a threat actor.

Try for free

If they are aware of this activity, and they are responsible for the activity, then the user simply indicates that they are executing this activity. The platform still monitors the activity, just in case there is a future malicious insider activity. The risk score is of the activity is reduced with the verification from the owner and it is flagged as user verified. If it turns out they are not aware of this activity, and it is in fact malicious, this means their credentials are most likely compromised. The SOC team is then alerted to the fact that there is an unverified activity in the cloud, it is suspicious and needs to be addressed now. The SOC is able to act fast and they know they are not wasting their time as the owner has said, I am not doing this. With Interactive CDR, your organization will realize: 
  • Faster MTTR: Faster incident resolution through enhanced user engagement to secure accounts and a stronger, more efficient defense against cloud data breaches 
  • Interactive Protection: Real-time distributed detection and verification of activities verified with the source or owner, reducing the window of opportunity for attackers to exploit compromised credentials or vulnerabilities  
  • Minimized Disruption: Legitimate actions are quickly cleared, avoiding unnecessary investigations, allowing the SOC to focus on real suspicious activities to immediately address 
  • Improved Security Efficiency: Security teams can focus on actual threats, as context aware false positives are resolved quickly through user verification, reducing manual investigation efforts 
  • Added on top of Skyhawk’s Proactive CDR: Proactive CDR helps pre-verify scenarios that are agreed to be malicious and their response. The new capability adds another protection mechanism on top 
Would you like to try the platform for free?

Blog

Skyhawk Security started in the 3rd generation of Cloud Threat Detection and Response (CDR) platforms at its inception in May of 2022, supporting AWS, Azure, and Google Cloud to deliver a robust Preemptive Cloud Security Platform. The several layers of

Blog

In recent Gartner® research, Emerging Tech Disruptors: Top 5 Early Disruptive Trends in Cybersecurity for 2025, it is noted that there will be a shift from detection and response to preemptive cyber defense using key AI-advancements like Simulation Digital Twins.

Blog

As cloud adoption continues to gain traction, so do the risks and challenges of its security. The latest Google Cloud Threat Horizons Report for the first half of 2025, titled:” Evolving Ransomware and Data Theft Risks in the Cloud”, highlights

Cloud BreachAICloud SecurityThreat Detection
Blog

The digital transformation of industries worldwide has been powered by advancements in Information Technology (IT). Over the past two decades, IT has reshaped nearly every facet of modern life, from communication to commerce, especially in developing countries. Within this growth,

Cloud BreachAICloud SecurityThreat Detection
Blog

MITRE ATT&CK® framework provides a comprehensive matrix detailing the tactics and techniques adversaries employ during cyber attacks on cloud environments But as recent attacks illustrate, hackers no longer need to tread the long an winding path described by MITRE ATT&CK®

Cloud BreachAICloud SecurityThreat Detection
Blog

As organizations continue to embrace cloud technology, they often overlook one of the most fundamental security risks: cloud credential theft. Securing the cloud itself is instrumental for organizations to operate in our time (see the very recent CISA Binding Operational

Cloud BreachCloud Security
See the Purple Team
See the breach before it happens
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.