Skyhigh Threat Protection

Identify, mitigate, and remediate insider threats, compromised accounts, and privileged user threats in trusted cloud services

Download Solution Brief

The security operations center for the cloud

Skyhigh provides a centralized dashboard to analyze high-risk activity across all cloud services, drill into incidents, and perform forensic investigations with a complete audit trail of all user activity.

Cross-app threat intelligence

Identify activity that in isolation appears routine, but when correlated with activity across over 20,000 cloud services indicates an internal or external threat.

Incident remediation

Investigate and resolve incidents within the Skyhigh interface or leverage existing threat remediation workflows through integration with leading SIEM solutions.

Download the Solution Brief

Download the Skyhigh Threat Protection solution brief for more information.

Download Now

Detect and remediate high-risk user behavior indicative of insider threat

Skyhigh analyzes cloud activity across multiple heuristics, developing an accurate and continuously updated model of user behavior that detects negligent and malicious user activity and takes real-time action to prevent data loss.

Stop privileged user threats

Skyhigh identifies administrators accessing sensitive data outside of policy or role, intentionally degrading security settings, and creating dummy accounts for unauthorized third party access. The solution also flags excessive user privileges and dormant accounts that can be de-provisioned.

Self-improving security

Skyhigh’s machine learning algorithms model typical behavior for a specific user, group, and time period. As threats are resolved, Skyhigh automatically incorporates this information into its models of behavior to improve detection accuracy and reduce resource-draining false positives.

“Skyhigh integrated seamlessly with our existing providers like Zscaler, and feeds into our SIEM, so we get the information that is important for us and we can continue to be fast, lean, and agile.”

Jeff Haskill, Chief Information Security Officer

“Skyhigh helps us understand how employees use the cloud and identify insider threats, compromised credentials, and excessive privileged user access.”

Mike Bartholomy, Senior Manager, Information Security

“What we needed was granular visibility into what our users were doing and the ability to provide policy controls for different business units.”

Paul Dumbleton, Infrastructure Security Engineering Manager

“In an environment with millions of unique events each day, Skyhigh does a nice job of cutting through the noise and directing us to the areas of greatest security concern.”

Ralph Loura, Chief Information Officer

Identify compromised accounts

Skyhigh detects compromised accounts based on unfamiliar and untrusted login locations, consecutive logins from locations that imply impossible travel, and brute-force login attempts, even across multiple cloud services.

Prevent unauthorized access

Automatically force additional authentication steps in real-time when unusual account activity is detected, preventing unauthorized third parties from gaining access.

Focus on accounts at risk

Identify stolen login credentials for sale on the Darknet, revealing users at risk of account compromise and enabling targeted password update reminders and heightened security.


Identify exfiltration from on-premises systems

Identify cyber attacks and malware that leverage unmanaged shadow IT cloud services as a vector for data exfiltration for information stolen from on-premises applications and databases.

Key Features

Cloud SOC

Delivers a threat protection dashboard and incident-response workflow for potential insider threats, privileged user threats, and compromised accounts.

Threat Modeling

Correlates multiple anomalous events within a cloud service or across cloud services to accurately separate true threats from simple anomalies.

User Behavior Analytics

Automatically builds a self-learning model based on multiple heuristics and identifies patterns of activity indicative of a malicious or negligent insider threat.

Account Access Analytics

Analyzes login attempts to identify impossible cross-region access, brute-force attacks, and untrusted locations indicative of compromised accounts.

Privileged User Analytics

Identifies excessive user permissions, zombie administrator accounts, inappropriate access to data, and unwarranted escalation of privileges and user provisioning.

Configurable Sensitivity

Provides an adjustable sensitivity scale for each anomaly type with real-time preview showing the impact of a change on anomalies detected by the system.

Cloud Activity Monitoring

Provides a comprehensive audit trail of all user and administrator activities to support post-incident investigations and forensics.

Data Exfiltration Analytics

Leverages machine learning to identify traffic patterns indicative of malware or botnets exfiltrating data from on-premises systems via cloud services.

Darknet Intelligence

Identifies stolen credentials acquired in phishing attacks and leaked from breached cloud services to reveal users and services at risk.

Outbound Data Intelligence

Integrates with malicious domain/IP databases, identifies uploads to untrusted destinations, and flags uploads associated with spyware, phishing, and botnets.

Integration with SIEMs

Combine Skyhigh anomaly and event data with events from other systems and leverage your existing incident remediation process.