Skyhawk Security Adds Threat Actor Context to Cloud Attack Scenarios, Mapping Simulations to Known Adversaries
好的,用户让我帮忙总结一篇文章,控制在100字以内,而且不需要特定的开头。首先,我需要快速阅读文章内容,抓住主要信息。 文章讲的是Skyhawk Security添加了Threat Actor Context到他们的云安全平台。这个功能让安全团队通过已知对手的行为来理解模拟攻击场景。他们连接了AI红队模拟攻击和真实威胁行为者、活动以及CVE。 接下来,文章提到这个功能不仅映射战术、技术和程序,还加入了威胁情报,考虑目标行业、地理位置和恶意活动方法。这样组织可以看到模拟场景的意义,并根据自身业务背景判断重要性。 然后列出了五个对手组:Scattered Spider、APT29、APT44/Sandworm、TraderTraitor和APT41。CEO的话强调了安全团队缺乏上下文的问题,Skyhawk帮助他们通过已知攻击者行为评估暴露并改进优先级。 最后提到Skyhawk是Radware的分支,在RSA Conference 2026展示新功能。 总结时要涵盖新增功能、连接模拟攻击与真实威胁、考虑业务背景、五个对手组以及CEO的观点。控制在100字以内,直接描述内容。 </think> Skyhawk Security推出Threat Actor Context功能,将AI红队模拟攻击与真实威胁行为者及其活动关联,帮助安全团队理解攻击场景的业务影响。该功能整合威胁情报,考虑目标行业和地区,并针对五个知名对手组(如Scattered Spider和APT29)提供具体案例分析。 2026-3-25 16:13:7 Author: securityboulevard.com(查看原文) 阅读量:1 收藏

Avatar photo

Skyhawk Security has added Threat Actor Context to its cloud security platform, giving security teams a way to understand simulated attack scenarios through the lens of known adversary behavior. The enhancement connects Skyhawk’s AI Red Team attack simulations to real-world threat actors, their campaigns, and affiliated CVEs.

The capability goes beyond mapping to tactics, techniques, and procedures. Skyhawk’s attribution engine layers in curated threat intelligence that accounts for targeted industries, geographies, and malicious campaign methods, so organizations can see not just what a simulated scenario looks like, but why it matters given their specific business context.

At launch, Threat Actor Context ties scenarios to five named adversary groups:

  • Scattered Spider: Patterns linked to identity-driven intrusions, including high-profile attacks on MGM Resorts and Caesars Entertainment.
  • APT29: Tradecraft associated with NOBELIUM and TeamCity-related cloud intrusion activity.
  • APT44 / Sandworm: Patterns tied to disruptive operations such as BadPilot.
  • TraderTraitor: Techniques connected to the JumpCloud compromise and the Bybit theft.
  • APT41: Behavior associated with Operation CuckooBees and broader public sector targeting.

“Security teams have plenty of data, telemetry and alerts. What they’re usually lacking is the context to transform that data into security insights and pinpoint why simulated attack scenarios matter to their business based on activity seen in the wild,” said Chen Burshan, CEO of Skyhawk Security. “We’re helping them view scenarios through the lens of known attacker behavior to better assess exposure and improve prioritization.”

The underlying idea is prioritization grounded in real-world threat activity. Rather than treating all simulated attack paths as equally urgent, Threat Actor Context helps teams focus attention on scenarios that mirror the tradecraft of active threat groups targeting organizations like theirs. The platform already incorporates Skyhawk’s Continuous Proactive Protection and AI-powered Purple Team approach to cloud security.

Skyhawk Security is a spin-off of Radware (NASDAQ: RDWR) and is presenting the new capability at RSA Conference 2026 in San Francisco.


文章来源: https://securityboulevard.com/2026/03/skyhawk-security-adds-threat-actor-context-to-cloud-attack-scenarios-mapping-simulations-to-known-adversaries/
如有侵权请联系:admin#unsafe.sh