Electronics Manufacturing

“Our goal is to unify our risk management and remediate issues quickly to make our cloud development program efficient and sustainable. Dazz is our secret weapon, helping us govern our SDLC, see our risk in one place, and enable truly developer-driven remediation.”

Company
Annual Revenue

$26B

Environments

Private cloud

Challenges

- Software Development Lifecycle (SDLC) governance

- Unified risk management

- Inefficient remediation

Results

- Security issues ↓ 99%+

- Vulnerability queue: 0

- Fully enable developer-driven remediation

About the customer

The organization is a multinational diversified manufacturing company. It is the third-largest global electronics manufacturing services original design manufacturer, and has manufacturing operations in over 30 countries.

Cloud journey

The company is early in its digital transformation journey, and maintains a very diverse environment. Some teams are running private cloud environments, while others continue to rely on a more traditional data center. The group Dazz engaged with runs its software development lifecycle (SDLC) in a modern private cloud. The development team delivers applications that run and optimize the company’s manufacturing processes. The company deploys applications to a Kubernetes containerized environment using OpenShift for orchestration, uses Azure DevOps for its code repository, and builds and deploys images using Azure Pipelines.

Secure development process

To detect cloud vulnerabilities and misconfigurations, the security team uses a number of tools. It relies on Harbor to scan containers and Checkmarx for static code analysis and software composition analysis.

The challenges:

Despite a solid start to its cloud journey, the company found a few challenges with its setup. The team needed to ensure safe, compliant cloud usage; unify risk and streamline the remediation workflow so that as development projects grew the cloud security process would still be sustainable.

1. SDLC governance

The team found overly-permissive policies in tools like Azure DevOps.

2. Unified risk management

With tools ranging from SCA to container and secrets scanning, the company needed a single view to aggregate, normalize, and take action on detected risk.

3. Inefficient remediation

The process for remediating vulnerabilities and misconfigurations was manual, and developers were spending more time on fixing issues than on building applications.

The solution: Dazz

To address these challenges, the company invested in the Dazz Unified Remediation Platform. They connected Dazz to their code repository to discover and map their code-to-production development pipelines. They were able to see all of their risk in a single view, as well as identify misconfigurations and unenforced policies per their cloud playbook.

Using Dazz, they identified the code owner of each unique issue based on a machine learning review of the code repository, which provided a deeply contextual root cause analysis for each issue. Ultimately they were able to remediate more than 99% of their alerts.

  • Discover - Understand the deployment process from code to cloud, unify cloud risk from all tools, and identify architecture gaps.
  • Reduce - Clean up the noise: deduplicate and prioritize CVEs and misconfigurations based on their unique root causes, and automatically find their owners.
  • Fix - Concise, contextual, and actionable process for remediation, from detection to deployment.

What's next?

Next up for the company is a truly developer-driven remediation program in which developers can log into Dazz, see all of the issues that pertain to them, learn their root causes, and be presented with several choices for fixing them right in their workflow.

Results summary

Maintain a zero-vulnerability posture

Reduce noise by a factor of nearly 600:1 from alert to root cause

Create a developer-driven remediation process

See Dazz for  yourself.

Get a demo