CyberCompare spoke to Nils Karn about Cloud Attacks.
Dear Nils, how would you describe Mitigant in 3 quick-witted words?
Empower, Secure, and Simplify would describe Mitigant in a nutshell. With cloud attacks increasing and evolving rapidly in recent years, companies must ensure their clouds are secure and resilient from cloud attacks. Mitigant can proactively protect the cloud infrastructures to be secure, compliant, and resilient against cyberattacks.
Please introduce yourself briefly and tell us something about your background.
My name is Nils, and I am the Chief Executive Officer and Co-founder of Mitigant, a German cybersecurity company focusing on cloud security and cyber resilience. Before Mitigant, I was an IT consultant to help digitization processes in mid-sized organizations and a design thinking expert. I learned about cloud infrastructure at the Schulcloud Research Project at Hasso Plattner Institute, where I met my co-founders, who did their Ph.D. in cloud security. Subsequently, they approached me with an exciting idea for a cloud security startup based on expertise from both academia and industry, together with a cloud security expert, we founded the company in 2021.
What distinguishes Mitigant?
Mitigant offers the world’s first and most comprehensive Cloud Attack Emulation platform to proactively verify cloud infrastructure’s readiness and cyber resilience against cloud attacks. It automatically and safely emulates real-world cyberattack scenarios, such as ransomware attacks or data leaks, to discover cloud security blindspots. It better prepares the clouds and the teams to stay ahead of possible cloud attacks. The real-world attack scenarios are based on MITRE ATT&CK framework, and the revolutionary Security Chaos Engineering approach.
How does Mitigant help companies?
Mitgant empowers companies to proactively secure their cloud-native infrastructures in Amazon Web Services, Microsoft Azure, and Kubernetes from cloud attacks. With only a 15-minute onboarding process, Mitigant can ensure the clouds are secure, compliant, and resilient with an easy-to-use platform.
Mitigant’s Cloud Security Posture Management (CSPM) and Kubernetes Security Posture Management (KSPM) can detect and remediate security vulnerabilities in cloud-native infrastructures due to misconfigurations and compliance violations with its automated and on-demand security assessments. This allows companies to achieve and monitor cloud compliance with security regulations and industry best practices, such as ISO 27001, SOC 2, and CIS Benchmarks. We will also incorporate European standards like NIS2 and DORA in Mitigant. Companies can have complete multi-cloud security visibility in one platform with cloud-native resource inventory and drift management to detect unwanted changes and suspicious activities in the cloud.
Cloud Attack Emulation allows companies to strategize cloud security gamedays by emulating real-world attacks. This allows to investigate the readiness of their clouds and the security teams against possible breaches such as measuring time-to-detect and time-to-react to cloud attacks. Based on the reports companies can improve their cloud security strategy to be better prepared and more resilient against possible cloud attacks.
What do you see differently from prevailing opinions in the field of cyber security?
Cloud security is often overlooked. While traditional security focuses on detection and response after a breach occurs, Mitigant emphasizes proactive cloud security. Many companies believe their cloud providers handle all security, or they lack the in-house expertise to manage it effectively. Cloud security requires specialized knowledge and qualified engineers who are scarce and expensive creating a significant skill gap. Mitigant recognizes the need of a different approach – building resilience through continuous monitoring, emulating real-world attacks and automated remediation to help companies stay ahead of cloud attacks.
How do you differentiate from traditional vulnerability scan solutions?
Mitigant offers holistic, proactive, and automated cloud security for Security Operation Control (SOC) teams to ensure the clouds are secure, compliant, and resilient within one platform.
The SOC Blue team can use security assessment and monitoring of the Cloud Security Posture Management (CSPM) and Kubernetes Security Posture Management (KSPM) to ensure the cloud-native infrastructures are secure and compliant. Meanwhile, the SOC Red team can use Mitigant’s Cloud Attack Emulation to verify the resilience and readiness of the clouds against possible cyberattacks.
What’s next – what’s on your technical roadmap, what are your plans for 2024 and beyond?
We will integrate Cloud Attack Emulation for Microsoft Azure and Cloud Security Posture Management for Google Cloud Platform into Mitigant by early 2025. We will also develop more functionalities to improve Mitigant’s capabilities in detecting security vulnerabilities and cloud attacks in cloud-native infrastructures. Meanwhile, Mitigant will continuously update its security rules to follow the latest updates from cloud providers, upcoming regulations, and best practices on the market, such as NIS2 and DORA.
If you could send an email to all CISOs to address a security issue, what would you choose?
Knowing the current situation with companies focusing on traditional methods, my email to the CISOs will start with the question – Is your cloud infrastructure prepared to withstand an attack? Cloud attacks could happen to anyone, anytime, and anywhere, which requires the CISOs to re-evaluate their cloud security strategies and build resilience in their cloud infrastructure. Mitigant can help them enhance their cloud security while saving time and resources so they can focus on their core business.
