Customers
Why Mitiga
Request a DemoEmergency Assistance
Home
»
Blog Main
Customers
Why Mitiga
Request a DemoEmergency Assistance

Cybersecurity has been with us for decades, yet it’s still a young and maturing industry—and not surprisingly. Every enterprise that cybersecurity supports is still moving along their own digital transformation journey. Some are in the early stages, lifting and shifting their on-prem workloads to the cloud. Others are well along the path, taking on new SaaS (Software as a Service) applications and developing their own cloud-native solutions to serve customers better, build efficiency into their operations, and transact with greater ease.

But all those advancements come with cyber risk. Increasingly, enterprises have recognized the new threats posed by operating in cloud and SaaS environments. However, to date, what most organizations have focused on is the protection aspect of their cloud security: keeping bad actors out. It may be a mindset left over from the on-prem days of establishing a strong perimeter. As the perimeter has dissolved as cloud and SaaS adoption has risen, it’s not only protection that enterprise must consider, but also response and resilience when those protective layers are breached.

Rebalancing Your Cyber Investment Strategy

Today, it’s likely that your organization has a cybersecurity investment strategy that is somewhere in the neighborhood of 90/10, with 90% being spent on prevention and 10% allocated to detection and incident response. At a time when enterprises hold more data than ever in the cloud (and out of their control) and cloud and SaaS attacks continue to increase in frequency and sophistication, it’s an equation that needs some rethinking.

The evolving perspective stems from a growing realization: In modern digital landscapes, cyber attacks are inevitable. Rather than pouring resources into the increasingly elusive goal of complete prevention, the focus is shifting towards minimizing the impact of these unavoidable breaches.

In today’s environment, instead of disproportionately favoring threat prevention, a more balanced allocation that allows for greater investment in detection and response is needed. A 70/30 split is a sensible starting point, but the exact figures will depend on each organization's unique needs and risk profile. Depending on the breadth of your cloud estate and the value it represents for your enterprise, over time that allocation may be 60/40.  

It’s important for executive and security teams to come together to understand what cloud and SaaS represent in terms of value, agree on the enterprise’s level of risk tolerance, and plan forward. The goal should be to maximize the impact of cyber investment dollars, while working to protect the value held within the cloud, and your enterprise overall.

Redirecting Cyber Investment to Modern Solutions

As you reallocate investment toward a strategy that elevates incident response and organizational resilience, it’s not only the amount of resources given to these areas that needs to shift. The types of solutions you spend on should be reconsidered too. For example, up to now, IR (incident response) dollars were likely designated for a retainer, so that if a breach happened you had someone on call to address the problem.

However, with the attack landscape moving at cloud speed, it’s not enough to have a team on speed dial after the fact. Enterprises need solutions that enable a proactive incident response approach so that you’re gathering and analyzing all the data you need for forensic investigation continually, before being breached. It’s also important to gain continuous value from your investment dollars—focusing on methods that strengthen your visibility, hunting capabilities, and compliance at the times when you’re “at peace,” rather than directing your spend in ways that have mostly war time value.

CIRA Supports Modern Investment Strategies

Cloud Investigation and Response Automation (CIRA) is an emerging set of capabilities designed to support the detection and response needs of modern organizations. There is an obvious benefit of transitioning from the traditional retainer model to a SaaS-based solution that emphasizes continuous monitoring, preparation, and dramatically accelerated response. Leveraging a CIRA platform helps enterprises ensure that they are prepared for inevitable incidents, can respond to them quickly and effectively, and minimize impact. By turning potential crises into manageable occurrences, CIRA isn’t simply a risk mitigation investment, but an operating expense that supports business enablement and organizational resilience.

Learn more about what’s taking the place of traditional IR for cloud and SaaS.

LAST UPDATED:

April 23, 2024

Don't miss these stories:

Invisible Threats: Wireless Exploits in the Enterprise with Brett Walkenhorst

In this episode of Mitiga Mic, Field CISO Brian Contos talks with Brett Walkenhorst, CTO of Bastille, about how wireless attack techniques like Evil Twin and Nearest Neighbor are used to gain access to protected environments. They discuss how these threats show up inside data halls, executive spaces, and high-security facilities, often bypassing traditional network defenses

From Rogue OAuth App to Cloud Infrastructure Takeover

How a rogue OAuth app led to a full AWS environment takeover. And the key steps security leaders can take to prevent similar cloud breaches.

CORSLeak: Abusing IAP for Stealthy Data Exfiltration

When people talk about “highly restricted” cloud environments, they usually mean environments with no public IPs, no outbound internet, and strict VPC Service Controls locking everything down.

Defending SaaS & Cloud Workflows: Supply Chain Security Insights with Idan Cohen

From GitHub Actions to SaaS platforms, supply chain threats are growing. Hear Mitiga’s Idan Cohen and Field CISO Brian Contos explore real-world compromises, detection tips, and strategies to strengthen your cloud security.

Inside Mitiga’s Forensic Data Lake: Built for Real-World Cloud Investigations

Most security tools weren’t designed for the scale or complexity of cloud investigations. Mitiga’s Forensic Data Lake was.

Measurements That Matter: What 80% MITRE Cloud ATT&CK Coverage Looks Like

Security vendors often promote “100% MITRE ATT&CK coverage.” The reality is most of those claims reflect endpoint-centric testing, not the attack surfaces organizations rely on most today: Cloud, SaaS, AI, and Identity.