Vistra secures its growth strategy with multi-cloud visibility and governance

Post-combination, Vistra evolved its security platform to support its growth strategy: centralizing multi-cloud visibility and governance, prioritizing risk remediations, accelerating the onboarding of new business units, and adopting DevSecOps processes.

Vistra

Industry

Business Services

Region

Global

Cloud Platforms

AWS
Azure
Ready to start?
Get a demo

Challenge

  • After bringing together two companies, Vistra’s security team sought to improve visibility into the reimagined Vistra’s multi-cloud/multi-architecture environment.  

  • Security also wanted to improve governance over—and the risk posture of—its expanded cloud environment.  

  • With multiple point solutions in place, the security team sought to uplevel and consolidate its toolkit.

Solution

  • Vistra can see how all resources are connected, using Wiz to enable cross-functional teams to collaborate on integrating and securing new business units' cloud environments post-merger.

  • Vistra now identifies high-priority risks and the risk posture of key assets using Wiz to prioritize remediation issues, strengthen governance. 

  • Vistra reduced the need for multiple point security solutions with Wiz’s support for hybrid environments and agentless processes, streamlining security processes and reducing overall spending.  

Complete visibility icon

Complete visibility

across the multi-cloud environment

Proactively reduces risks icon

Proactively reduces risks

and ensures compliance across all businesses and new products

Deployed a full-featured cloud security platform icon

Deployed a full-featured cloud security platform

reducing the need for multiple point solutions

Improving governance over a growing multi-cloud environment  

Vistra is a leading provider of essential business services, such as human resources, tax, legal entity management, and regulatory compliance, that help companies and private capital funds grow across their entire business and investment lifecycle. Created by the combination of Tricor Group and Vistra, the reimagined Vistra has experienced fast-paced business growth and oversees a large multi-cloud/multi-architecture environment.  

As a result, the security team and other key stakeholders needed holistic visibility into their global cloud footprint, with the ability to apply and enforce governance consistently and at speed.  

We want to consolidate what we have and bring the best tools, practices, and integrations together for our security team. For example, if we detect a risk or an incident in one platform, we should be able to respond in another. Everything should work together in a seamless and frictionless way.

Him Tang, Cyber Security Manager, Vistra 

Shifting left to develop products that are secure by design  

Vistra wanted to accomplish both short- and long-term goals with security. Over the near term, the company saw an opportunity to rationalise security tools. By consolidating on best-of-breed solutions, the security team would gain holistic visibility, ensure governance consistency with one set of policies, and be able to identify risks and prioritize remediations.  

“Originally, we were using cloud-native CDR capabilities within different platforms, but this was creating multiple policies, rules, and monitoring mechanisms across our environment at a time when we wanted to centralize and consolidate functionality,” says Him Tang, Cyber Security Manager at Vistra. 

Streamlining collaboration to enable continuous improvement  

Vistra reviewed multiple vendors, choosing Wiz because of its breadth of services, usability, and cost. By deploying Wiz, Vistra gained the holistic visibility and governance across cloud infrastructure that the security team sought. The team rapidly adopted Wiz CNAPP functionalities, including Wiz DSPM, and IaC Scanning to detect security risks early on. 

To identify critical attack paths, the security team uses Wiz to scan every resource and technology in their cloud environment across virtual machines, containers, and serverless functions. All Vistra teams now access Wiz to gain the same view of cloud resources, with risks, context, and correlations built in, while IT and security streamline cloud inventory management processes.  

The security team uses this information and automated workflows to prioritize and remediate risks, such as PII or PCI exposures. Similarly, developers gain actionable insights on high-priority risks to address during the product development cycle without noise or the need to create context and correlations manually. 

“Before, we could set policies within our AWS and Azure accounts but couldn’t see the inconsistencies and other risks. With Wiz, we have the visibility and insights to review configurations and policies proactively across all our tenants, enabling Vistra to create a culture of continuous improvement,” says Tang. 

As Vistra continues its journey to shift left, creating a true DevSecOps capability by empowering developers with the insights they need to identify and address risks throughout the product development lifecycle rather than bolting on fixes afterwards.

“DevSecOps is still maturing for our company. As a result, we’re scanning new applications to ensure development teams address critical risks before launching new products,” says Tang.  

As we move to an Infrastructure as Code model, Wiz is helping us shift left and scan code to identify and remediate risks earlier in the product development lifecycle. Boosting these capabilities helps us assure business owners that applications are secure by design.

Him Tang, Cyber Security Manager, Vistra 

Development, Infrastructure and security teams use Wiz Projects and role-based access controls to enable collaboration for internal and external contributors in Wiz. The joint team uses a cloud landing zone and Wiz compliance check to onboard new business units quickly and securely. With this functionality, Vistra automatically evaluates and maintains regulatory compliance with a risk posture score, built-in frameworks, and reporting. 

By empowering cross-functional teams with greater visibility, risk identification, and remediation capabilities, Vistra has greatly improved its cloud security posture, while improving operational efficiency.  

Wiz provides a single pane of glass for cloud security at Vistra. We’ve gained the visibility, collaboration tools, and reporting capabilities we need to speed up the integration of our two companies and enable secure product development.

Him Tang, Cyber Security Manager, Vistra 

 Rapidly evolving security capabilities to support future growth   

Vistra has set the security foundation to enable continued rapid growth using Wiz. Cross-functional teams can rapidly and securely onboard new systems, design secure products, and streamline collaboration. Teams have complete visibility of their multi-cloud infrastructure, with contextualised risks and correlations, enabling them to set security strategies, evolve risk management capabilities, and proactively address vulnerabilities.  

Next, Vistra plans to deploy Wiz CDR to elevate its threat detection, investigation, and response capabilities. Wiz CDR combines its agentless, graph-based approach with cloud activity logs, enabling teams to identify threats proactively, simulate attacker views, limit their damage, and perform forensics at scale during an unfolding threat. 

Get a personalized demo

Ready to see Wiz in action?

“Best User Experience I have ever seen, provides full visibility to cloud workloads.”
David EstlickCISO
“Wiz provides a single pane of glass to see what is going on in our cloud environments.”
Adam FletcherChief Security Officer
“We know that if Wiz identifies something as critical, it actually is.”
Greg PoniatowskiHead of Threat and Vulnerability Management