Wiz
Customers

How Material Security supercharged cloud native detection and response using Wiz

Material Security gains multi-cloud visibility, and enables rapid detection and response to threats, minimizing potential business disruptions and safeguarding customer trust.

Material Security

Industry

Technology

Region

Global

Cloud Platforms

GCP
Azure
Kubernetes
Ready to start?
Get a demo

Challenge

  • Lacking visibility and coverage: Maintaining visibility and detection coverage across both GCP (primary) and Azure environments proved difficult and required significant engineering resources. The team couldn’t easily tell what sources of telemetry they needed to monitor and where they had blind spots in real-time visibility, and was looking for a unified approach to improving their security posture and threat detection coverage across clouds.  

  • Manual processes for log collection, analysis, and enrichment: In addition to this, it was no longer cost effective for Material to centralize all of their production security and audit logs into a SIEM as their business, cloud footprint, and detection surface grew. 

  • Siloed tools and context for cloud logs: Existing tools generated real-time security alerts, but lacked the context to effectively prioritize threats – although the team might see evidence of suspicious activity, they lacked the ability to quickly understand whether that activity involved assets with sensitive data or identities with high privileges that could expand the threat.  

Solution

  • Multi-cloud visibility and enhanced threat detection:  Material Security gained a unified view of their entire cloud environment, spanning GCP and Azure. Material also improved their detection coverage with out-of-the-box detection and custom rules tailored to their business applied across environments for improved depth and accuracy.  

  • Immediate insights and enrichment: With Wiz Defend, Material analysts significantly reduced mean time to investigate with automatic enrichment of threats with context from the cloud control plane for better prioritization.  

  • Streamlined response and collaboration: Material integrated Wiz with their existing SOAR platform and GitHub-based case management to improve response times and collaboration between Security and development teams.  

Significantly decreased investigation time icon

Significantly decreased investigation time

by providing enriched context within alerts.

Reduced the burden of manual threat detection engineering, icon

Reduced the burden of manual threat detection engineering,

saving the cost of hiring additional security engineers to write custom detections.

Empowered proactive threat hunting and investigation icon

Empowered proactive threat hunting and investigation

through graph-based queries.

Uniting cloud security with security operations

Material Security is dedicated to securing the modern workplace by providing a comprehensive, one-stop security platform for Google Workspace and Microsoft 365. Adhering to strong security practices is part of Material Security’s DNA, and as the company grew, it needed to ensure its security practices scaled with the business.    

Over the past few years, Material has made a significant investment in proactive security designed to reduce risk but it needed to be ready to detect and respond to threats in real time with deep analysis of cloud telemetry. Before Wiz, Material relied on GCP's native tools and manual log analysis, which became increasingly difficult as they scaled.  

"The volume of logs grows linearly as we grow," Long notes. "Managing the volume, the cost of the centralized logging platform, and maintenance was getting tricky. And hiring additional security engineers to write detections is really expensive."  

Material needed more than basic log analysis. "Audit logs don't tell the whole story," Long explains.  The team sought a solution that could:  

  • Improve log coverage and detections across their customer environments  

  • Provide high-fidelity threat detections without building everything from scratch  

  • Serve as a single platform for multiple security functions  

Wiz stood out because its native threat detections were overall very high fidelity – the fact that we also had the ability to write our own detections was another really big selling point to us.

Chris Long, Sr. Director of Security, Material Security

Rapid deployment, immediate value

Material deployed Wiz fully across their GCP and Azure instances within a week. "The documentation was stellar. There were things I thought were edge cases, but when I would search the docs, they were already covered. Onboarding was frankly a breeze," says Long.  

The team found particular value in Wiz's approach to multi-cloud environments. While GCP represented about 99% of their production, maintaining visibility into their Azure footprint was still essential.

Onboarding Wiz gave us real peace of mind. It simplified the process by ensuring we had complete coverage across our Azure security and audit log sources.

Chris Long, Sr. Director of Security, Material Security

Wiz has become Material's primary cloud security platform, handling vulnerability management, posture checking, and threat detection and investigation across their environments.  

High confidence detections and a deep understanding of their cloud

Material uses Wiz Defend primarily for threat detection and cloud configuration rules. "We typically find all alerts generated by Wiz Defend valuable to review. The alerts are high-fidelity, and we never need to question why something's firing," says Long.  

Wiz additionally helped Material gain a complete understanding of threats in the cloud by providing enriched context, especially across the identity and data plane, in combination with anomaly detection.  

"I'm skeptical of generic anomaly detection because it typically lacks important context," says Long. "Wiz solved this well. I could open an issue and quickly see which user accessed which bucket, what files they interacted with, and determine if that activity matched their job responsibilities."  

Long also values Wiz's graph database capabilities for complex environment searches and deep understanding of their environments. " Querying for service accounts with specific permissions or naming conventions is something we couldn't do in other tools —and layering that context onto real-time threat detection just accelerates response," Long notes.

Wiz is the primary tool we rely on for production security. It's doing so much across different spaces—vulnerability management, posture checking, threat detection—and it's hooked into all our security tooling throughout the organization.

Chris Long, Sr. Director of Security, Material Security

Context-rich insights across the runtime, cloud, and code

Wiz provided Material with deeper insights, particularly around data access patterns. The immediate context across cloud layers and insights into sensitive data and identity risks helped them quickly gain a complete understanding of their risk in the cloud,   

"Previously, If I was notified about a vulnerability in a VM, I wouldn't immediately understand its impact. I might not know what service accounts are present or what credentials are there. I needed better context to prioritize risk”, says Long.  

Proactively improving compliance posture

Material also uses Wiz Cloud's compliance features to improve their security posture against frameworks like CIS benchmarks, taking a pragmatic approach.  

"We don't blindly implement controls just because they're on a checklist," Long says. "We look at what makes sense for us. Seeing that we're at 90% compliance and figuring out what it takes to get that last 10% helps us proactively harden our production environment."  

"Getting data out of Wiz was easy. The API is extensible, and the API Explorer is powerful. We've integrated it with our Security alerting workflow the same way we did with other security tools," says Long.

Future proofing Material's security posture

Looking forward, Material is setting its sights on deepening its security posture with Wiz, prioritizing the protection of its extensive customer data. “We maintain a large volume of our customers' sensitive information that we're entrusted with. So, we're always focused on minimizing the amount of surface area that we expose to the public Internet.”   

Material sees Wiz Defend as a critical component of its security strategy going forward and has its eyes on the roadmap as it continues to evolve. “The thing that is most exciting to us on the Defend roadmap is definitely the data access logging and detections for Bigquery,” Long states, highlighting how these advancements will enhance Material’s visibility and control. As Wiz continues to innovate, Material Security looks forward to leveraging Defend to strengthen its security posture and stay ahead of emerging threats.  

Read more customer stories

Cushman & Wakefield

Cushman & Wakefield scales security processes to span teams and vendors

Watch video
Ledger

Protecting Ledger’s infrastructure to demonstrate the strength of its own security products

Watch video

Get a personalized demo

Ready to see Wiz in action?

“Best User Experience I have ever seen, provides full visibility to cloud workloads.”
David EstlickCISO
“Wiz provides a single pane of glass to see what is going on in our cloud environments.”
Adam FletcherChief Security Officer
“We know that if Wiz identifies something as critical, it actually is.”
Greg PoniatowskiHead of Threat and Vulnerability Management
Get a demo