FAQs

How does Mitigant CSPM differ from traditional CSPM tools?

‍

Traditional CSPM tools identify misconfigurations. Mitigant CSPM goes further by integrating with CAE:

‍

Traditional CSPM Approach:

• "Your S3 bucket is publicly accessible" (detection)
• Relies on signatures and rules
• Tells you what might be a problem

‍

Mitigant CSPM + CAE Approach:

• CSPM: "Your S3 bucket is publicly accessible."
• CAE: "We just successfully accessed your S3 bucket—here's the data we could exfiltrate" (validation)
• Proves what's actually exploitable
• Tells you what is a problem

‍

The Mitigant Advantage:

• Combines CSPM assessment WITH attack emulation
• Prioritizes findings based on validated risk, not theoretical scores
• Reduces false positives by testing exploitability
• Provides evidence that remediation actually worked

‍

Think of it as CSPM + continuous red teaming in one platform.

‍

‍

What compliance frameworks does Mitigant CSPM support?

‍

Mitigant CSPM provides continuous compliance monitoring for:

International Standards:

• ISO 27001
• SOC 2
• HIPAA

‍

Cloud-Specific Benchmarks:

• CIS Benchmarks for AWS and Azure
• BSI C5 (German cloud security standard)

‍

Regional Regulations:

• NIS2 Directive (European cybersecurity requirements)
• GDPR considerations

‍

How it works:

• Automatic mapping of findings to compliance requirements
• Real-time compliance status dashboards
• Evidence collection for audits
• Clear remediation steps with compliance context

‍

Learn more: Navigating the Trifecta: Balancing Cybersecurity, Compliance, and Cyber Resilience

‍

‍

How often does Mitigant CSPM scan my environment?

‍

Continuous monitoring - not scheduled scans:

• CSPM continuously monitors for configuration changes via cloud provider APIs
• Real-time detection of new resources or modified configurations
• Immediate alerts for compliance violations or security issues
• No need to wait for scheduled scan windows

‍

What this means:

• New misconfiguration? Detected within minutes
• Resource created with wrong settings? Immediate notification
• Compliance violation introduced? Instant visibility
• No blind spots between scan intervals

‍

This continuous approach is far superior to tools that scan hourly or daily.

‍

‍

Can Mitigant CSPM auto-remediate issues?

‍

Currently: Mitigant CSPM provides guided remediation rather than automatic fixes:

‍

What you get:

• Clear, step-by-step remediation instructions
• Multiple remediation options (web portal, CLI, Terraform)
• Context about why the issue matters
• Compliance framework mapping
• Estimated effort and impact

‍

Why guided vs. automatic:

• Gives you control over changes to production
• Allows review before applying fixes
• Prevents unintended consequences
• Supports change management processes

‍

Workflow:

• CSPM detects issue → Provides remediation steps → You review and apply → CSPM validates fix

‍

Many customers integrate Mitigant into their IaC pipelines to semi-automate remediation while maintaining control.

‍

‍

Does Mitigant CSPM work across multiple cloud accounts?

‍

Yes. Mitigant CSPM provides unified multi-cloud visibility:

‍

Supported:

• Multiple AWS accounts (including AWS Organizations)
• Multiple Azure subscriptions (including Management Groups)
• Mixed environments (AWS + Azure simultaneously)

‍

Benefits:

• Single dashboard for all cloud environments
• Consistent security policies across clouds
• Unified compliance reporting
• Cross-cloud correlation of issues
• One platform, one vendor, one interface

‍

Perfect for:

• Enterprises with complex multi-cloud architectures
• Organizations using different clouds for different purposes
• Companies that acquired businesses on different cloud platforms
• Teams managing dev/staging/prod across multiple accounts

‍