Mitiga

Most people in cybersecurity are doing it wrong. 🤷♂️ You can’t defend what you don’t understand, and yet, so many refuse to think like the very adversaries they’re trying to stop. I wrote this to challenge the herd mentality, piss off a few folks (politely), and hopefully get some to wake up and realize: if you don’t cultivate a hacker mindset, you’re playing defense blindfolded. Huge thanks to Jim Donahue and the team at Dark Reading for giving this piece a home: https://lnkd.in/dWQsx_AS For the rest, enjoy the comfort of doing it the “normal” way.

💻💡 𝘊𝘭𝘰𝘶𝘥 𝘚𝘦𝘤𝘶𝘳𝘪𝘵𝘺 𝘙𝘦𝘴𝘦𝘢𝘳𝘤𝘩 𝘈𝘭𝘦𝘳𝘵! Our security analyst and incident responder teams tested a risk associated with the Microsoft "Intune company portal" device compliance CAP bypass, which enabled successful bypass of the policies and access to the scoped resource – specifically, MS Graph - from a non-compliant, unmanaged, and untrusted device. 🔓 This technique involves phishing a user's credentials, and the level of access to the Graph API depends on the privileges of the compromised user. 𝑾𝒉𝒚 𝒊𝒔 𝒕𝒉𝒊𝒔 𝒊𝒎𝒑𝒐𝒓𝒕𝒂𝒏𝒕? Our researchers saw the bigger picture, asking themselves "Is having the multi-factor authentication mechanism with CAPs enforced enough to tackle threat actors?" In this blog from Idan Cohen, Austin Bollinger, and Karen Largman, they cover: 👾 How to reproduce the bypass 👾 Techniques commonly used to steal credentials and claim MFA tokens 👾 A real-world Browser-in-the-middle (BiTM) attack ⭐ Recommendations for mitigation 🔗 Read the blog: https://lnkd.in/gDkrn7et P.S. Thank you to Dirk-jan Mollema for bringing more awareness to this vulnerability 👏

ZoomInfo is the go-to-market intelligence platform providing sales and marketing teams with up-to-date information about potential deals to help them accelerate their growth 🚀 ZoomInfo provides all of their services to customers via cloud hosting providers, meaning that they are heavily dependent on the security of these vendors. 💡 As former Chief Security Officer Tomer Gershoni recognized, "It’s not a matter of whether you’ll get breached, but more of a matter of when you’ll get breached. Therefore, the impact of the attack will be determined by your breach readiness and your ability to respond to security threats." Learn how Mitiga enabled ZoomInfo to reach their detection and response goals: https://lnkd.in/gtGstzut

CNAPPs are often seen as the standard when it comes to cloud security solutions, but their main focus is on CSPM and CWPP. While these areas are essential, detection and mitigation (e.g. CDR) tends to be an afterthought. Let's face it: it's 2025 and cyberattacks are becoming more sophisticated and complex. If you were building a cloud security strategy from the ground up, where would you (mainly) focus your attention? We want to hear from you 👂 ⤵️

Award-winning cybersecurity veteran, thought leader, author, and influential speaker Brian Contos has joined Mitiga as our Field CISO 👏 Brian brings over 30 years of experience driving hyper-growth for cybersecurity firms, with impressive exits including two IPOs and eight acquisitions. As Field CISO, Brian will support global go-to-market efforts by engaging with the wider cloud security community and influencing the future of Mitiga’s unrivaled Cloud Detection and Response (CDR) platform. 🎤 In Brian's own words: "As we continue to see increases in the volume, variety, and veracity of cloud breaches, it is clear there is a cloud security effectiveness gap in SecOps that results in nefarious actors gaining the advantage. Those actors are counting on organizations being passive as it relates to cloud security; we are here to disappoint them." While threat actors are being disappointed right and left, we couldn't be more excited for growing our ironclad leadership team even more 🔥 Welcome to Mitiga, Brian! Read more about Brian's background and experience shaping the technology and cybersecurity industries as we know them today: https://lnkd.in/gbuVRu9R

𝐂𝐥𝐨𝐮𝐝 𝐃𝐞𝐭𝐞𝐜𝐭𝐢𝐨𝐧 𝐯𝐞𝐫𝐬𝐮𝐬 𝐂𝐥𝐨𝐮𝐝 𝐓𝐡𝐫𝐞𝐚𝐭 𝐇𝐮𝐧𝐭𝐢𝐧𝐠 ⬇️ Detecting threats in your SaaS, identity, and cloud environment happens through both proactive and retrospective approaches. Our co-founder and COO Ariel Parnes explains the distinctions between cloud detection and threat hunting in his blog, pointing out such differences as: 🔎 Leveraging live data versus historical data 🔎 Identifying known malicious events versus previously undetected threats 🔎 Operating automatically using rules and analytics versus human analyst involvement Learn more: https://lnkd.in/gEB_bKMZ

40 Minutes of “Snowflake” Goodness: My CodeBlue Talk is Live! I’m thrilled (and slightly terrified) to announce that my CodeBlue session in Japan about the Snowflake campaign is now up on YouTube! Think of it as 40 minutes of storytelling, and behind-the-scenes revelations (plus a few questionable jokes). If you’ve been curious about the Snowflake campaign and SaaS security—or just want to see how I handle speaking nerves—this is your chance. Grab a coffee, find a comfy seat, and enjoy the show. Check it out here: https://lnkd.in/dezKEKhD If you watch it, let me know what you think! I’m all ears for your feedback (especially if it’s about my comedic timing… or lack thereof).

With identity as the new perimeter in cloud security, a Zero Trust model is becoming more widely adopted to authenticate, authorize, and validate identities before gaining access to apps and data. Is your organization implementing Zero Trust principles in the cloud? 🤔 Vote in the poll below to see how you compare with other organizations! #ZeroTrust #CloudSecurity #IdentitySecurity

What is the biggest challenge SOC teams face in the cloud? Head of Threat Detection Doron Karmi has some thoughts 💭 "The biggest challenge SOCs face in Cloud Detection and Response (CDR) is the complexity of cloud attacks, particularly identifying compromised identities in a timely manner. Distinguishing between benign and malicious activities in cloud-native environments is extremely difficult due to the lack of clear indicators of compromise and the subtle nature of identity-based threats." We couldn't agree more Doron - as they say, "Identity is the new perimeter." 👁️ The solution to this challenge? "SOCs should adopt advanced detection methodologies that leverage behavioral analytics, anomaly detection, and threat intelligence. Enriching logs with entity profiling and context-aware insights will help differentiate normal from suspicious activity, enabling more accurate and timely threat detection." Get to know the ins and outs of advanced cloud threat detection: https://lnkd.in/gwpN_WNR

🗞️ "New York state government agencies and their employees are now banned from having the OpenAI rival app installed on their work devices until further notice," according to Cybernews. As Field CTO Roei Sherman explains, "New York State's ban on the AI app DeepSeek highlights a growing challenge in cloud security: the struggle to control where data goes when using SaaS platforms. The core issue is that most organizations don't have adequate monitoring or detection capabilities to track data movement within SaaS applications." Learn more about the importance of strong data governance in SaaS environments by reading the full article: https://lnkd.in/g6bm4UMZ #DeepSeek #AISecurity #SaaS #CDR