Published on: January 2, 2024
In a recent interview with SafetyDetectives, Skyhawk Security’s CEO, Chen Burshan, shares insights into his extensive security background and the unique features setting Skyhawk apart in the cloud security realm. With over 15 years of experience, Burshan discusses his transition from leading product and strategy teams at Dome9 to his role at Skyhawk, emphasizing the company’s AI-based autonomous purple team, refined alerting system, and integration of tailored machine learning models. Addressing the escalating challenge of AI-based attacks, Skyhawk introduces proactive measures through its autonomous purple team. Burshan also underscores the importance of runtime visibility in cloud security, highlighting the platform’s focus on real-time behaviors. Looking ahead, he identifies the increasing use of AI in executing attacks as a key trend, emphasizing the necessity for organizations to adapt and fortify their security strategies in the face of evolving threats.
Can you talk about your journey and your current role at Skyhawk Security?
Thanks for the opportunity to speak with you and tell Skyhawk’s Story. I became Skyhawk’s CEO after leading product and strategy teams for companies in the security space for more than 15 years, most notably in Skyhawk’s context, I was GM and Site Manager at Dome9 which was Acquired by Check Point. At Dome9, I helped develop the company into a leader in the CSPM (Cloud Security Posture Management) space.
When I was presented with the opportunity to lead Skyhawk, I immediately saw great potential. The technology was very exciting, with a real moat and a market that matured into moving beyond CSPM and visibility, toward what Skyhawk has to offer — near real time threat detection and response. I jumped at the chance to expand their existing concepts to solve the issue of security in the cloud.
What sets Skyhawk Security apart from other cloud security solutions in the market?
Three key things set Skyhawk apart.
The first key differentiator is our AI-based autonomous purple team. As a cloud threat detection and response product, our technology acts as an AI-based blue team. To that, we added an AI-based red team that continuously analyzes customer cloud infrastructure and proactively runs attack simulations against it. The results are then used to detect potential threats, create validated automated responses and provide remediation recommendations to ensure the company’s cloud has the most up-to-date security defenses. This continuous protection process includes learning and automated adaptation of threat detection methods. We’re empowering security teams to take a proactive and adaptive approach to their security strategy for the very first time.
Our second differentiator is the way we alert to security threats as part of our Cloud Threat Detection and Response solution. We don’t bombard companies with alerts on every single event, leaving them to figure out how these activities are related and whether they truly matter. Instead, we present alerts as an attack sequence, with all the important evidence they need to identify true threats and address them. We help companies reduce false positives and focus on REAL vulnerabilities and breach attempts.
The third thing that makes us stand out is how we’re integrating machine learning. Our Cloud Threat Detection and Response is so successful because we employ machine learning (ML) models that are tailored to a company’s environment. These models are updated daily to ensure drift and to prevent threat actors from reverse engineering them. The ML also delivers operationally efficient security – it allows us to quickly sort through many data points to determine which threats warrant an attack sequence and an alert.
How does Skyhawk incorporate AI and machine learning into its security solutions?
In addition to the AI-based autonomous purple team I described before, there are several ways we’re using artificial intelligence. We were the first cloud solution to integrate ChatGPT and other Large Language Models (LLMs) into threat detection. In 78% of cases Skyhawk’s platform produced alerts earlier when adding ChatGPT to our threat scoring process.
We also use three levels of Machine Learning.
- Detection of suspicious behavior indicators – this layer has several types of models, some are Skyhawk global models and some are customer-specific models, which are updated daily to address model drifts to fit changes in customers’ legitimate cloud usage patterns.
- Aggregation and correlation of the indicators – this layer reduces the noise and presents one alert with all evidence in one place.
- Generative AI bases CISO – this layer acts as Collective Intelligence driven Second Opinion of multiple virtual incident responders.
What are the biggest challenges currently facing cloud security?
AI-based attacks are the biggest challenge. That’s the reason we created the autonomous AI-based purple team and believe it is so important for organizations that have workloads in the cloud. Threat actors are using generative AI to increase the frequency and sophistication of these attacks. We help to better prepare your environment.
Can you elaborate on the importance of runtime visibility in cloud security?
Runtime visibility (called observability) allows organizations to see what is happening in the cloud right now. It doesn’t look at static configurations – it looks at behaviors and activities. Our platform takes that one step further and uses the posture and entitlements to provide context – so we know that the alerts we are sending out are REAL threats.
What emerging trends do you see as most influential for the future of cybersecurity?
The use of AI to execute attacks. Threat actors can use AI to execute more sophisticated attacks – fast. The number of attacks is no longer limited by needing human resources to execute them. Generative AI can create and launch many sophisticated attacks. We know threat actors are using technology in this way – as we are using the technology in this way to help improve security. It would not be hard to flip the switch and use this same approach for bad versus good.