How long does a typical POC take?

‍

A proof of concept typically follows this timeline:

Week 1-2: Setup & Initial Assessment

• Onboard 1-2 cloud accounts (takes 10-15 minutes each)
• Set up CSPM for continuous monitoring
• Configure KSPM if using Kubernetes
• Create and provide IAM role with initial permissions (BYOR for CAE)
• Run initial CSPM/KSPM assessment
• Start with enumeration attacks (CAE - harmless, read-only)

‍

Week 3-4: Pre-Production Testing

• Analyze CSPM/KSPM findings
• Expand CAE permissions for write operations in test environments
• Run CAE attack scenarios in dev/test
• Validate platform capabilities
• Train security team on platform features

‍

Week 5-8: Production Validation (Optional)

• Refine CAE role permissions for production scope
• Select non-critical workloads for CAE testing
• Run supervised attacks during maintenance windows
• Validate detection and response capabilities
• Measure detection gaps and remediation effectiveness

‍

Week 9+: Scale Decision

• Evaluate results and ROI
• Adjust permissions and scope
• Decide on broader deployment
• Negotiate contract terms

‍

Many customers are comfortable making a decision after 4-6 weeks of hands-on experience.

‍

‍

‍

‍

Do we need specialized skills to use the Mitigant Platform?

‍

No specialized expertise required:

Who Can Use Mitigant:

• Cloud security engineers (all products)
• DevOps/platform engineers (KSPM, CSPM)
• Security analysts (all products)
• Detection engineers (CAE)
• Compliance teams (CSPM)
• Any team member responsible for cloud security

‍

What Makes It Accessible:

• No coding required for running attacks (CAE)
• Pre-built attack scenarios based on MITRE ATT&CK (CAE)
• Automatic recommendations based on your environment (all products)
• Clear remediation guidance provided (CSPM/KSPM)
• Sigma rules included for detection engineers (CAE)
• BYOR setup uses standard IAM concepts familiar to cloud teams (CAE)

‍

Learning Curve:

• Web-based interface is intuitive
• Attack execution is button-click simple (CAE)
• Interpretation of results is straightforward
• Documentation and support available
• IAM role configuration follows cloud best practices (CAE)

‍

That said, understanding cloud architecture, security concepts, and IAM is helpful to maximize value from the platform.

‍

Watch: Getting Started with Security Chaos Engineering (Webinar)

‍

‍

‍

‍

Can we run this in air-gapped environments?

‍

The Mitigant Platform is designed as a SaaS solution requiring internet connectivity. For organizations with strict air-gap requirements, please contact us to discuss:

• Potential on-premises deployment options
• Hybrid architectures
• Specific compliance needs
• Custom deployment models

‍