Learned Suspicious Behaviors
MBIs are activities that Skyhawk has identified as risky behaviors that pose a threat to your
business based on our own research, as well as the MITRE ATT&CK framework. They are
detected in seconds to minutes from log arrival in your cloud.
Identifies a specific abnormal event or pattern – such as disability activity logs
Identifies a specific abnormal event or pattern over time and generates an MBI if something odd occurs or if something typical occurs differently than it has in the past
Uses ML to learn from your own data sets to detect very complex events specific to your environment – like anomalous storage access
Algorithms assign scores so the severity and risk to the organization is clear, and teams understand where to start
MBIs are aligned to specific techniques within MITRE enabling teams to quickly understand which remediation methods will be the most effective to combat the threat
Each MBI is assigned an attack stage to better understand the technique that is being leveraged to penetrate the environment
The sequence of MBIs demonstrates the path that attackers are using to penetrate your environment and raises them to “Realert” status so the security team understands the business impact