Mitiga Brings In $30M for Cloud and SaaS Protection Growth

A 2024 RSA Conference Innovation Sandbox finalist raised $30 million to detect, investigate and remediate cloud and SaaS-based cyberattacks more effectively.

See Also: AI, Cloud, and Cyber Threats: A Financial Sector Survival Guide

New York-based Mitiga said it will use the Series B money to expand its go-to-market strategy in Europe and invest in advanced technology such as automated remediation capabilities, according to co-founder and CEO Tal Mozes. He said Mitiga has differentiated itself from rivals through an extensive forensics data lake and a focus on holistic visibility to address the growing complexity of cloud-based attacks.

“It’s an amount that gives us a run rate of a minimum of two years to get to the next goal,” Mozes told Information Security Media Group. “We didn’t want to sell too much of the company at this stage. We could have got more money. We want to be careful with the spending and the burn rate, and make sure that we achieve our goals like we did in previous years.”

Mitiga, founded in 2019, employs 69 people and has raised $75 million in outside funding, with the latest money coming 22 months after the company completed a $13 million Series A extension led by ClearSky Security. The firm has been led since inception by Mozes, who spent eight years at EY running the consulting giant’s cyber threat management services and information security services center (see: Millions Stolen in BEC Scam Campaign).

What Sets Mitiga’s Approach to Cyber Visibility Apart

Mozes praised lead Series B investor Syn Ventures for its deep market insights and connections to influential stakeholders including John Waters, who helped Mandiant scale as president and COO before the company’s $5.4 billion sale to Google and is now Mitiga’s executive chairman. The company also brought Robert Rodriguez on as a board member to refine Mitiga’s messaging and client engagement.

“Waters understands the space better than anyone else,” Mozes said. “He’s looking at our strategy and where the market is going, and his insights are worth their weight in gold.”

Attacks against SaaS and cloud infrastructure have doubled on a year-over-year basis, and Mozes said the latest funding round aims to capitalize on the market’s increased demand for advanced detection and investigation tools. Mozes said Mitiga aims to build a robust go-to-market team to support these initiatives, transitioning from founder-led sales to a structured team-based approach.

“When we started five years ago, there was not a lot of market awareness to the problem that we’re dealing with, which is having adversaries in the white space between SaaS and infrastructure in the public cloud,” Mozes said. “Most of the security products were focusing on prevention, and not many of them were looking to detect and investigate. It took some time for the market to mature.”

Mitiga integrates and analyzes data from a broad array of platforms across cloud, SaaS, and identity ecosystems, addressing the challenges of siloed solutions that leave gaps in visibility and detection. Mozes said the company currently supports 73 products including AWS, Azure and GCP, and plans to add support for both larger platforms such as Oracle Cloud and SAP as well as smaller SaaS tools.

“If someone, for example, compromised an identity on GitHub, and through the single sign-on mechanism went into a different resource, it will look like they just logged in,” Mozes said. “If you don’t have this panoramic view and understanding of where it started, where it went and where it ended, you won’t be able to identify those sophisticated attacks at all.”

Why Early Detection, Automated Remediation Pay Dividends

The firm also plans to develop automated remediation tools to help mitigate breaches faster, which Mozes said will enable security teams to suspend compromised accounts or address vulnerabilities immediately. Plus investments in AI, machine learning and threat intelligence aim to enhance Mitiga’s ability to detect sophisticated threats earlier and with higher fidelity, enabling better outcomes.

“We’re helping them do early detection of attacks, earlier than anything else that exists today,” Mozes said. “Also accelerated investigation of and response to breaches. We do it over 90% faster than anything else that exists today. Now, as part of the process, they’re also asking us to help them make remediation more efficient.”

Mozes said Mitiga’s forensics data lake stores and normalizes data for long-term analysis, enabling faster and more thorough investigations. While products like Obsidian and JumpCloud solve specific problems around cloud, SaaS, or identity, Mozes said they lack Mitiga’s comprehensive visibility. Point solutions fail to provide long-term visibility or holistic insight into attack vectors, according to Mozes.

“They were doing a very good job in solving the point problems they’re looking into,” Mozes said. “But none of them is providing the forensics data lake that allows us to do deep investigations, or looking into logs which are older than three months, or having this panoramic view.”

Europe presents a promising market for Mitiga with the rapid adoption of cloud and SaaS services and the increasingly frequency of publicized breaches, Mozes said. Regulatory frameworks such as GDPR require organizations to issue timely and detailed breach notifications, creating demand for Mitiga’s solutions. The initial focus is on the U.K. and select EU countries with strong SaaS and cloud adoption.

Mitiga intends to use the Series B funding to improve gross margins, reduce customer acquisition costs, and increase customer numbers across small, medium, and large businesses. Mozes said the company also tracks performance in direct sales versus channel-led sales, with an aim to diversify its revenue sources and reduce dependency on direct sales.

“We’ve seen over the past two years there was a lot of investment in the prevention side of things, posture management, CNAPP, SSPM products, and so on,” Mozes said. “And now the market understands that it might not be enough. Even though you invest in your security posture, there is no security officer that will tell you that there is a silver bullet and they’re 100% protected.”