FTSE 250 Index Retail

“We are using Dazz to provide greater visibility and insight into our live development pipelines, with a clear split between production and non-production.”

Company
Annual Revenue

£3.9B

Environments

Azure

Challenges

- Improve pipeline visibility

- Increase detection tool effectiveness

- Catch issues before production

Use cases
Results

- Visualize code-to-production pipelines

- Identify security architecture gaps

- Reduce alert noise to root causes

About the customer

The company is an online fashion and cosmetic retailer, selling over 850 brands as well as its own range of clothing and accessories.

A cloud-forward Microsoft shop

The company is a cloud-first Microsoft shop that standardizes on Azure. They have an advanced architecture and modern DevOps process, shipping many updates per day via continuous deployment.

The development teams keep their code in Azure DevOps and use Azure Pipelines to run their CI/CD processes. They configure infrastructure using ARM and Bicep templates, and ship code using .NET and PowerShell.

Security architecture

To detect software vulnerabilities and infrastructure misconfigurations, the team uses Wiz, Snyk, Azure Defender, and Veracode. Security architects focus on identifying gaps and mapping the organization’s attack surface to mitigate risk and reduce the impact of potential exploits.


The challenges:

Despite being a cloud-forward organization, the team struggled with lack of pipeline visibility, security misconfigurations, and late stage issues:

1. Lack of pipeline visibility

The team’s security architects couldn't fully visualize the organization’s ever-changing software pipelines across development and production.

2. Misconfigured security

Because the team didn’t have a complete picture of the environment, they didn’t know whether their detection tools were effective; some pipelines were not correctly being monitored.

3. Alerts in production

Because they weren’t catching issues early in the development cycle, the organization wasn’t detecting issues until after production, where they posed the most risk and were the hardest to fix.


The solution: Dazz

  • Discover - Understand the deployment process from code to cloud, unify cloud risk from all tools, and identify architecture gaps.
  • Reduce - Clean up the noise: deduplicate and prioritize CVEs and misconfigurations based on their unique root causes, and automatically find their owners.
  • Fix - Concise, contextual, and actionable process for remediation, from detection to deployment.

What's next?

The company security team is using Dazz as its central point of truth for its own work and for reporting across security architecture and business units. Next steps will be to use Dazz workflows to enable self-service remediation.

Results summary

Provide code-to-production CI/CD pipeline visibility

Highlight security gaps and ensure ongoing coverage

Reduce duplicate alerts to their singular root causes

See Dazz for  yourself.

Get a demo