Customers
Why Mitiga
Request a DemoEmergency Assistance
Home
»
Blog Main

In recent weeks, the cybersecurity community has been abuzz with news about a potential data breach at one of the leading cloud data platforms. Initial reports indicated that the breach was not of the organization’s systems, but rather caused by users not enabling Multi-Factor Authentication (MFA), leading to compromised credentials and stolen data. While the company has urged customers to enable MFA as they continue their internal investigations, a reputable cybersecurity firm has stated that the incident has affected approximately 165 customers, many sizeable, who are now coming out and posting their own announcements on the issue—going back as far as 2020.

This situation highlights a critical aspect of cybersecurity: the balance between first-party trust and third-party validation.

Policing Your Cloud Platforms

It is essential to recognize that no platform is infallible, and fully relying on a CSP (cloud service providers) or cloud application provider to police themselves introduces a fog of war to an organization's security posture. Therefore, you must take an active role in policing the cloud platforms you use. This involves regularly scoring each provider’s behavior based on security performance and incident response capabilities, periodically vetting their certifications and pen-tests, and by monitoring trusted sources for news on breaches or other indicators of attacks. By doing so, you can hold your providers accountable and ensure they maintain high security standards.

The Importance of Strong Passwords and MFA

In addition to these measures, it is vital to emphasize the importance of using strong, random passwords and enabling MFA across all external tools and services. These two basic security practices can significantly reduce the risk of credential compromise, as seen in the incident described above.

Strong Passwords: Ensure that passwords are complex and unique for each account. Avoid using easily guessable information and consider using a password manager to generate and store passwords securely.

Multi-Factor Authentication (MFA): MFA adds an extra layer of security by requiring a second form of verification in addition to the password. This could be a text message, email, or an authentication app. By enabling MFA, you significantly enhance the security of your accounts, making it much harder for attackers to gain unauthorized access.

Trust but Verify

With organizations embracing cloud platforms at an ever-growing rate, they rely heavily on third-party platforms and services to manage and protect their data. This reliance necessitates a certain level of inherent trust in these providers. However, as this recent incident illustrates, blind trust is not advisable. Even when a service provider assures you that the situation is under control, it is crucial to have mechanisms in place to independently verify those claims for your own organization and brand.

We believe that the keys to robust cybersecurity and risk management lie both in proactive and reactive measures that enable organizations to not only trust, but verify, the security of their cloud platforms and systems. Here is how you can achieve that:

  1. Defense-in-Depth Approach to Security and Vendor Use: Adopt a multi-layered security approach to protect against a variety of threats. This strategy involves implementing multiple layers of defense mechanisms and vetting the security practices of vendors you engage with to ensure they are following tried and true practices. This concept extends to using multiple cloud platforms and utilizing each for their own strengths.
  2. Proactive Visibility Assessment: Regularly auditing your cloud logging configurations can help identify blind spots that will prevent you from detecting breaches and threats. Tools like Mitiga can automate the checks around data log collection, ensuring that you are fully prepared to detect and research any threats or potential breaches from your cloud platforms. Our Forensic Data Readiness tool scores your level of readiness, and which provides details around which data collection configurations are enabled, or not.
  3. Reactive Incident Response: When an incident occurs, having the ability to investigate quickly and effectively is paramount. Mitiga's platform allows you to delve into the data, identify the root cause, and take corrective actions to prevent future occurrences, as well as the ability to directly engage with our IR (Incident Response) teams to help research these potential threats and come to a conclusion 700% quicker.
  4. Full Data Collection: On-prem tools are constantly logging everything that they encounter, regardless of if that data is submitted to your SIEM (Security Information and Event Management) / SOC or not, allowing for investigators to go to the source for detailed data logs when researching a potential breach. Cloud platforms do not enable this capability by default because of the cost involved with storing that data, and SIEM (Security Information and Event Management) event exhaustion prevents collecting of all data there. Mitiga can help offset these concerns by storing all data affordably and efficiently.

How Mitiga Polices Itself

Mitiga is committed to protecting customer data and its own data from any misuse, unauthorized access, or leakage. As such, the company has a high-level framework for protecting data and authorizing specific employees with access to customer data. We employ a Data Access & Protection policy to ensure that we are always working to uphold the trust our customers place in us. Additionally, we have successfully achieved both our SOC2 Type II and ISO 27001 certification and perform regular pen-tests on our platform, evidence of which we always provide our customers.

Mitiga is also a “customer” of our own platform solution. As we previously stated, Mitiga is built by investigators, for investigators. Using our platform allows us to put it to the test and continually strengthen it, ensuring it is best-in-class protection for us and our clients. 

In addition, Mitiga uses 3-factor-authentication for our employees and contractors, conducting a security configuration review for each platform we are using, and having a dedicated internal security team to assess any risks for platform we are considering using and\or currently using, periodically.

Taking Control of your Cloud Security

While it is important to trust your first-party platform providers, it is equally crucial to validate their security claims through independent verification. Take control of your cloud security today with Mitiga. Ensure your organization is equipped to proactively manage incidents with contextual data collected by our platform, respond effectively to incidents and events with help from our automated IOAs and Incident Response managed service, and maintain robust security readiness by engaging with our Forensic Data Readiness tool. Contact us to learn more about how Mitiga can enhance your incident response and threat research processes.

Remember, in cybersecurity, trust is important, but verification is essential.

LAST UPDATED:

June 20, 2024

Don't miss these stories:

Why Wi-Fi Isn’t Enough: Joseph Salazar on Wireless Airspace Security

In this episode of Mitiga Mic, we sit down with cybersecurity veteran Joseph Salazar, now with Bastille Networks, to uncover the vast and often invisible world of wireless attack surfaces. From Bluetooth-enabled coffee mugs and smart thermostats to malicious USB cables that launch attacks from parking lots, Joseph walks us through real-world threats that operate outside your firewall and beyond traditional security tools.

From Breach Response to Platform Powerhouse: Ofer Maor on Building Mitiga for Cloud, SaaS, and Identity Security

Solutions Platform Helios AI Cloud Security Data Lake Cloud Threat Detection Investigation and Response Readiness (TDIR) Cloud Detection and Response (CDR) Cloud Investigation and Response Automation (CIRA) Investigation Workbench Managed Services Managed Cloud Detection and Response (C-MDR) Cloud Managed Threat Hunting Cloud and SaaS Incident Response Resources Blog Mitiga Labs Resource Library Incident Response Glossary Company About Us Team Careers Contact Us In the News Home » Blog Main BLOG From Breach Response to Platform Powerhouse: Ofer Maor on Building Mitiga for Cloud, SaaS, and Identity Security In this premiere episode of Mitiga Mic, Mitiga’s Co-founder and CTO Ofer Maor joins host Brian Contos to share the journey behind Mitiga’s creation—and how it became the first purpose-built platform for cloud, SaaS, and identity detection and response. Ofer discusses why traditional incident response falls short in modern environments, how Mitiga built its platform from real-world service experience, and the crucial role of automation and AI in modern SOC operations.

Helios AI: Why Cloud Security Needs Intelligent Automation Now

Mitiga launches Helios AI, an intelligent cloud security solution that automates threat detection and response. Its first feature, AI Insights, cuts through noise, speeds up analysis, and boosts SecOps efficiency.

Hackers in Aisle 5: What DragonForce Taught Us About Zero Trust

In a chilling reminder that humans remain the weakest component in cybersecurity, multiple UK retailers have fallen victim to a sophisticated orchestrated cyber-attack by the hacking group known as DragonForce. But this breach was not successful using a zero-day application vulnerability or a complex attack chain. It was built on trust, manipulation, and a cleverly deceptive phone call.

No One Mourns the Wicked: Your Guide to a Successful Salesforce Threat Hunt

Salesforce is a cloud-based platform widely used by organizations to manage customer relationships, sales pipelines, and core business processes.

Tag Your Way In: New Privilege Escalation Technique in GCP

GCP offers fine-grained access control using Identity and access management (IAM) Conditions, allowing organizations to restrict permissions based on context like request time, resource type and resource tags.