FTSE 250 Index Retail

“We are using Dazz to provide greater visibility and insight into our live development pipelines, with a clear split between production and non-production.”

Annual revenue:

£3.9B

Environments

Azure

Challenges

  • Improve pipeline visibility
  • Increase detection tool effectiveness
  • Catch issues before production

Results:

  • Visualize code-to-production pipelines
  • Identify security architecture gaps
  • Reduce alert noise to root causes
About the customer

The company is an online fashion and cosmetic retailer, selling over 850 brands as well as its own range of clothing and accessories.

A cloud-forward Microsoft shop

The company is a cloud-first Microsoft shop that standardizes on Azure. They have an advanced architecture and modern DevOps process, shipping many updates per day via continuous deployment.

The development teams keep their code in Azure DevOps and use Azure Pipelines to run their CI/CD processes. They configure infrastructure using ARM and Bicep templates, and ship code using .NET and PowerShell.

Security architecture

ThTo detect software vulnerabilities and infrastructure misconfigurations, the team uses Wiz, Snyk, Azure Defender, and Veracode. Security architects focus on identifying gaps and mapping the organization’s attack surface to mitigate risk and reduce the impact of potential exploits.

The challenges

Despite being a cloud-forward organization, the team struggled with lack of pipeline visibility, security misconfigurations, and late stage issues:

01

Lack of pipeline visibility
The team’s security architects couldn't fully visualize the organization’s ever-changing software pipelines across development and production.

02

Misconfigured security
Because the team didn’t have a complete picture of the environment, they didn’t know whether their detection tools were effective; some pipelines were not correctly being monitored.

03

Alerts in production
Because they weren’t catching issues early in the development cycle, the organization wasn’t detecting issues until after production, where they posed the most risk and were the hardest to fix.

The solution: Dazz

Discover
Understand the deployment process from code to cloud, unify cloudrisk from all tools, and identify architecture gaps.

Reduce
Clean up the noise: deduplicate and prioritize CVEs and misconfigurations based on their unique rootcauses, and automatically find their owners.

Fix
Concise, contextual, and actionable processfor remediation, from detection to deployment.

Provide code-to-production CI/CD pipeline visibility

Highlight security gaps and ensure ongoing coverage

Reduce duplicate alerts to their singular root causes

What's next?

The company security team is using Dazz as its central point of truth for its own work and for reporting across security architecture and business units. Next steps will be to use Dazz workflows to enable self-service remediation.

See Dazz for yourself.

Get demo