Advanced Topics
What is Security Chaos Engineering?
Security Chaos Engineering (SCE) is a research-based methodology that Mitigant pioneered for cloud environments and is the foundation of Mitigant CAE:
Core Concept:
- Deliberately inject security faults (attacks) to test resilience
- Observe how systems behave under attack
- Identify blind spots before real attackers do
Builds on Chaos Engineering:
- Traditional chaos engineering (like Netflix's Chaos Monkey) tests availability
- Security Chaos Engineering extends this to confidentiality and integrity
- Focuses on security failures, not just operational failures
Why It Matters:
- 100% cybersecurity is impossible
- Testing resilience is more realistic than pursuing perfection
- Validates whether security controls actually work
- Provides short feedback loops for evidence-based security
Research Foundation:
- Mitigant's founders developed SCE through Ph.D. research at Hasso Plattner Institute
- Published academic work validates the approach
- Proven through industry partnerships
Learn more about the team: About Mitigant
Deep dive: Demystifying Security Chaos Engineering - Part I | Part II
What is Adversarial Exposure Validation?
Adversarial Exposure Validation (AEV) is Gartner's term for what Mitigant CAE provides:
The Concept:
- Don't just identify vulnerabilities—validate which ones are exploitable
- Focus on validated exposures rather than chasing every vulnerability
- Prioritize based on actual risk, not theoretical CVSS scores
How Mitigant Enables AEV:
- CSPM identifies potential exposures
- CAE emulation proves exploitability
- Contextual analysis shows which exposures matter in your specific environment
- Reduces noise by filtering out theoretical risks
Benefits:
- Reduce alert fatigue
- Optimize security team time
- Faster remediation of real risks
- Better ROI on security investments
How does Mitigant support Threat-Informed Defense?
Threat-Informed Defense shifts security strategy from generic best practices to specific threats (primarily through Mitigant CAE):
Traditional Approach:
- Implement all recommended security controls
- Chase vulnerability metrics
- React to every alert equally
Threat-Informed Approach:
- Understand which threat actors target your industry
- Emulate their specific techniques
- Prioritize defenses against realistic threats
Mitigant's Implementation:
- Attacks tagged with threat actor TTPs (CAE)
- Select scenarios based on specific threat actors (e.g., Scattered Spider)
- Integrate cyber threat intelligence feeds (CAE)
- Validate defenses against known adversary behaviors (CAE)
- CSPM ensures baseline security posture
- KSPM validates container security
Partnership Example:
- Collaboration with Sekoia.io demonstrated practical Threat-Informed Defense
- Combined CTI with attack emulation for validated security
Learn more: Cloud Attack Emulation: Enhancing Cloud-Native Security with Threat-Informed Defense
How does this fit with CTEM?
CTEM (Continuous Threat Exposure Management) is Gartner's framework. The Mitigant Platform supports all CTEM stages:
1. Scoping: Identify assets and attack surface
- CSPM/KSPM provides complete cloud visibility
- Resource inventory across multi-cloud
- Kubernetes workload discovery
2. Discovery: Find vulnerabilities and misconfigurations
- CSPM: Continuous assessment of security posture
- KSPM: Container vulnerability scanning
- Compliance violation detection
3. Prioritization: Determine which exposures matter most
- CAE: Attack emulation validates exploitability
- Risk-based prioritization, not just CVSS scores
- Focus on validated exposures
4. Validation: Prove security controls work
- Core CAE capability
- Continuous validation, not annual pen tests
- Evidence-based security assurance
5. Mobilization: Remediate and communicate
- Clear remediation steps provided (CSPM/KSPM)
- Integration with Slack, Teams, Jira
- Automated reporting (all products)
Mitigant's approach aligns perfectly with CTEM's emphasis on validated exposures and continuous testing.
See platform details: Cloud Attack Emulation Platform