FAQs

Can I try Mitigant CAE without touching production?

Absolutely. Most customers start with pre-production environments to build confidence before moving to production testing. With Mitigant CAE, you have complete flexibility to choose where attack emulations run.

Mitigant CAE supports two recommended approaches for getting started:

1. Non-Production Testing: Run attack emulations in dev, test, or staging environments. This is completely risk-free and allows you to:

• Prove the platform works with zero business impact
• Build team familiarity with attack scenarios
• Validate your security controls in a safe environment
• Learn how your detection tools respond

2. Enumeration Attacks First: Start with discovery-only attacks that are completely harmless. These attacks don't create or modify any resources—they only observe. They're mapped to the MITRE ATT&CK Discovery tactics and help tune your detection systems without risk.

Once you're comfortable, you can graduate to limited production testing with comprehensive safety controls in place.

Learn more: Cloud Attack Emulation 101: Getting Started

What attack scenarios can Mitigant CAE emulate?

Mitigant CAE offers 200+ cloud attacks organized into:

Attack Actions: Atomic security tests that emulate specific attacker techniques

• Mapped to MITRE ATT&CK for Enterprise (cloud IaaS tactics)
• Mapped to MITRE ATLAS for AI/GenAI workload attacks
• Include tactics across the full attack lifecycle: initial access, execution, persistence, privilege escalation, defense evasion, credential access, discovery, lateral movement, collection, exfiltration, and impact

Attack Scenarios: Multi-step attacks that chain multiple techniques together

• Simulate realistic adversary behavior
• Include real-world attack patterns like:
  • LLMJacking (compromising cloud-based LLMs)
  • Ransomware attacks
  • Data breaches
  • Credential harvesting from AWS Secrets Manager
  • Cloud service hijacking
  • AndroxGh0st malware emulation

Multi-Cloud Attack Scenarios: Multi-step attacks that chain multiple techniques together and span across AWS and Azure cloud infrastructure

• Simulate realistic adversary behavior seen across multi-cloud infrastructure
• Validate if your threat detection capabilities can detect malicious multi-cloud interactions, e.g., API calls.

Threat Actor Emulation: Attacks tagged with specific threat actors

• Enables Threat-Informed Defense strategies
• Emulate behavior of threat actors relevant to your industry (e.g., Scattered Spider)

Custom Scenarios: Build your own attack scenarios combining available attack actions based on specific use cases or threat intelligence.

Custom Attack Actions (Coming soon): Build your own attack actions from scratch to suit your use cases.

Learn more: MITRE ATT&CK Cloud Matrix - Part I | Part II

See also: Demystifying The Most Pervasive Cloud Attack Techniques

How does Mitigant CAE fit into my existing security workflow?

Mitigant CAE complements your existing tools:

With CSPM/CNAPP:

• CSPM/CNAPP tells you what's misconfigured
• CAE proves whether it's exploitable
• Reduces false positives and prioritizes real risks

With SIEM/CDR:

• CAE generates real attack telemetry
• Validates whether your detection rules actually trigger
• Provides Sigma rules for detection engineering

With Vulnerability Scanners:

• Scanners find CVEs in software
• CAE validates cloud misconfigurations and IAM issues
• Together they provide comprehensive coverage

With Penetration Testing:

• Use CAE continuously between annual pen tests
• Validate that pen test findings were fixed
• More affordable for frequent testing

Learn more: Cloud Attack Emulation: Democratizing Security Operations in the Cloud

‍