What is Security Chaos Engineering?

‍

Security Chaos Engineering (SCE) is a research-based methodology that Mitigant pioneered for cloud environments and is the foundation of Mitigant CAE:

‍Core Concept:

• Deliberately inject security faults (attacks) to test resilience
• Observe how systems behave under attack
• Identify blind spots before real attackers do

‍Builds on Chaos Engineering:

• Traditional chaos engineering (like Netflix's Chaos Monkey) tests availability
• Security Chaos Engineering extends this to confidentiality and integrity
• Focuses on security failures, not just operational failures

Why It Matters:

• 100% cybersecurity is impossible
• Testing resilience is more realistic than pursuing perfection
• Validates whether security controls actually work
• Provides short feedback loops for evidence-based security

Research Foundation:

• Mitigant's founders developed SCE through Ph.D. research at Hasso Plattner Institute
• Published academic work validates the approach
• Proven through industry partnerships

‍

Learn more about the team: About Mitigant

Deep dive: Demystifying Security Chaos Engineering - Part I | Part II

‍

‍

‍

‍

What is Adversarial Exposure Validation?

Adversarial Exposure Validation (AEV) is Gartner's term for what Mitigant CAE provides:

The Concept:

• Don't just identify vulnerabilities—validate which ones are exploitable
• Focus on validated exposures rather than chasing every vulnerability
• Prioritize based on actual risk, not theoretical CVSS scores

‍How Mitigant Enables AEV:

• CSPM identifies potential exposures
• CAE emulation proves exploitability
• Contextual analysis shows which exposures matter in your specific environment
• Reduces noise by filtering out theoretical risks

Benefits:

• Reduce alert fatigue
• Optimize security team time
• Faster remediation of real risks
• Better ROI on security investments

‍

Read more about AEV in our detailed blog post.

‍

‍

‍

How does Mitigant support Threat-Informed Defense?

‍

Threat-Informed Defense shifts security strategy from generic best practices to specific threats (primarily through Mitigant CAE):

‍

Traditional Approach:

• Implement all recommended security controls
• Chase vulnerability metrics
• React to every alert equally

Threat-Informed Approach:

• Understand which threat actors target your industry
• Emulate their specific techniques
• Prioritize defenses against realistic threats

Mitigant's Implementation:

• Attacks tagged with threat actor TTPs (CAE)
• Select scenarios based on specific threat actors (e.g., Scattered Spider)
• Integrate cyber threat intelligence feeds (CAE)
• Validate defenses against known adversary behaviors (CAE)
• CSPM ensures baseline security posture
• KSPM validates container security

Partnership Example:

• Collaboration with Sekoia.io demonstrated practical Threat-Informed Defense
• Combined CTI with attack emulation for validated security

Learn more: Cloud Attack Emulation: Enhancing Cloud-Native Security with Threat-Informed Defense

‍

‍

‍

‍

How does this fit with CTEM?

‍

CTEM (Continuous Threat Exposure Management) is Gartner's framework. The Mitigant Platform supports all CTEM stages:

‍

1. Scoping: Identify assets and attack surface

• CSPM/KSPM provides complete cloud visibility
• Resource inventory across multi-cloud
• Kubernetes workload discovery

‍

2. Discovery: Find vulnerabilities and misconfigurations

• CSPM: Continuous assessment of security posture
• KSPM: Container vulnerability scanning
• Compliance violation detection

3. Prioritization: Determine which exposures matter most

• CAE: Attack emulation validates exploitability
• Risk-based prioritization, not just CVSS scores
• Focus on validated exposures

4. Validation: Prove security controls work

• Core CAE capability
• Continuous validation, not annual pen tests
• Evidence-based security assurance

5. Mobilization: Remediate and communicate

• Clear remediation steps provided (CSPM/KSPM)
• Integration with Slack, Teams, Jira
• Automated reporting (all products)

Mitigant's approach aligns perfectly with CTEM's emphasis on validated exposures and continuous testing.

See platform details: Cloud Attack Emulation Platform

Read the following blog posts for details:

• Cloud Attack Emulation: Enhancing Cloud-Native Security With Threat-Informed Defense
• Cloud Attack Emulation & Detection Engineering: A Match Made in Heaven