Skyhawk Security, a spin-off from security provider Radware, is upping the game for cloud security by providing real-time cloud detection and response in multi-cloud environments. A significant difference between Skyhawk and most cloud security products is that it works in a real-time environment rather than simply looking for vulnerabilities and misconfigurations in a static environment.
According to Skyhawk CEO Chen Burshan, the company’s new Synthesis platform provides both cloud detection and response (CDR) and free cloud security posture management (CSPM). “Our cloud threat detection and response allows our customers to protect their cloud at runtime,” Burshan said, “which in our view is the next generation, the next advancement in cloud security.”
Burshan said that most products of this type perform posture management and vulnerability management, but he says that he considers this to be static analysis to reduce risk. He said that this is different from Skyhawk Synthesis, which works in run time. He said in an interview that Synthesis does not impact on performance because it is a cloud application itself and communicates out of band.
Burshan said that Synthesis currently runs on AWS, but that it will be available for other major cloud environments soon. He also pointed out that the ability to manage alerts is handled by the artificial intelligence and machine learning functions of the Synthesis platform.
He said that there are two layers of machine learning. “One is really detecting suspicious activities,” Burshan said, “The other layer is actually correlating them into full attack stories.”
“Instead of alerting to every suspicious activity, we alert to events that have a higher probability of being real attacks. We alert to events that are worth investigating,” Burshan said. “With these two layers of machine learning, we’re reducing the number of alerts, and increasing the accuracy level.”
Burshan said that Skyhawk Synthesis uses a scoring system that combines the activities and events and correlates them into a score. “The scoring mechanism makes sure that the alerts our platform is sending, which we call ‘realerts,’ are the ones that are really posing a risk to the customer’s cloud.” He said that these alerts are presented graphically in what are called Attack Sequences.
The AI system learns from customer inputs which alerts are real threats. The learning process also depends on a team of investigators and researchers at Skyhawk, who watch the behavior, and take feedback from customers. Burshan said that the company will send out those Realerts to customers so they can incorporate the actions into their security operations.
While Skyhawk Security is just announcing Synthesis, it’s actually been in use for a while so that the company can learn from actual use in live systems. Burshan refers to it as “battle-proven” with several companies. He said that by providing a real, free CSPM, the company is disrupting the market.