Skyhawk Security, the originator of cloud threat detection and response (CDR), is adding an Interactive Cloud Threat Detection and Response capability to its groundbreaking platform. The new capability adds real-time user interaction to verify suspicious activity of both human and non-human identities (NHIs) that are the root cause of an alert. This closes context gaps between SOCs, cloud teams and identity owners, which reduces the load on the SOC, dramatically shortens Mean Time to Respond (MTTR), better protects against cloud breaches and aligns with zero trust frameworks.
Typically, there is very little context when a real-time alert comes into the SOC, along with hundreds of others, as part of the threat detection flow. This makes it difficult for the team to understand if a legitimate user’s anomalous activity or an attacker’s activity triggered the alert. Today 70% of attacks and data breaches in the cloud involve stolen or leaked identity credentials, in which hackers use compromised logins without penetrating the cloud infrastructure security.
To cut through this confusion, Skyhawk continuously monitors cloud asset behaviors, including users, roles, machines, functions and more. If a behavior deviates from the norm, the new Interactive CDR automatically sends a notification to the user owning the asset or identity, asking them to authorize and validate the activities that triggered the alert. This aligns with zero trust and the core concept of CDR’s detection flow, which happens regardless of the user’s role or location, even inside the network, eliminating the assumption that users inside the perimeter are trustworthy.
Also Read: Volaris Group Acquires 4D SAS
Interactive CDR goes to the source via a different factor not connected to the cloud nor the enterprise identity, which may be compromised, adding a multi-factor layer of verification. The response gives the SOC the missing context from the best source of information – the owner of the asset or the user who is supposedly executing these activities in the cloud.
Putting the suspected source in the loop quickly verifies whether the activity is legitimate or indicates compromised credentials, aligning with the zero trust principle of “never trust, always verify.” The results make threat detection crowd sourced, thus more accurate, shortens MTTR to seconds, reduces the load on the SOCs, puts focus on the real threats and helps prevent breaches.
The groundbreaking Interactive CDR technology is built on an AI agent framework that decides the best interactive action to take in each case. End-user interaction notifications can leverage existing enterprise applications, including Teams and Slack, or a dedicated Skyhawk mobile application. The capability to automatically respond, such as by disabling an identity and its sessions, provides immediate containment strategies, preventing the potential lateral movement of malicious actors and reducing the risk of a breach.
Other advantages of interactive response include:
- Faster MTTR: Faster incident resolution through enhanced user engagement to secure accounts and a stronger, more efficient defense against cloud data breaches
- Interactive Protection: Real-time distributed detection and verification of activities verified with the source or owner, reducing the window of opportunity for attackers to exploit compromised credentials or vulnerabilities
- Minimized Disruption: Legitimate actions are quickly cleared, avoiding unnecessary investigations, allowing the SOC to focus on real suspicious activities to immediately address
- Improved Security Efficiency: Security teams can focus on actual threats, as context-aware false positives are resolved quickly through user verification, reducing manual investigation efforts
- Added on top of Skyhawk’s Proactive CDR: Proactive CDR helps pre-verify scenarios that are agreed to be malicious and their response. The new capability adds another protection mechanism on top
“Skyhawk’s Interactive Cloud Threat Detection is a powerful new capability and a result of our continuous innovation and commitment to prevent cloud breaches for our many customers,” said Chen Burshan, CEO of Skyhawk Security. “Interactive CDR, when combined with our proactive CDR, which helps prepare for incidents before they occur, interactively adds context when alerts do occur. It bridges the gap between SOC and cloud teams, adds real-time activity context and closes the gap between threat exposure and threat management in a single comprehensive, synergetic platform.”
SOURCE: GlobeNewsWire