Sweet Security today added a cloud detection engine to its cybersecurity portfolio that makes use of a large language model (LLM) to identify potential threats in real-time.

Eyal Fisher, chief product officer for Sweet Security, said that capability also makes it simpler to identify zero-day threats and other malicious activity that would have previously been undetectable. By assessing cloud variables in a way more accurately identifies benign activity, cloud detection noise is reduced to 0.04% without first needing to identify normal cloud behavior, he said.

The overall goal is to reduce the level of alert noise generated in highly dynamic cloud computing environments, said Fisher.

Each incident discovered is also clearly labeled either “malicious,” “suspicious,” or “bad practice” to further reduce fatigue. Sweet Security also provides a heat map that makes it easier to identify “danger zones” in a cloud computing environment.

Finally, Sweet Security also makes it possible to identify who in the organization is responsible for remediating any issues discovered.

As a provider of a unified detection and response platform that makes extensive use of behavioral analytics to provide application detection and response (ADR), cloud detection and response (CDR) that is integrated with a cloud workload protection Platform (CWPP) to secure runtimes, Sweet Security is making a case for an approach to cloud security that doesn’t depend on a rules-based engine that needs to be continuously updated. Instead, the LLM that Sweet Security specifically developed to correlate potential attack patterns with application data more accurately pinpoints an indication of a cyberattack.

More than a decade after first being introduced, cybersecurity teams are still struggling with securing cloud computing environments. At the core of that issue is that many of these environments are provisioned by application developers who have little to no cybersecurity expertise. Misconfigurations that cybercriminals can easily exploit are commonplace.

Additionally, cloud applications tend to be updated frequently, which creates further opportunities for misconfigurations. Cybersecurity teams in addition to being charged with detecting those issues then have to ensure that the application developers involved update those deployments following best cloud security practices.

It’s not clear how many cybersecurity incidents can be traced back to issues involving cloud computing, but clearly, cybersecurity teams need a different class of tools and platforms to secure them. There is a natural tendency to try and extend the reach of cybersecurity tools and platforms that were originally designed for on-premises IT environments into the cloud. However, for the most part, those legacy technologies are not able to secure cloud computing environments that operate in a fundamentally different manner.

In the meantime, cybersecurity teams can rest assured that cybercriminals will also be taking advantage of LLMs and other advances in artificial intelligence (AI) to discover weaknesses they can exploit. Like it or not, cybersecurity teams are now involved in an AI arms race that will require them to upgrade their security operations (SecOps) platforms to mitigate cybersecurity threats that are only going to increase in volume and sophistication.