TEL AVIV, Israel, March 29, 2023 (GLOBE NEWSWIRE) -- Skyhawk Security, the originator of cloud threat detection & response (CDR), today announced the company is using ChatGPT to enhance cloud threat detection and make it faster and easier for customers to find and understand security incidents that might otherwise fly under the radar.
Tests run by Skyhawk on the new ChatGPT features showed measurable improvements in the speed of detecting breaches based on anomalous activities, doing so at a much lower operational cost. According to Skyhawk’s tests on various datasets, in 78% of cases the platform produced alerts earlier when adding ChatGPT to the scoring process. This capability is generally available to Skyhawk customers today at no additional charge.
The company has incorporated ChatGPT in two unique ways:
- Earlier detection of malicious activity. One of Skyhawk’s key advantages over other security tools is its ability to show actual threats as they are progressing on a graphical storyline known as an ‘Attack Sequence’. Skyhawk’s new ‘Threat Detector’ feature using the ChatGPT API is trained on millions of security data points from across the web. It uses that data to help augment the Attack Sequence technology’s scoring mechanism. Skyhawk’s existing scoring mechanisms are based on proprietary machine learning technologies that use malicious behavior indicators (MBIs) and then assign those MBIs a score when they get to the point that something appears to be worthy of an alert, known as a ‘Realert’. It solely alerts on real threats, significantly reducing false positives. Adding ChatGPT to the scoring system is one additional parameter that vastly improves the confidence of a given score and enables the platform to alert to anomalous behaviors earlier.
- Explainability of attacks as they are progressing. An Attack Sequence correlates multiple suspicious events to provide observability into the validity of a potential attack and how it manifests. Today, Skyhawk adds textual explanations (produced by ChatGPT) for the incidents found by the platform. These appear in a new platform tab called the ‘Security Advisor’. Having these textual explanations, in addition to visual representations, helps organizations understand incidents in greater depth and makes them more accessible to security personnel.