Mitigant has been available to the general public for over a week, and we are still incredibly proud of our achievements! The response and support we have received following the announcement is really humbling. Many thanks for your support and kind words of encouragement. The public beta testing that preceded the release was very beneficial, it enabled us to receive really useful feedback from our awesome beta testers. Consequently, the launched product is an outcome of several iterations based on multiple feedback sessions. We are confident that this effort will immensely improve our customers’ experience. You can easily sign up and schedule a demo at https://www.mitigant.io/sign-up.
What’s In this Release
This release is a cumulation of what we have worked on over a long period. Here is a summary of the features included:
Continuous Cloud Compliance Management
Mitigant aims to support enterprises in achieving and remaining compliant with cloud security compliance benchmarks. Compliance has become an essential requirement for enterprises using public cloud infrastructure. However, security issues remain a significant challenge given the complex nature of cloud infrastructure. Also, the mixed understanding of the shared security responsibility model and the rapid pace of cloud technological advancements further complicates cloud security challenges. Thus, enterprises are required to demonstrate their level of security preparedness by complying with established cloud security benchmarks.
Mitigant’s CSPM provides straightforward and intuitive ways for continuously managing compliance. Our CSPM consists of approximately 200 checks based on several compliance standards, including CIS, NIST, PCI-DSS, and HIPAA. These checks cover over 40 AWS services and automatically detect security misconfiguration and related security issues. The detected security and compliance violations are presented in comprehensive reports that contain several relevant information including the severity level, remediation steps, and links to additional information.
Cloud Assets Inventory
Many cloud administrators do not have a comprehensive inventory of the services and assets deployed in their cloud accounts. Due to the ease of creating resources and fast development cycles, cloud infrastructures are often deployed rapidly without appropriate tracking efforts. This could lead to cloud resource sprawl and unwanted consequences including unplanned financial implications, expanded attack surfaces, and even successful cloud attacks. Mitigant addresses these concerns by providing a comprehensive inventory of cloud infrastructure with several additional views such as sorting, filtering, and searching.
Secure Drift Management
The changes to cloud infrastructure could result in cloud resource drift. In this scenario, the real-time state of cloud infrastructure is different from how it is expected to be. This scenario is caused by several changes which may or may not be authorized. In most cases, identifying these drifts is challenging due to a lack of efficient tools. Most existing tools check for drifts only, by using Infrastructure-as-Code, and generally at deploy time. Mitigant checks for drifts dynamically, with the click of a button, our customers can efficiently run drift checks and immediately identify drifts. This feature is essential for secure asset management, given that attackers often make changes when compromising an infrastructure for several reasons, e.g., installing backdoors and privilege elevation.
Automated Assessments and Notifications
To continuously monitor your cloud security posture, assessments and drift checks are scheduled at least once daily. These checks can also be run on-demand by clicking the respective buttons. Notifications are sent by default to registered emails. It is also possible to integrate slack channels to receive the notifications.
What’s Coming Next
Several cool features in various stages of development :
- Enhancement of the drift analysis feature with contextual security information.
- Visualization of alerts that have been resolved or fixed.
- The addition of more integration channels, e.g., Jira and GitHub.
- Security chaos engineering to bring resilience to security and DevOps teams.
Managing the security of your cloud infrastructure doesn't have to be a complex job. You can use Mitigant to transfer your cloud security journey from a chore to an advantage! The sign-up process is simple; within a few minutes, you will be in charge of your cloud security like a champ. We have a special package for startups and a 14-day trial period for all! Here is the sign-up page for scheduling a demo - https://www.mitigant.io/sign-up.
Co-Founder & CTO, Mitigant. | Contributing Author - O'Reilly Security Chaos Engineering Book. | AWS Community Builder