Cloud detection and response company Skyhawk Security (CNP) Ltd. today announced it’s adding an interactive cloud threat detection and response or CDR capability to its platform that enables multifactor cloud-native zero-trust security.

The new capability has been designed to add real-time user interaction to verify the suspicious activity of human and nonhuman identities that are the root cause of alerts. The functionality closes context gaps between security operations centers, cloud teams and identity owners, reducing the load on SOCs, shortening mean time to respond, better protecting against cloud breaches, and aligning with zero-trust frameworks.

The new release seeks to address the issue that when real-time alerts come into a SOC, there is often very little context, making it difficult for the team to understand if the alert was the result of a legitimate user’s anomalous activity or an attacker. Skyhawk Security notes that 70% of attacks and data branches in the cloud involve stolen or leaked identity credentials that hackers use to compromise logins without penetrating cloud infrastructure security.

Skyhawk’s new release cuts through the confusion by continuously monitoring cloud asset behaviors, including users, roles, machines and functions. If a behavior deviates from the norm, the new Interactive CDR automatically sends a notification to the user owning the asset or identity, asking them to authorize and validate the activities that triggered the alert.

The approach aligns with zero trust and the core concept of the CDR’s detection flow, which occurs regardless of the user’s role or location, even inside the network. As a result, the assumption that users inside the perimeter are trustworthy is eliminated.

Skyhawk says Interactive CDR goes to the source via a different factor not connected to the cloud or the enterprise identity, which may be compromised, adding a multifactor layer of verification. The response gives the SOC the missing context from the best source of information – the owner of the asset or the user who is supposedly executing these activities in the cloud.

“Interactive CDR, when combined with our proactive CDR, which helps prepare for incidents before they occur, interactively adds context when alerts do occur,” said Chief Executive Chen Burshan. “It bridges the gap between SOC and cloud teams, adds real-time activity context and closes the gap between threat exposure and threat management in a single comprehensive, synergetic platform.”

Skyhawk Security was originally part of Radware Inc. until it was spun off as a standalone company in 2022. In terms of funding, Skyhawk has raised a single round of $35 million from Tiger Global Management.

Image: Skyhawk Security