Founded in 2021 by Dr. Muhammad Sukmana, Kennedy Torkura, Nils Karn, and Dr Thomas Fricke, Mitigant was established in response to the growing threat of cyberattacks on cloud infrastructure. By merging academic research and industry experience, the team developed a revolutionary method in cloud security, known as Security Chaos Engineering.
The interview sheds light on the challenges faced by companies in securing their cloud infrastructures, particularly the lack of security awareness and the problem of inadequate standard configurations. Dr. MuhammadSukmana explains how Mitigant differentiates itself from other solutions by enabling proactive, continuous checks and emulations of cyberattacks to identify and rectify vulnerabilities early.
With a current team of 11 members, Mitigant plans to expand its workforce in the coming years. Future plans include developing more integrations and introducing new features to keep pace with the rapidly changing cloud landscape. Dr. Sukmana outlines a vision for Mitigant, aiming to become the leading European cloud security solution over the next five years and emphasizing the importance of cloud security.
This interview offers a comprehensive look into Mitigant’s approach to tackling the critical issue of cloud security in the modern digital era.
Mitigant in brief!
Dr. Muhammad Sukmana: The cyberattacks on cloud infrastructure have been increasing and evolving in recent years following the digitalization trend of moving data and services to the cloud. However, many companies are not prepared for cloud attacks due to their unawareness of the shared responsibility model in the public cloud and limited resources and knowledge of securely managing the cloud infrastructure. This results in many cloud security incidents that affect many companies and their customers, such as data leakage or ransomware attacks. Meanwhile, the cloud security solutions on the market seemed to be
unable to catch up to the latest cyberattack advancements.
In 2020, Kennedy Torkura, a Ph.D. colleague researching cloud security at the Hasso Plattner Institute in Potsdam and working at Mattermost, invited Nils Karn and me to collaborate. Nils, a former colleague at the Hasso Plattner Institute, brings consulting and design thinking expertise. Identifying the rapidly evolving and increasing number of cyberattacks on the cloud in recent years, we merged our academic and industry knowledge to address this challenge and work on a revolutionary approach in the cloud security market. Our team expanded with the inclusion of Dr. Thomas Fricke, a seasoned cloud security expert and consultant with a rich background in building successful companies. Together, we realized our startup idea, culminating in the company we have today.
What challenges do you currently see regarding the security of cloud infrastructures?
Dr. Muhammad Sukmana: There is a lack of cloud security awareness, as security is usually not the main concern of many companies due to a predominant focus on developing and maintaining their services. Companies do not realize they are responsible for securely and correctly configuring their cloud infrastructures since the default configuration is not secure. Meanwhile, the current workforce market causes a lot of companies to struggle to find the right people to manage their cloud infrastructures securely.
How does Mitigant differentiate itself from other cloud security solutions on the market?
Dr. Muhammad Sukmana:Mitigant provides a proactive and continuous cloud security verification approach to help companies discover and remediate security vulnerabilities early and prepare for possible cyberattacks, unlike competitors who focus on resolving security issues after cyber incidents. Pioneering the Security Chaos Engineering approach from Kennedy’s Ph.D. research, Mitigant stands out as the first cybersecurity product to implement this revolutionary approach. It allows Mitigant to verify the readiness of cloud infrastructure by emulating cyberattack scenarios in cloud infrastructure and discovering security blindspots for possible cloud attacks, such as ransomware attacks.
What expertise and experiences did the founders bring to focus on the field of cloud security?
Dr. Muhammad Sukmana: Kennedy and I have done our Ph.D. at Hasso Plattner Institute, where we have published over 20 scientific articles in cybersecurity and cloud security. We were also actively engaged in several
research projects with Bundesdruckerei and SAP in the cloud security and security analytics area. Kennedy’s extensive experience as a Cloud Security Engineer in various companies provided firsthand insights into the importance of cloud security for business continuity. With over 15 years of experience as a cloud security expert, Thomas has consulted on numerous government projects and founded multiple cybersecurity companies and projects. Nils has worked many years as consultants and design thinking experts working with big enterprises to help them resolve the digitalization challenges.
Could you explain in more detail how Mitigant implements proactive security measures in the cloud?
Dr. Muhammad Sukmana: Mitigant helps to make cloud-native infrastructures in Amazon Web Services, Microsoft Azure, Google
Cloud Platform, and Kubernetes secure, compliant, and resilient. After Mitigant’s 15-minute onboarding process, it will automatically detect and remediate security vulnerabilities in the cloud infrastructures due to misconfigurations and compliance violations. Companies could also easily achieve and monitor compliance with cloud security standards and best practices on the market, e.g., ISO 27001, BSI C5, PCI-DSS, and CIS Benchmarks. It also offers complete cloud security visibility with cloud infrastructure inventory and cloud drift management to monitor the latest cloud state for suspicious activities and unwanted changes.
Mitigant can help discover security blindspots within cloud security controls with automated cloud attack emulation scenarios, such as ransomware attacks. It can emulate a “cloud attack” within the cloud environment, which reverts to its original state once the emulation is finished. The attack emulation is designed to help companies monitor how the cloud behaves during cyberattacks and evaluate the effectiveness of their implemented strategies. For example, can they detect the attack in real-time, or do they know what needs to be done to stop and mitigate the attack? Based on the observations, companies can enhance their cloud security controls and strategies, ensuring better preparedness for potential cloud attacks. cyberattacks.
Identifying the rapidly evolving and increasing number of cyberattacks on the cloud in recent years, we merged our academic and industry knowledge to address this challenge and work on a revolutionary approach in the cloud security market.
Dr. Muhammad Sukmana
Can you share a specific example or success story where Mitigant assisted a customer in minimizing security risks in the cloud?
Dr. Muhammad Sukmana: Many of our customers are surprised to discover security vulnerabilities detected by Mitigant in their cloud infrastructures, where they were quite confident that they have configured their infrastructures correctly. However, in many aspects, the default configuration does not mean secure configuration, and it is up to the customers to configure their cloud resources securely. Mitigant simplifies this process with its easy-to-use interface, enabling companies to remediate security vulnerabilities easily and monitor compliance with cloud security regulations and best practices.
What is the roadmap for Mitigant? Are there new features or technologies planned for introduction in the future?
Dr. Muhammad Sukmana: We are developing more integrations and introducing new features to help our customers proactively secure their clouds from security threats. As the cloud landscape evolves rapidly, we are committed to staying ahead of these changes. Our continuous efforts involve updating. our assessment rule engine and incorporating more cloud attack emulation scenarios. These improvements aim to provide customers with better visibility into their cloud infrastructures, enabling them to plan and enhance their overallcloud security posture.
Could you give us a brief overview of your current team? How many team members are currently on board, and in what roles are they active? Is there an intention to expand the team in the future?
Dr. Muhammad Sukmana:We now have 11 team members, many working in the development and sales teams. We plan to hire additional talent in 2024 and 2025 to advance Mitigant’s development and expand our operation to cover more countries.
What is your vision for Mitigant in the next five years? What goals do you have for the company in terms of growth, innovation, and contribution to the cloud security industry?
Dr. Muhammad Sukmana: Our vision for Mitigant involves becoming the leading European cloud security solution, extending our reach across European countries and rapidly expanding to North America, Asia, and the Middle East. Mitigant will always champion a proactive cloud security approach to ensure that cloud customers are fully aware of their cloud security posture and are well-prepared for potential cloud security threats. Achieving this vision involves continuous research and development initiatives and a commitment to raising awareness about the importance of cloud security.
Interview held in December with Dr. Muhammad Sukmana
Picture and video footage: Mitigant