FAQs

The Mitigant Security Platform is an integrated cloud security solution that combines continuous posture management with proactive attack validation. The platform consists of three core products that work together to provide comprehensive cloud security:

Mitigant CSPM (Cloud Security Posture Management)

What it does:

• Continuously assesses cloud configurations for misconfigurations and compliance violations
• Monitors security posture across AWS, Azure, and GCP (coming soon)
• Provides clear remediation guidance with step-by-step instructions
• Tracks compliance with frameworks like ISO 27001, SOC 2, HIPAA, CIS Benchmarks, and NIS2, etc

How it works:

• Agentless, read-only monitoring via cloud provider APIs
• Automatic detection of violations against security best practices and compliance benchmarks
• Automatic asset management and drift detection (infrastructure changes, e.g., resource creation, deletion, and modification. See details here - https://www.mitigant.io/en/blog/drift-management-in-cloud-infrastructure)
• Real-time alerts for compliance violations

Ideal for:

• Compliance teams ensuring regulatory adherence
• Cloud architects maintaining security standards
• Security engineers monitoring cloud infrastructure
• Organizations requiring continuous compliance evidence

‍

Mitigant KSPM (Kubernetes Security Posture Management)

What it does:

• Specialized security and compliance monitoring for Kubernetes environments
• Detects and remediates misconfigurations within clusters
• Prioritizes container vulnerabilities based on risk (vulnerability intelligence e.g., EPSS and KEV integrated for easy prioritization)
• Validates Kubernetes security best practices
• Security assessment for Kubernetes registries

How it works:

• Uses a lightweight agent installed as an operator for monitoring managed and self-hosted Kubernetes clusters.
• Continuous assessment against Kubernetes benchmarks
• Integration with container registries for image scanning
• Multi-cluster visibility in a single platform

Ideal for:

• DevOps teams managing containerized applications
• Platform engineers running Kubernetes at scale
• Organizations with cloud-native architectures
• Teams using EKS, AKS, GKE, OpenShift, or self-hosted K8s

‍

Mitigant CAE (Cloud Attack Emulation)

What it does:

• Validates that your security controls actually work by emulating real-world attacks
• Tests detection and response capabilities continuously
• Proves which vulnerabilities are exploitable vs. theoretical
• Democratizes red team/purple team capabilities
• Simplifies AI red teaming by emulating attacks against Amazon Bedrock aligned with MITRE ATLAS

How it works:

• Runs 200+ attack scenarios based on MITRE ATT&CK and ATLAS frameworks
• Uses Bring Your Own Role (BYOR) for customer-controlled blast radius
• Automatic rollback and recovery after each attack
• Can run in pre-production or production with safety controls

Ideal for:

• Security operations teams validating detection rules
• Organizations without dedicated red/purple teams
• Detection engineers testing SIEM/CDR effectiveness
• Teams implementing Threat-Informed Defense strategies
• AI Red Teaming

‍

How They Work Together

The Integrated Approach:

1. CSPM identifies misconfigurations and compliance gaps
2. CAE validates whether those issues are actually exploitable
3. KSPM provides specialized security for containerized workloads
4. Together they deliver evidence-based security with validated exposures essentially aligned with CTEM (Continuous Threat Exposure Management)

Example Workflow:

• CSPM detects an overly permissive S3 bucket policy
• CAE emulates an attack to prove whether data can actually be accessed
• Results show whether this is a critical issue or a theoretical risk
• Remediation is prioritized based on validated exploitability
• Sigma logic is provided to enable detection capabilities in threat detection systems

Shared Platform Benefits:

• Single agentless deployment across all products (except KSPM)
• Unified dashboard and reporting
• Common integrations (SIEM, Slack, Teams, Jira)
• Consistent compliance framework mapping
• One vendor relationship for comprehensive cloud security

‍