As we celebrate the birth of our nation this Fourth of July, Wiz also celebrates the achievements of companies who’ve declared independence from sleepless nights by adopting an innovative approach to cloud security. Meet three Wiz customers who’ve completely eliminated outstanding critical cloud misconfigurations, compliance violations, and vulnerabilities across the production environment, reaching zero critical status. Here’s a snapshot of how they did it and earned their spot in the Zero Critical Club.
Schrödinger eliminates costs and risks with full visibility across its multi-cloud environment
Software company Schrödinger is transforming the way therapeutics and drug discoveries happen. With Wiz, the company’s first priority was to improve visibility across its multi-cloud environment by consolidating its security monitoring as it continues to grow in complexity. “We plugged Wiz and immediately discovered exposures that we were able to address,” explains Ryan Murphy, Senior Security Engineer, Schrödinger.
The Wiz Command Line Interface detects sensitive data, secrets, misconfigurations, and vulnerabilities early in the software development cycle enabling engineers to self-service, manage, and remediate issues before deployment. Simpler and faster access to information means security and development teams easily agree on risk prioritization and remediation. More than a dozen developers regularly use Wiz to explore and address potential risks, leaning on accurate data to collaborate with the security team towards a measured, risk-based approach to remediation. Wiz’s contextualized information about threats has enabled Schrödinger to provide best practices for secure coding and developer education, including threat modeling exercises, and to build a more proactive security ecosystem.
Meanwhile, connecting Wiz to JIRA has helped to divide critical issues among relevant teams and track remediation progress, so teams can better focus resources on higher-impact triage and avoid working on false positives. Because of these process improvements, Schrödinger has reached zero critical issues across its cloud environment. “With Wiz, we have more context and information up front, so when we reach out to engineers, we can point directly to an issue, explain why it’s important, and use this hands-on process to help them prioritize remediation. Today our security team has more information and insight into our cloud environment at an organizational level and can work with our developers to make more informed decisions about our security posture to guide the rest of the organization." – Ryan Murphy, Senior Security Engineer, Schrödinger
Schibsted establishes a proactive, centralized security approach across 60 brands
Born as a publishing house in 1839, Schibsted has evolved into a Nordic family of digital brands. By the time the company turned to Wiz to unify its security approach, it had more than 60 brands under its umbrella. Using Wiz Cloud Detection & Response, Schibsted’s central security team adopted a security-as-a-service model, tailoring permissions based on each brand’s data sensitivity and fostering close collaboration with the engineers of each brand.
Wiz now serves as a centralized security platform, with 120 engineers and developers actively using it each month. The central security team democratized access to Wiz and conducted extensive internal training on identifying critical issues. Beyond training developer teams, the company’s cyber security program also entailed raising organizational awareness through phishing campaigns and educating project owners on their security responsibilities. This ongoing effort, spanning four years, has proven effective.
Schibsted also implemented a Mean Time to Remediation (MTTR) metric for critical and high-severity findings across all of its security scanners. A dashboard now allows users to monitor compliance with company policies and the timeliness of action taken. Email reminders prompt relevant stakeholders to address the critical issues they are responsible for. These initiatives have shifted the approach to security from reactive to proactive.
By centralizing all vulnerabilities in a single pane of glass and keeping teams updated via weekly email alerts, Schibsted has seen faster user response times to security warnings. Before Wiz, the company conducted ad-hoc scans as needed but struggled with visibility across the multi-cloud environments. Within 90 days of implementation, Schibsted reduced 150 criticals to eight, and has since reached zero critical status.
“In 2021, we evaluated vendors against 34 criteria during our selection process, with usability being one of the most important. As a central security team, we must enable our engineers, not hinder them. Wiz was by far the most user-friendly tool for understanding our infrastructure and presenting the security findings in an understandable way.” – Ståle Pettersen, Head of Product and Application Security, Schibsted
Financial company’s bet on automation and cross-team collaboration pays off
A Fortune 500 company that provides insurance, investment management, and other financial products brought nearly 150 years of tradition to the cloud. In the process, it turned to Wiz to create a connected, cloud-first pipeline that democratizes access to security management. Now, DevSecOps identifies vulnerabilities and misconfigurations before they’re deployed, and teams are empowered to handle security for their own products autonomously.
When risks are detected, Wiz provides enough context for relevant stakeholders to understand and prioritize remediation before threats become problems. Custom-built API queries further automate settings, configurations, and deployments throughout the pipeline, freeing up developers to more effectively protect the company and deploy new products.
“Resolving our criticals was a huge step, and once we got them down, it was important to stay on top of vulnerabilities to keep it that way. We can easily share information, let relevant teams know what’s at stake, and resolve issues more quickly when we escalate verbally because we can all trust in Wiz.” – VP of Cloud Security
Securing cloud-native applications requires an end-to-end view into vulnerabilities across the application lifecycle. Learn how your organization can work together to own the responsibility of security as one team by downloading the Vulnerability Management Buyers Guide.