Cloud Security

Techscape for Detection and Response Startups

Major cloud platforms targeted by TRIPLESTRENGTH hacking operation. (Adobe Stock)

Major cloud platforms targeted by TRIPLESTRENGTH hacking operation. (Adobe Stock)

Guest blog courtesy of Skyhawk Security.

Skyhawk Security started in the 3rd generation of Cloud Threat Detection and Response (CDR) platforms at its inception in May of 2022, supporting AWS, Azure, and Google Cloud to deliver a robust Preemptive Cloud Security Platform. The several layers of machine learning models sort through thousands of events, log information, telemetry, and even use information from other security tools to present verified alerts, complete with all the evidence and information needed to stop this incident from becoming a full-blown breach. In December 2023, Skyhawk Security added Continuous Proactive Protection, which is an AI-based, continuous, autonomous purple team, which leverages a simulation digital twin to surface weaknesses in the attack surface.

Skyhawk’s Continuous Autonomous Purple Team extends Cloud Threat Detection and Response with a preemptive approach to cloud security. This is how it works:

  • Discover: Identifies all cloud assets and maps out the paths threat actors could use to gain access.
  • Analyze: Investigates the configuration, vulnerabilities, and security controls that are in place are fully analyzed and attack recipes are created.
  • Simulate Attacks: Leveraging the attack recipes, the Simulation Digital Twin is used to fully execute the attacks.
  • Evaluate Defenses: Where the attack is successful, is prioritized based on the business value of the asset that is vulnerable.
  • Adapt: CDR machine learning models are updated for more accurate detections; pre-verified automated response is put in place for verified alerts.

    • Gartner® states, “The preemptive cybersecurity approach to detection and response has gained momentum, with startups working across complex threat intelligence, adopting purple team cultures and improving their strategic industry offerings.”

    The results of the Purple Team reduce the overall business risk profile and deliver value for cloud security:

    • Preemptive security enables automated response thus reducing MTTD and MTTR to seconds
    • Addresses the Progressive Technology-based Adversarial-Driven Risk
    • Preemptive defense with Skyhawk runs continuously, adapting to changes in real time, ensuring newly introduced cloud assets or configurations are always under protective assessment

      • Skyhawk Synthesis Security Platform Improves Security Operational Efficiency

      Skyhawk Security’s layers of machine learning sort through thousands of events, logs, and telemetry to identify verified alerts. For one customer, Skyhawk was able to sort through 60,000 events and data points and surfaced 50 verified alerts over a 30-day period. This dramatically improves the operational efficiency of the security teams as they are able to focus on the actual threats, instead of wasting significant amounts of time on issues that are benign. In fact, the security operations center (SOC) spends 32% of their day on incidents that pose no threat. With Skyhawk Security’s Cloud Threat Detection and Response and Continuous Autonomous Purple Team, security teams maximize their efficiency.

      Check out this webinar with IBEX Medical who is able to set their security priorities for the day in just one day, giving them hours back to focus on other issues.             

      According to Gartner, “By 2026, AI will increase SOC efficiency by 40% compared with 2024 efficiency, beginning a shift in SOC expertise toward AI development, maintenance and protection.” Gartner also states that, “By 2028, multiagent AI in threat detection and incident response will rise from 5% to 70% of AI implementations to primarily augment – not replace – staff.”

      Skyhawk Security Continuous Autonomous Purple Team further improves efficiencies by prioritizing identified cloud security issues based on the business value of the at-risk asset. Leveraging the purple team alongside the original CDR delivers a truly accurate and efficient preemptive CloudSecOps solution.

      Interactive CDR leverages AI agents to deliver Identity Threat Detection and Response (ITDR)

      According to the Gartner research, “Startups are experimenting with generative AI (GenAI) technologies. The use of AI agents/AI security operations center (SOC) analysts and GenAI remediation recommendations has become crucial for staying ahead of evolving threats.”

      The research also states, “Identity threat detection and response (ITDR) market movement has increased, with investments growing around nonhuman identity, AI and machine learning (ML)-based ITDR, and unification of identity security offerings.”

      Threat actors are not breaking. If they were, they would be easily found. They are logging in, like we saw recently for the Samsung breach. Unused credentials need to be completely deactivated to ensure they are not used. Leaving abandoned credentials active means they can be compromised by an opportunistic threat actor, just like we saw at Samsung. Skyhawk Security’s Interactive CDR is a new capability that leverages an AI-agent for an out of band confirmation of activities. It incorporates human and nonhuman verification and supports Zero Trust Principles. So, how does this work?

      • Skyhawk’s CDR detects a malicious activity
      • The activity is categorized, and the platform determines if the activity being executed is a user or cloud asset. If it is an asset, we identify the owner of the asset.
      • The user and/or asset owner is then asked to verify the activity or not.
      • If the activity is verified, the platform does not raise an alert, but continues to monitor the activity
      • If the activity is not verified, an alert is immediately raised so the SOC can act fast.

        • Realize a Preemptive Cyber Strategy with Skyhawk

        Skyhawk Security delivers a preemptive cyber defense that continuously monitors your cloud and adapts to changes in your cloud configuration, users, and usage.

        • Autonomous Purple Teaming: Unlike traditional security approaches that rely on separate red and blue teams to test defenses and respond to incidents, Skyhawk’s Continuous Autonomous Purple Team merges these functions into a continuous, automated process. The platform continuously analyzes your cloud infrastructure, running attack simulations that mimic the tactics, techniques, and procedures of threat actors. This not only identifies vulnerabilities but also provides actionable insights on how to strengthen defenses immediately. By simulating attacks on an ongoing basis, the Purple Team ensures that your security measures are always tested and validated against the latest threats. Finally, there is no production impact with a Simulation Digital Twin.
        • Verified Alerts and Automated Responses: Skyhawk Security enhances the effectiveness of its Autonomous Purple Team by ensuring that all alerts are pre-verified. This means that security teams receive only actionable intelligence, significantly reducing the risk of responding to false positives. The platform’s automated responses are also verified, allowing for immediate and precise remediation of threats. This integration of verified alerts and automated responses helps prevent security incidents from escalating into breaches, providing peace of mind that your cloud environment is secure. This dramatically reduces MTTR.
          • Tailored AI driven incident detection solutions: Skyhawk Security’s multi-layered cloud incident detection AI approach is designed to work hand-in-hand with the Autonomous Purple Team. Custom-built machine learning models, updated daily, ensure that malicious activities are detected within minutes, preventing an incident from becoming a breach, without increasing false positives or negatives. These machine learning models are customized to identify threats in your cloud, including unknown unknowns
          • Interactive CDR: Understand threats by going directly to the user, the single source of truth regarding their work and activities for instant verification of a threat. This empowers the SOC to act fast, dramatically reducing MTTR.

            • Try it for free today!

            Gartner, Emerging Tech: Techscape for Detection and Response Startups by Esha Bhatia and Apeksha Kaushik published March 19, 2025.

            GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved.

            Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

            An In-Depth Guide to Cloud Security

            Get essential knowledge and practical strategies to fortify your cloud security.

            Related

            Related Events

            Related Terms

            Cloud ComputingGreynet

            You can skip this ad in 5 seconds