Skyhawk Security, a leading cloud security vendor, is harnessing generative AI to enhance cloud threat detection and response capabilities. With cybersecurity professionals often overwhelmed by a flood of false positive alerts, the integration of generative AI, specifically the ChatGPT API, into Skyhawk’s cloud detection and response solution (CDR) aims to expedite alert management and provide greater context for incident response.
The prevalence of false alerts poses a significant challenge for IT security teams, forcing them to sift through hundreds of alerts on a daily basis to identify genuine security incidents. According to research from Orca Security, 59% of IT security professionals receive over 500 public cloud security alerts per day, resulting in an overwhelming workload that can cause critical alerts to be missed.
To address this issue, Skyhawk Security has turned to generative AI to improve visibility and context for security analysts. By leveraging the ChatGPT API, Skyhawk’s CDR platform can generate alerts earlier and equip users with crucial information to efficiently address data breaches. Tests have shown that the CDR platform, when utilizing generative AI, issued alerts ahead of conventional methods in 78% of cases.
Chen Burshan, the CEO of Skyhawk Security, highlighted the benefits of integrating generative AI into their solution, stating that it enhances threat detection and response for cloud engineers and SOC (Security Operations Center) incident responders. By acting as a force multiplier for SOC teams, generative AI helps mitigate the shortage of skilled personnel in cloud security.
Skyhawk utilizes a foundation of machine learning algorithms to monitor cloud assets, distinguishing between normal and malicious behavior. When a malicious behavior indicator surpasses a certain threshold, an alert is generated. The existing machine learning solution then constructs an attack sequence, presenting the user with a graphical representation of the event. To augment this process, Skyhawk employs its ChatGPT-trained threat detector to enhance threat scoring and provide additional parameters for users to verify the assigned threat scores.
While generative AI offers substantial benefits to security practitioners, careful consideration must be given to its limitations. Skyhawk acknowledges the necessity of responsible use to avoid potential errors and privacy issues. Rather than being a complete solution for threat resolution and response automation, generative AI primarily serves as an augmentation tool for human investigations into security events.
In a rapidly evolving threat landscape, knowledge and context are vital for effective decision-making by security teams. By incorporating generative AI, organizations can empower analysts to make informed choices regarding which alerts to investigate and how to respond, offering improved protection for on-premise and cloud environments against potential threat actors.
Sunil Potti, VP and GM of Google Cloud Security, emphasized the value of AI, particularly large language models, in enhancing security operations and providing access to AI-powered expertise. These models present information in a natural and creative manner, aiding security professionals in managing and understanding security events.
