Skyhawk launches platform to provide threat detection and response across multi-cloud environments

Cloud threat detection vendor Skyhawk Security has released a platform designed to address alert fatigue that provides cloud detection and response (CDR) across multi-cloud environments, the company said Tuesday in a statement. The company says the Synthesis platform is being released on a “freemium” basis—the base version is available at no cost, but supplement features can be purchased.

Skyhawk claims the platform improves upon products focused on identifying numerous static cloud security misconfigurations by employing machine learning (ML) to find correlated sequences of high-priority runtime events and identify paths of least resistance that are exploited to compromise cloud infrastructure.

Discovering latent cloud security risks

“Cloud posture management is a major challenge. However, cloud security and SOC teams are overwhelmed trying to analyze and respond to the thousands of alerts brought on by current cloud security solutions,” Skyhawk CEO Chen Burshan said in a statement. “Our approach is unique because we’re pinpointing and stopping real attacks by discovering the latent risks and then monitoring the full runtime of dynamic threats in the cloud infrastructure.”

Citing a recent University of Oxford study that suggests 99% of alerts are false positives, the company said it believes the product helps address “alert fatigue” and reduced efficiency that can result from investigating events and alerts that do not pose a threat. The platform is designed to identify runtime threats as they occur, combining inventory awareness and least-resistance paths with behavioral analytics to elevates awareness of real alerts. Synthesis then presents results in a CDR runtime hub.

“Beyond this, the rapidly expanding cloud infrastructure attack surface has opened the door for major misconfiguration and visibility concerns,” Skyhawk said. “For example, the recent Uber breaches showcase the heavy cost of mismanaged cloud security, resulting in the personal information of 77,000 employees being leaked.”

CSPM a “baseline capability”

In addition to CDR, the platform includes cloud infrastructure entitlement management (CIEM), identity threat detection and response (ITDR), and advanced cloud security posture management (CSPM). The basic version of Synthesis is being made available at no cost because the company considers CSPM “a baseline capability.” 

Chen tells CSO the platform has undergone a soft launch and currently “has tens of customers using it to protect their clouds,” while full public access begins Tuesday.

Under the free CSPM version, users will have access to visibility across AWS, Azure, and GCP clouds, posture management and hardening, compliance and governance reports, and will be able to manage up to 1,000 assets. Slack channel support and a guided install are also included. Enterprise subscribers will receive those features as well as threat detection, attack simulations, threat response, cloud infrastructure entitlement management, least privileges recommendations, unused permission alerts, and integration with Slack and Jira. Cloud locations in the free version are limited to the US, UK, EU, Israel, Japan, and Australia, while the full version has unlimited geographical access.

Improves security posture

“Even when cloud architecture is 100% compliant and configured 100% correctly, these environments can still be breached,” the company said. “Skyhawk Security not only improves security posture but allows SOC teams to zero in on events that pose a real threat to their organization.”

The freemium CSPM solution includes posture management and hardening, compliance reports, and governance enforcement for up to 1,000 assets.