Cloud Computing and Technologies
On cloud-based systems, most security is reactive, meaning that the security provisions don’t kick in until something happens, such as malware starting to attack the cloud applications. Many times when that happens, some damage is already done, and the malware may already be inside the servers, meaning that security staff have to deal with removing malware and fixing what damage was done.
“All cloud security solutions to date are reactive to issues already created,” explained Keith J. Vincent, principal architect at Technologent. “There are many issues with this approach, especially for threat detection.”
In other words, reactive solutions simply aren’t fast enough to protect the data and applications in the cloud. “For cloud security, organizations need the ability to respond faster to cybersecurity threats and manage threat detection more efficiently,” said John Yeoh, global vice president of research at the Cloud Security Alliance. “Today, the cloud ecosystem and technology stack are increasingly complex, and the rise in generative AI business tools has added to this. However, generative AI capabilities for cloud security can adapt to an organization's growing use of technology and a customer's specific cloud environment, providing improved security awareness, visibility, and response.”
Yeoh said that the shortage of cybersecurity skills and budget constraints, generative AI for cloud security is crucial for automating threat detection and response, as well as for vulnerability management and compliance.
And it’s not a minute too soon. According to Stu Sjouwerman, writing in Forbes, the first AI-based malware has already been launched as part of an academic test. In addition, he said that IBM’s DeepLocker, an AI-powered ransomware package that’s not yet in the wild, but could be soon, has already been tested.
Real-time Security
Cyber security technology
Attacking the security with a real-time solution, so that threats are identified and stopped before they can do damage to the data or applications on the cloud servers, is the most effective approach, but until recently tools to accomplish that type of proactive approach haven’t existed. But now, AI-based anti-malware solutions have begun to show up. One of the first is Skyhawk Security, which has upgraded its Synthesis platform to work in real time examining vulnerabilities and perform posture management.
What Skyhawk is doing now is embracing the military approach of using Red and Blue teams to look for weaknesses. Each of these AI-based teams attacks the protected cloud infrastructure in its own way, while sharing what each has learned with the other. The teams look for paths of least resistance, while also learning the security capabilities and learning the nature of the protected data.
Then, using what the teams have learned, they launch simulated attacks looking for gaps in the security. Calling the approach a paradigm shift, Chen Burshan, CEO of Skyhawk Security said that the process continually repeats, evaluating defenses in real time.
“The paradigm that we are shifting is advancing beyond today’s current ‘reactive’ solutions,” Burshan said. Skyhawk is automatic, but it allows fine tuning for the specific implementation. “The response automation operates on two levels, working in either assisted or fully automated response modes,” he said.
“Skyhawk has three layers of AI running in the system,” Bursjam explained. “The first layer detects suspicious behaviors. These are suspicious activities that are called malicious behavior indicators. The second layer correlates the activities and issues alerts when the correlated activities indicate an incident. This layer is responsible for making sure the customer receives REAL alerts and reducing the alert fatigue created by false positives. The third layer, using generative AI, acts like a virtual incident responder analyzing the correlated events as they are being built. It can raise the alert level and it adds reasoning to the alert,” he added.
Skyhawk is a cloud-native application, which makes implementation relatively easy, usually withing the capability of in-house staff. The company said that it does not affect system performance.
