Straight from the Mitiga RSAC booth: Your Cloud IR Planning Needs Readiness


Based on Mitiga’s first organizational appearance at the recent RSA Conference, the activity at this year’s in-person event at the Moscone seemed well worth the two-year interval since the last onsite edition.  That’s not just us talking – it’s what we heard directly from prospects, vendors, and our own customers. Whether we were in the our exhibitor booth, daily Happy Hour and Coffee Time socials at the W Hotel, or in conversations following Thursday’s "It's Getting Real and Hitting the Fan! Real World Cloud Attacks” presentation by Ofer Maor, our co-founder and CTO, the energy was off the charts and the one-to-one exchanges rewarding. 

Based on our engaging discussions with booth visitors – quite frankly, some of whom were drawn to visit by the lure of personalized coffee mugs and other giveaways – some themes emerged across four days that validated our organizational strategy.

Before we get started with planning next year’s Mitiga appearance at RSAC, we thought we’d share results of our attendee survey a few “from-the-booth” observations.

Survey results: The sublime appeal of pineapple pizza and the current state of IR Planning

As part of our booth activities, we encouraged visitors to complete a short Mitiga survey by offering an iPad pro to a winning participant. 

First things, first: in what can only be viewed an upset, in response to the hardest-hitting question in our survey, most respondents gave a thumbs-up to the under-appreciated pineapple pizza. This is an oft-debated topic here at Mitiga, so we were unsurprised by the 35% who think it's the worst.

Other survey questions were designed to assess the Cloud and SaaS environments of respondents, as well as any in-place Incident Response planning and readiness activities established at their organization. The high-level response results to those queries follow.

What's your relationship with cloud?

The majority of respondents indicated their organization was cloud-native or a mix of on-premises and cloud services, with a few just beginning their migrations.

What's your relationship with cloud?

From our perspective, these responses are consistent with the findings Mitiga has gathered from customers and prospects, as well as industry analysis. 

How do you handle major breaches?

How do you handle major breaches?

Of interest here: the high number of respondents indicating they use both a third-party and in-house resources to handle major breaches, which reflects the importance of Incident Response in today’s cybersecurity environments.

Are you ready for a breach in your main cloud provider?

Are you ready for a breach in your main Cloud Provider?

The majority of respondents here indicated cloud breach coverage was included in their standard IR Plan or the organization offered in-house expertise for cloud incident response. The balance of those surveyed indicated their organizations had not considered Cloud-specific breaches, which seems inconsistent with current IR strategy in today’s diversifying threat environment.

What about a breach in your SaaS Applications?

What about a breach in your SaaS Applications?

The responses here approximate those of the preceding cloud-based breach question, with 45% indicating their organizations “have specific technology, process and expertise for SaaS IR.”

How innovative do you think IR has been in the last 5 years?

How innovative do you think IR has been in the last 5 years?

 The majority of respondents indicated there either had been “Not enough” innovation or innovations instead seemed more “focused more on SOC automation (XDR/SOAR).”

Booth chatter: A rise in IR Planning without readiness 

In our in-person exchanges in the Mitiga booth, we asked a few rotating questions, using a handful of approaches and various perspectives, all of which essentially focused on the following: 

“Do you have an organizational IR Plan? If so, was it developed in-house or by your provider, and how effective is it?”

“Who handles IR in your organization?”

“How effective is your IR Planning in Cloud and SaaS environments?”

“How do you assess organizational readiness against future compromise and breach attempts during peacetime?” 

At a high level, our booth visitors provided the following insights:

  • Most visitors indicated they had an organizational IR program or third-party partner, but the answers become less precise as we advanced through follow-up questions regarding how recently that IR plan was used or whether it was Cloud- and SaaS-specific. 
  • Many were able to identity their IR vendor, but they could not name the internal team tasked with owning incident response. 
  • Based on further discussion, it became apparent that the majority of in-place IR Plans were designed without specific data collection, platform analytics, and organizational responsiveness for breaches occurring in the cloud and SaaS environments.

Packing up the booth

Along with pineapple pizza’s victorious emergence in our survey, we were pleased to hear so many booth visitors share direct feedback about their current-state Incident Response planning and threat investigation processes.

For Mitiga, part of our motivation for attending RSAC this year was getting the word out about our proud startup company and sharing our founders' vision with cybersecurity leaders and operators at some of the world’s leading businesses.

We also wanted to validate whether our recently announced Incident Readiness & Response (IR²) solution represented an innovative IR approach tailored to the Cloud and SaaS environments nearly every large-scale organization relies upon today. Based on our discussions with those at the Moscone and around San Francisco across four days, the answer to that question was a resounding “Yes.”

For more information about how Mitiga’s IR2 solution provides readiness that enhances organizational planning for Cloud- and SaaS-based cyberthreats – and delivers “peacetime value” in terms of upfront log collection, readiness assessments, and enhanced customer analytics of forensics data – visit: Incident Readiness & Response (IR²).

Learn how incident response is different in the cloud

Don't miss these stories:

Want to see the future of IR for cloud and SaaS? Request a demo of IR2