Reducing False Positives with Active Behavioral Analysis for Cloud Security
Dikshant, Verma
TL;DR
This paper presents a validation-driven approach using active behavioral testing with automated probes to significantly reduce false positives in cloud security alerts, enhancing accuracy and analyst efficiency.
Contribution
It introduces a novel, real-time validation methodology with automated probes to improve false positive reduction in cloud security posture management.
Findings
93% average reduction in false positives
Low latency performance demonstrated
Scalable and extensible to multi-cloud environments
Abstract
Rule-based cloud security posture management (CSPM) solutions are known to produce a lot of false positives based on the limited contextual understanding and dependence on static heuristics testing. This paper introduces a validation-driven methodology that integrates active behavioral testing in cloud security posture management solution(s) to evaluate the exploitability of policy violations in real time. The proposed system employs lightweight and automated probes, built from open-source tools, validation scripts, and penetration testing test cases, to simulate adversarial attacks on misconfigured or vulnerable cloud assets without any impact to the cloud services or environment. For instance, cloud services may be flagged as publicly exposed and vulnerable despite being protected by access control layers, or secure policies, resulting in non-actionable alerts that consumes analysts…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsNetwork Security and Intrusion Detection · Information and Cyber Security · Advanced Malware Detection Techniques