When IDC interviewed four Dazz customers last year to hear how our Unified Remediation Platform was delivering value to their organizations, the results were exciting. Customers cited a number of technology and business benefits such as the ability to get a single-pane-of-glass view of issues prioritized based on business risk. They shared how the use of automation and data correlation allowed them to get rid of manual remediation tasks and immediately aggregate issues, find root causes and owners, and provide context for fixes. As a result, they were able to gain efficiencies in both their security and developer teams and reduce risk in their organizations.
These benefits are consistent with what we see in our POVs today and hear from our customers regardless of their size—whether they are fast-growing companies like Abnormal Security and Mesh or Fortune 1000 customers like Dexcom and JLL. Dazz helps them:
- Lower risk
- Improve compliance governance
- Create more efficient and productive teams
How Dazz lowers risk
Whether you work at a bank or a retail company, your goal as a cybersecurity pro is to lower risk. You put controls in place, educate employees, and continuously monitor for threats and vulnerabilities. But how can you protect against what you don’t know? Many of our customers had no idea what was lurking in their code to cloud pipelines until they integrated Dazz with their detection tools and were able to shine a light where they had little to no visibility. Visibility is a critical first step to lowering risk. However, with the explosion in alerts coming from multiple code, application, cloud and infrastructure detection tools, it’s becoming almost impossible for teams to investigate the thousands—even millions—of alerts coming at them. Unified visibility of your data and automation are the keys to survival.
In a recent POV with a global life sciences tech company, the security team used Dazz to automatically unify alerts coming from seven different detection tools and consolidate more than 13 million findings in a single view. Instead of wasting tens of hours of manual effort on analyzing, deduplicating, and prioritizing issues, they were immediately able to get to work on the issues that mattered most to the business, reducing the likelihood of a critical incident.
The security team at BHG Financial found that Dazz reduced their alert noise to a fraction of root causes, including mapping 34 percent of all cloud misconfigurations to just 20 root causes, and tracing 45 misconfiguration alerts in their CNAPP solution back to a single Terraform module. Many alerts are now automatically resolved the same day. Overall they see faster time to remediate critical issues, which strengthens their risk posture.
Instead of wasting time manually de-duplicating the noise coming from their security tools (downloading CSV files from each tool, mapping like alerts, deleting false positives, and searching for code owners), the security team at Abnormal Security found they were able to automate this workflow and reduce mean time to remediation to days or less for critical issues.
The faster and more effectively you can mitigate critical issues and reduce exposure, the lower your chance of an incident. By using innovative technology—AI, automation, data correlation, and root cause analysis—you can work smarter to lower business risk in your organization.
How Dazz improves compliance governance
Dazz is an important part of your pipeline security compliance framework to achieve a balance between delivering software quickly and ensuring that security and compliance are not compromised. In a recent POV, Dazz helped a global 2000 company discover lapses in their framework:
Dazz gave the security team a unified view of their code-to-cloud environment, so they could quickly see where they had privilege issues, supply chain risks, and compliance problems.
In addition to identifying pipeline security issues, customers are also deploying Dazz as part of their business strategy to prepare for the SEC disclosure rule for material cybersecurity incidents. Why? Because by improving remediation operations, you gain two advantages:
- Strengthening remediation practices decreases the likelihood and impact of incidents, reducing the chances of having to file a disclosure for material incidents.
- Demonstrating effective and timely remediation is a sign of strong cybersecurity processes, which can influence how the SEC carries out enforcement actions in the eventuality that material incidents are disclosed.
How Dazz creates more efficient and productive teams
Automation and AI are force multipliers for resource-constrained teams. Dazz uses both to make teams more efficient and productive. The platform automatically identifies root causes of issues, owners for risk, and generates actionable context for remediation. This enables your security team to spend more time on important business initiatives, rather than wasting time on menial tasks like searching for alert owners, deduplicating tickets, and trying to gain insight into the development pipeline.
IDC found on average that the four customers they interviewed spent 44 percent less time chasing root causes, 21 percent less time on remediation, and 13 percent less time compiling threat reports.
One large pharmaceutical company noted, “The largest benefit of Dazz is time savings. Anytime there’s an event, an alert, an issue that needs to be fixed, it takes time to figure out: ‘Who was the owner of that event? How do I enrich it? How do I figure out what it takes to fix it?’ Being able to pull all that together has really saved a lot of time. While we fix all our vulnerabilities within our published SLAs, we always strive to do it in much less time than that. The ability to shorten that window of time, first seen to time remediated, is really good for us. Our customers rely on our security controls, so not having to go to the 11th hour — it makes us more proactive, not reactive.” – Dazz customer quote in IDC report
Dazz customers also experience benefits in cross-organizational collaboration with their security teams, developer and engineering teams, and business stakeholders. Dazz breaks down the boundaries between the security and developer teams by giving the security team greater understanding of the DevOps pipeline and putting remediation ownership into the hands of developers. Fixes are fully contextualized, so development teams quickly understand the impact of detected vulnerabilities, know exactly what needs to be fixed, and how to fix it. All this remediation context is shared seamlessly within their native ticket systems.
On the business stakeholder side, Dazz makes it easy for security teams, engineering teams, and business units to see how the organization is doing in lowering risk. Our platform offers custom dashboards that allow customers to visualize any dataset and easily slice data to see vulnerability management, risk and remediation efforts across multiple technologies and business units. The result is an accurate depiction of risk and remediation. They can now visualize and report on data to answer questions such as:
- What percentage of my environment is affected by critical vulnerabilities?
- Which business units are tracking against remediation SLAs and which ones are falling behind?
- Where in the SDLC are vulnerabilities found? How many of them impact the applications in production?
In summary, Dazz is transforming the remediation process and helping customers experience meaningful business benefits: lower risk, improved compliance governance, and more efficient and productive teams.
I encourage you to check out the full IDC report here and read the full BHG Financial and Abnormal Security case studies here.
Want to see Dazz for yourself? Hit us up for a meeting and demo!