Financial Services

“Dazz helped us get visibility over all our pipelines, reduce alert noise, and re-imagine our ticketing process. The result is massively streamlined remediation that saves us time and reduces risk. We couldn’t be happier.”

-Director, Information Security

Annual Revenue
  • Multi-cloud and on-premises
  • Alert noise
  • Pipeline visibility
  • Secrets in code
  • Inefficient remediation
  • Consolidated tools from 4 to 1
  • Noise reduction by 92%
  • Auto-generated 17 simple remediation plans for resolving 391 critical risks

About the customer

The company is a global long-short equity asset management firm focused on innovation across fundamental research, computer-driven trading, macro investing, and venture and growth strategies. The company has more than $28 billion in assets under management (AUM) and 2,300 employees.

The environment

The development team, who is responsible for delivering applications for financial analysis, trading, crypto, and more, run their environment both on premises and in the cloud. Most of their cloud environment is in AWS, but they also use Google Cloud and Azure. Their cloud toolset includes Bitbucket for their code repository, JFrog for artifact management, Terraform for infrastructure definition, Jenkins for CI/CD automation, Docker for containers, and Jira for service management.

Efforts to secure development

The company’s security program includes monitoring its software development lifecycle (SDLC) both on-premises and in the cloud. They use a combination of Snyk (SCA and SAST) Rapid7 InsightVM, AWS CloudTrail (audit logs), and Wiz (CSPM). With this mix of tools, the security team detects a variety of code flaws, vulnerable third-party components, and cloud misconfigurations and orchestrates remediation.

The challenges

As their development efforts grew over time, the team experienced unsustainable alert noise, insufficient pipeline visibility, secrets in code, and inefficient remediation. Specifically:

1. Alert noise

The company’s tools generated too many alerts on the vulnerabilities and misconfigurations in their environment. Many of these were duplicates, with just a handful of root causes mushrooming into hundreds of alerts. Indeed, some types of vulnerability alerts overlapped by nearly 90%. In one example, a single base image flaw propagated to 30 images and led to 2,636 production alerts.

2. Pipeline visibility

The team lacked a unified view of their development pipelines. With multiple tools, both on-premises and in the cloud, they could not easily see all their risk and the status of remediation in a single view.

3. Secrets in code.

The team discovered that some of its code contained secrets, such as API keys, that could lead to sensitive data exposure. They needed a way to shore up discovered secrets and prevent them from recurring in future codebases.

4. Inefficient remediation.

With a large, diverse environment, the organization realized it didn’t have an efficient way of prioritizing and teeing up remediation of discovered issues. This included working with their Jira ticketing system to ensure format consistency, aggregation of like tickets, and reporting on remediation progress vis-a-vis its service level agreements.

The solution: Dazz

To address these issues, the company invested in the Dazz Unified Remediation Platform. With a simple API-based integration, the team connected Dazz to the company’s cloud and on-premises repositories and detection tools to map its development pipelines. In addition to connecting to code repos and security tooling, Dazz correlates data from AWS services, such as CloudTrail, ECR, and SecurityHub to unify security visibility across the customer’s development and infrastructure. This allows customers to easily prioritize and triage millions of security findings down to a few high priority remediation actions, measurably reducing risk exposure.

In a single pane of glass, Dazz showed them all of their development resources and how they were integrated, sussed out secrets in code, reduced alert noise to a fraction of root causes, and worked with their team to orchestrate an efficient remediation process.

  • Discover - Understand the deployment process from code to cloud, unify cloud risk from all tools, and identify architecture gaps.
  • Reduce- Clean up the noise: deduplicate alerts and prioritize CVEs and misconfigurations based on their unique root causes, and automatically find their owners.
  • Fix - Concise, contextual, and actionable process for remediation, from detection to deployment.

What’s next

Next up for the company is a truly developer-driven remediation program in which developers can log into Dazz, see all of the issues that pertain to them, learn their root causes, and be presented with several choices for fixing them right in their workflow.

Results summary

Consolidated tools

from 4 to 1

Noise reduction by


Auto-generated 17 simple remediation plans for resolving

391 critical risks

See Dazz for  yourself.

Get a demo