How secure is the Mitigant Platform itself?

‍

As a security platform, Mitigant takes its own security seriously:

Architecture:

• SaaS platform hosted in secure cloud infrastructure
• Agentless design minimizes attack surface
• API-based access with least-privilege principles
• BYOR (CAE) ensures customer-controlled security boundaries

‍

Access Control:

• Role-based access control for team members
• Audit logging of all user actions
• Integration with identity providers
• Customers control access through their own IAM policies (CAE)

‍

Data Handling:

• Attack telemetry and logs stored securely
• Compliance with data privacy regulations
• Data residency options available

‍

Transparency:

• All actions logged in your CloudTrail/Azure Activity Logs
• No hidden permissions or backdoors
• Open documentation of required access

‍

For detailed security architecture documentation, security questionnaires, or SOC 2 reports, please contact our team.

‍

‍

‍

‍

What about data privacy?

‍

Mitigant's agentless approach enhances privacy:

What Mitigant Accesses:

• Cloud resource configurations
• IAM policies and permissions
• Network topology
• Service settings
• Kubernetes cluster configurations (KSPM)
• Only what you explicitly grant through BYOR (CAE)

‍

What Mitigant Doesn't Access:

• Application data within workloads
• Customer data in databases
• File contents in storage
• Personal information
• Anything outside the role permissions you define (CAE)

‍

During CAE Attack Emulations:

• Data exfiltration is simulated, not performed
• No actual customer data leaves your environment
• Attacks validate capability to access, not actual access

‍