Mitiga Security Inc., a company that assists with cloud and software-as-a-service incident response readiness, said today that it completed its Series A round, bringing its total funding to $45 million, to help meet the demands of companies that rely on SaaS environments and need to deal with potential security breaches.

The round was led by ClearSky Security, with participation from Samsung Next. Existing investors Blackstone, Atlantic Bridge and DNX also joined in the round.

Mitiga’s platform prepares companies for incidents, such as data breaches, exploits and hacks by making it possible to provide answers about what happened as quickly as possible. That means access to critical forensic data within hours rather than days so that what happened, where it happened and whom it affected can be summarized and reported to the correct corporate interests, government bodies and customers as quickly as possible.

“Incident response traditionally is something very reactive and only after something has happened do you call for help when you need it — and usually, you only call for help after something has become a breach,” Tal Mozes, co-founder and chief of Mitiga, told SiliconANGLE in an interview. “What we’re trying to do is to help completely reinvent incident response with only one goal in mind: which is how to help customers downsize the impact of the breach, because breaches are inevitable, but crises are avoidable.”

According to IBM Corp.’s 2022 Cost of a Data Breach report the average cost of a data breach was $9.44 million for the United States, more than twice the global average. The same report stated that nearly half of all data breaches, at 45%, occurred in the cloud.

In order to make breach response more proactive, Mozes said that Mitiga looked at what was needed to do incident response and sought to help automate it as much as possible. Incident response requires a lot of data for the forensic analysis of logs. However, examining something that happened 24 hours ago that can take more than a day of waiting, but trying to investigate something from months ago could take weeks of downloading.

To shorten this response time, Mitiga proactively connects to the cloud, SaaS and infrastructure logs, downloads them over time and keeps them stored offsite and parses them into forensic categories in preparation for potential incidents. That ensures that the data is already prepared for an investigation should something happen.

“There is also a network effect,” Mozes explained. “When we learn of a certain attack and we understand how to respond we can execute a response as many times for our customers who have a similar environment without even waiting for them to approach us because we already know what it looks like. So we can do a response and it will be a threat hunt that is automated for them.”

For example, if one customer gets hit with a cybersecurity attack campaign the same threat detection can be used across other customers to see if they have been potentially affected and warn them. Also, if there has been a widely publicized breach, the Mitiga team can then write their own threat hunt scenarios for customers.

Aside from automating threat response, Mitiga’s platform also provides customers with a health dashboard that gives them an assessment at a glance of how ready they are for emergency incident response. One issue that many companies have is that they don’t realize how much data they produce that is not logged. This includes potential SaaS integrations that have been implemented and forgotten — the dreaded shadow IT — or even the free versions of enterprise apps such as Slack that don’t provide logs.

Mozes said that many businesses don’t realize that Slack is still another vector for potentially dangerous links to sneak behind a company’s cybersecurity lines. Email and social networking apps aren’t the only way for malicious actors to attack the company. Not having access to the logs produced by Slack makes it more difficult to see where the infiltration happened.

Knowing where the infiltration happened and what it affected can be extremely important. That’s not just because the security team will want to shore up the defenses, but because the legal team will want to reach out to regulators with a report of what happened and who was affected as quickly as possible. Not doing this in a timely fashion can put businesses on the hook for large fines.

With Mitiga’s platform, businesses can quickly determine not only what happened, but where it happened – in the United States, the European Union, or whatever region – as well as who was affected and how it affected them. As a result, they know who to contact and what to tell them as quickly as possible.

“As more and more companies are advancing their cloud journeys, they’re beginning to understand that growing their cyber resiliency is a vital part of that transformation,” said Tal Achituv, chief technology officer of Samsung Next. “Mitiga’s modern incident response solution combined with the team’s deep cloud forensics expertise enables companies to prepare for cloud breaches before they happen — so they get back to business immediately.”

With the new funding, Mozes said that Mitiga will focus on building out its incident response resilience product and accelerate its growth as more businesses build on cloud and SaaS environments – especially given the high cost of data breaches.

Image: estherpoon/Adobe Stock