Challenge
Grammarly was looking to establish a more unified approach to security that addressed the increased security needs arising from its expansion into serving B2B enterprise customers.
Grammarly first required a comprehensive understanding of its security posture to prioritize security investments and empower the business to move fast and mitigate risks effectively.
Grammarly recognized opportunities to enhance its security processes, ensuring greater consistency and enabling teams to respond to threats more efficiently.
Solution
Grammarly implemented a unified security strategy for its code, cloud and configurations using Wiz, focusing on three core principles: reproducible outcomes, in-depth reasoning, and self-correction.
Grammarly provided developers with direct access to Wiz, enabling them to proactively use Wiz to identify and address vulnerabilities earlier in the development cycle.
By automating workflows and security controls with Wiz, Grammarly streamlined its security operations and reduced manual effort.
Achieved 100%
coverage of its cloud accounts
Zero critical/high risks
achieved
Established consistent mean time to detect
and faster mean time to remediate
Evolving to meet enterprise-grade security requirements
From captivating marketing and well-crafted academic essays to professional emails and beyond, Grammarly is the trusted AI assistant for communication and productivity. The company helps over 40 million people and 50,000 organizations brainstorm, compose, and enhance communication that moves work forward.
In recent years, Grammarly has evolved beyond its consumer-focused solutions to introduce a B2B enterprise platform, which has brought on new use cases, innovative features, and unique security challenges. As Grammarly scaled to process large volumes of complex enterprise data, the team recognized the need to unify security controls across cloud, code, and runtime.
“As we evolve from B2C to B2B, our risk profile has completely changed, and we are dedicated to maintaining the same trust with enterprise clients that we’ve built with our B2C customers over the years,” says Sacha Faust, Director of Security Engineering at Grammarly. “Security is at the core of Grammarly’s DNA and imperative to the future of our company, and that’s why we’re making significant improvements to fortify our security workflows.”
Our engineering teams move at breakneck speed, so we don’t want to create bottlenecks. We needed to build automated workflows and security controls that quickly identify and self-correct potentially undesirable situations in production.
Sacha Faust, Director of Security Engineering, Grammarly
To tackle these challenges, Grammarly evaluated security platforms based on four key criteria: automated asset discovery, reproducible outcomes, in-depth reasoning, and self-correction capabilities. Wiz stood out as the ideal platform to support Grammarly’s objectives of implementing a comprehensive enterprise-level security strategy, improving developer experiences with speed and accuracy, and supporting compliance with industry regulations.
Establishing secure-by-design processes with Wiz
Grammarly has always viewed engineering and security as two halves of a whole, prioritizing a balance between rapid development and strong security measures. When the team set out to establish the security strategy, they focused on the developer experience front and center. However, the existing setup didn’t enable developers to move quickly while maintaining Grammarly’s stringent security standards.
Grammarly previously relied on embedded security tools within AWS and prioritized shifting left to optimize development cycles. However, the team recognized that achieving this goal required improved visibility across the entire cloud environment to provide engineers with a single source of truth
“We’re committed to doing right by both our enterprise customers and our developers. Our previous setup wasn’t creating an experience that met our standards, both for our customers and internal teams,” Faust explains. “We were using several tools that didn’t tell a cohesive story and couldn’t provide the context we needed to make informed decisions.”
Wiz fits seamlessly into Grammarly’s strategy to build secure-by-design solutions that allow teams to iterate quickly without compromising on security. By implementing Wiz Cloud, Grammarly gained comprehensive visibility into its cloud environment. This enables the team to detect vulnerabilities early and receive actionable recommendations for remediation, thereby minimizing the company’s potential exposure to cyber threats.
Automating detection and response to reduce vulnerabilities
With its relentless focus on developer experience, Grammarly provided all engineers access to Wiz, enabling them to quickly obtain the context and information they needed, exactly when they needed it. “We’ve integrated security into engineering practices so that it never becomes an afterthought,” says Faust.
The Wiz Security Graph has been particularly valuable for open-ended exploration, enabling developers to investigate current production environments and their correspondence with the code repository. Additionally, Grammarly leverages the Wiz Runtime Sensor to enhance telemetry within Wiz, providing developers with the insights they need to make more informed decisions about security risks and priorities.
The role-based access control in Wiz provides the flexibility to customize access to the appropriate assets, enabling developers to independently initiate re-scans and verify the accuracy of their fixes. Additionally, we integrated scanning capabilities directly into our build and deployment processes using Wiz CLI.
Sacha Faust, Director of Security Engineering, Grammarly
As Grammarly develops and deploys new applications, it aims to provide developers with security feedback earlier in the development cycle and directly within their workflows. This approach ensures that developers receive all the necessary information to understand and address potential security flaws in their code. By utilizing Wiz Guardrails within Wiz Code, Grammarly has introduced a cohesive approach to security for all components of its software supply chain with a multi-layered gating mechanism throughout the build, deployment, and operational phases.
The team integrated Wiz CLI directly with GitLab to alert developers to issues introduced by code changes, allowing them to address potential problems early in the development cycle. Additionally, the Wiz Admission Controller adds an extra layer of verification at both the build and deployment stages, all while maintaining compliance with industry standards for application security.
Achieving zero-critical status by consolidating security
Wiz's comprehensive security framework has enhanced Grammarly’s visibility into its infrastructure. With a clear source of truth for its production environment, the team can make more informed decisions. By using the Runtime Sensor alongside other tools, Grammarly has improved its ability to detect and prioritize potential security threats, enabling the team to identify and monitor edge services within its infrastructure. This in-depth contextualization has enabled Grammarly to quickly achieve zero critical issues.
By streamlining our security operations with Wiz, we’ve successfully achieved a 0 failure of remediation SLA while still maintaining developer velocity.
Sacha Faust, Director of Security Engineering, Grammarly
Since adopting Wiz, Grammarly has retired multiple decentralized security tools that required manual configuration. This has reduced Grammarly’s technical debt and resulted in a consistent mean time to detect, a faster mean time to remediate, and a clearer understanding of security priorities.
“With Wiz, we can deliver a secure and positive user experience at the same time,” says Serhii Vasylenko, Senior Engineer, Security Automation at Grammarly. “Our team has evolved from being consultants who advise engineers on what to do to becoming true partners in creating software that’s secure from day zero.”
