Cloud computing and technologies
GT
In cloud-based systems, most security is reactive, meaning that security provisions don't kick in until something happens, such as malware starting to attack cloud applications. Often when this happens, some damage has already been done, and the malware may already be inside the servers, meaning security personnel have to deal with removing the malware and repairing the damage that has been done.
Keith J explained: Vincent, principal engineer at Technologent, notes that “all cloud security solutions to date react to problems that have already been created.” “There are several issues with this approach, especially with regard to threat detection.”
In other words, reactive solutions are not fast enough to protect data and applications in the cloud. “For cloud security, organizations need the ability to respond faster to cybersecurity threats and manage threat detection more efficiently,” said John Yeoh, global vice president of research at Cloud Security Alliance. “Today, the cloud ecosystem and technology stack are increasingly complex, and the emergence of generative AI business tools has increased this. However, cloud security’s generative AI capabilities can adapt to an organization’s increasing use of technology and the customer’s specific cloud environment, providing Improved security awareness, visibility and response.
Given cybersecurity skills shortages and budget constraints, generative AI for cloud security is critical to automating threat detection and response, as well as for vulnerability management and compliance, Yeoh said.
And it's not a minute too early. According to Stu Sjoerman, writing for Forbes, the first AI-based malware has already been released as part of an academic test. In addition, he said that IBM's DeepLocker, an AI-powered ransomware package that has not yet been released but could soon, has already been tested.
Real-time security
Cyber security technology
GT
Attacking security with a real-time solution, so that threats are identified and stopped before they can harm data or applications on cloud servers, is the most effective approach, but until recently there have been tools to achieve this kind of proactive approach. It didn't exist. But now, AI-based anti-malware solutions are starting to emerge. One of the first companies is Skyhawk Security, which has updated its Synthesis platform to operate in real-time vulnerability scanning and situation management.
What Skyhawk is doing now is adopting the military approach of using red and blue teams to look for weak spots. Each of these AI teams attacks protected cloud infrastructure in their own way, sharing what they've learned with each other. Teams look for paths of least resistance, while also learning about security capabilities and the nature of the data being protected.
Then, using what the teams learn, they launch simulated attacks looking for vulnerabilities. Chen Burchan, CEO of Skyhawk Security, described this approach as a paradigm shift, and said the process is constantly iterative, assessing defenses in real time.
“The model we are changing advances beyond current ‘reactive’ solutions,” Barchan said. Skyhawk is automatic, but allows fine-tuning of the specific implementation. “Response automation works at two levels, either in assisted or fully automated response modes,” he said.
“Skyhawk has three layers of artificial intelligence working in the system,” Borsgam explained. “The first layer detects suspicious behaviors. These are suspicious activities called indicators of malicious behavior. The second layer correlates activities and issues alerts when the associated activities indicate an incident. This layer is responsible for ensuring that the customer receives real alerts and reducing alert fatigue resulting from false positives. As for The third layer, which uses generative AI, acts as a virtual incident responder, analyzing interconnected events as they are built and can raise the alert level and add reasons for alerting.
Skyhawk is a cloud-native application, which makes implementation relatively easy, usually within the capacity of internal staff. The company said that this does not affect the system's performance.
