Wiz
Customers

Improving cloud security workflows and speeding up real-time cloud detection and response at PROS

As a global enterprise with more than 20 in-house patents and hundreds of industry-leading customers, PROS is committed to security excellence. As part of its cloud security transformation, PROS turned to Wiz to consolidate its security tooling, improve its risk remediation processes, and enhance cloud threat detection in real-time.

PROS

Industry

Technology

Region

North America

Cloud Platforms

AWS
Azure
GCP
Ready to start?
Get a demo

Challenges: 

  • Since beginning its cloud-first journey in 2016, PROS’ network of computing resources grew in size and complexity. The team looked for a simplified approach to monitor its security posture and easily gain organization-wide visibility. 

  • SOC analysts were challenged to quickly identify and respond to incidents related to the MITRE ATT&CK framework due to the effort required to get additional context. 

  • With 19 different security tools across nine owners, PROS lacked a single source of truth to prioritize what issues are most important to address first. 

Solutions: 

  • PROS improved its insight into its multi-cloud environment and easily showed developers the potential attack vectors to quickly prioritize remediation. 

  • With Wiz Defend, PROS analysts significantly reduced time to detect and respond, ensuring the team continues to meet strict governance standards. 

  • The PROS team consolidated its tooling with Wiz to ensure both security and development teams can easily view risks in a single place and collaborate on remediation. And the Wiz Security Graph and issue identification provided immediate prioritization based upon how an attacker could see the company’s environment. 

Within 90 days icon

Within 90 days

all 86 critical issues were eliminated from PROS' environment.

71%+ of Wiz users are non-security personnel icon

71%+ of Wiz users are non-security personnel

empowering developers to self-serve and remediate independently.

Decreased threat response time icon

Decreased threat response time

by providing additional context surrounding alert.

Creating a unified security team with more connected security technology  

PROS helps customers outperform their revenue and profit targets with pricing and selling technology. PROS manages a large and complex global cloud footprint to support its diverse product portfolio. As the company’s cloud footprint grew, so did the number of security solutions to protect it. Eventually, the point solutions became cumbersome, requiring manual effort to get a clear picture of the threat environment. 

At one point, a team of nine security engineers were using 19 different security tools.  PROS decided the next phase of its cloud security journey would be to find a comprehensive security solution that would serve its analysts, engineers, and leadership all in one place. “Put simply, we didn’t have visibility at the depth and speed we needed,” says Susanne Senoff, CISO at PROS. “Developers struggled to identify where agents had been deployed, and it would take my SOC manager months of analysis to identity our MITRE ATT&CK coverage based on the logs we collect. We needed more context faster if we wanted to keep growing quickly.” 

Part of my role is about evangelizing security across the organization. Since I don't actually own most of the controls directly, I have to work to get everybody on board, and Wiz gives us a shared frame of reference to help us all work together.

Susanne Senoff, CISO, PROS 

Additionally, the PROS team looked to transform its cloud security operations and strengthen security and developer collaboration. Rather than passing developers a long list of alerts from its vulnerability scanner, PROS aimed to provide context around the issues, to understand what they were supposed to fix and in what priority. And when its outsourced SOC service provider would provide relevant, up-to-date threat intelligence, the alerts included information to investigate as quickly as possible. 

PROS knew it wanted a consolidated Cloud Native Application Protection Platform (CNAPP) —one that improved visibility into its environment, tracking, scalability, and ease of use—and set out to find a product that would be simple to manage for a smaller security team. “We knew that we didn't have the capacity to bring a solution on board that would require a ton of maintenance,” says Senoff. “We looked at our list of needs and found that Wiz covered more—and went deeper—than any other solutions in addition to matching our pace of innovation.”  

Eliminating critical risks in 90 days  

Once the team chose Wiz, they started getting cross-team buy-in during the proof-of-concept stage, offering multiple demos with internal partners to get their feedback. “By the time we went live, adoption wasn’t a challenge for us because it was so intuitive, and we had people asking when it would be available so they could see the data they wanted.”  

PROS deployed Wiz in just a few days across its multi-cloud environment and was able to uncover previously unavailable information about the environment. “We found malware contained in previous security tools, unused servers, and applications whose owners weren’t even with the company anymore and cleaned it all up quickly,” Senoff adds. “By spinning down unused resources, our developers were able to reduce cloud costs which was an unexpected but great bonus of using Wiz.” 

This improved visibility meant PROS could leap to remediating its most pressing issues, namely its 86 critical issues, immediately. “With Wiz, we could easily show our developers the attack paths, and they could see for themselves why an issue needed to be addressed,” Senoff says. “They set up tickets, we established regular check-in meetings, and we achieved the Zero Critical Club within 90 days.” 

Wiz helps developers see my team as a trusted, credible partner that can help them achieve their business goals. Instead of showing up with instructions, we’re giving them the tools and knowledge to solve their own problems.

Susanne Senoff, CISO, PROS  

With Wiz’s prioritization, PROS has been able to better focus its attention on issues that improve its security posture - including using the Wiz Sensor to provide real-time protection for hundreds of Kubernetes clusters. “We can sift through the noise and focus our time and attention on valid risks that could impact our security posture,” Senoff says. The team can also more clearly quantify these changes using a combination of Wiz’s security rating and its NIST security score that they can then share succinctly with executives to showcase progress. 

PROS continues to use Wiz throughout its development pipeline to create a consistent culture around security and shift left by integrating security into the development process. More than 71% of the company’s Wiz users are developers who are now able to self-serve and remediate issues that they own without security intervening. “Security’s role is now more of an enabler, and we’re able to spend our time looking for larger problems developers might not see,” Senoff says. “Meanwhile, they’re reviewing their own dashboards and gamifying remediation because they all want the best security score. It’s completely changed the culture of the organization.” 

Building a proactive security culture using real-time data with Wiz Defend 

PROS is also now using Wiz Defend to give its team real-time detection capabilities and the tools it needs to prepare for future threats. With greater context surrounding detections, the SOC can rapidly investigate, contain any malicious activity, and send well-informed requests to developers to act and remediate. "My SOC manager saw Wiz Defend and told me ‘we have to have this tool’,” Senoff says. “It gives us context that we never thought possible."  

This expanded context includes clear insight into their MITRE ATT&CK coverage based on the current log collection, PROS’s SOC analysts can see exactly what information is being logged in real time, so they can uncover potential gaps in minutes. High-fidelity detections have also helped streamline workflows. “It used to take us hours to determine which issues were real problems or urgent threats. Now, it  takes five minutes, and we’re confident we’re finding and addressing the right problems,” Senoff says. “We can see more alerts and threat sources than ever before, and with that visibility, we can appropriately allocate resources.”  

The MITRE ATT&CK framework is my North Star. Wiz Defend gives me a clear way to understand what we're missing, so we can focus our time on specific logs, and I can be confident that if there’s a problem, we’ll catch it.

Susanne Senoff, CISO, PROS  

The team can not only respond more quickly to live threats, but they can also leverage more members of their team to help. “Since we have a better understanding of our assets—where they’re located, what they’re connected to, how critical risks are—we can educate our less experienced analysts and use their skills to resolve issues,” Senoff says.  

Defending data and protecting identity for a more resilient security model 

Looking forward, PROS is exploring new ways it can secure its data infrastructure, identity management, and place clearer controls on AI governance through Wiz’s AI Security Posture Management (AI-SPM). With its critical risks addressed, and clearer insight across its cloud infrastructure, PROS is able to focus more and more on embedding security in every step of its future growth.  

Read more customer stories

BMW

BMW accelerates cloud security with Wiz

Watch video
Datavant

Datavant centralizes security management across a six-company cloud environment

Read case study

Get a personalized demo

Ready to see Wiz in action?

“Best User Experience I have ever seen, provides full visibility to cloud workloads.”
David EstlickCISO
“Wiz provides a single pane of glass to see what is going on in our cloud environments.”
Adam FletcherChief Security Officer
“We know that if Wiz identifies something as critical, it actually is.”
Greg PoniatowskiHead of Threat and Vulnerability Management
Get a demo