Blackstone tackles advanced cloud-native security with Wiz

As Blackstone’s Security team explored cloud security solutions, they realized that to achieve the level of risk-centric security they wanted, they needed to find a tool with a deep understanding of cloud that would help them focus on key areas, not isolated issues. And then they found Wiz.

Blackstone is the world’s largest alternative asset manager, with $731 billion in assets under management. As Blackstone’s Technology team started their digital transformation journey, a major focus was moving to the cloud to be more flexible and agile for their stakeholders and constituents. Blackstone uses Amazon Web Services (AWS) exclusively, and their Security team was looking to implement advanced use cases that required them to go beyond isolated misconfigurations or vulnerabilities and understand the real risks in their cloud.

Blackstone’s Security team identified five key categories of focus that came with moving to the cloud: posture management, breach path detection, vulnerability scanning, secrets management, and container management. They quickly realized that addressing these categories separately wouldn’t allow them to achieve the granular level of security they wanted across identities and network exposure in AWS.

As Blackstone’s Security team explored cloud security solutions, they realized that in order to achieve the level of risk-centric security that they wanted, they needed to find a tool with a deep understanding of cloud that would help them actually focus on key areas, not isolated issues. To center their focus meant finding something that would allow them to avoid dealing with multiple products that don’t integrate well together. Given the dynamic and ephemeral nature of the cloud, they also wanted to avoid relying too heavily on agents wherever possible. So they set out to find an agentless solution that could help them address use cases like network exposure in hybrid cloud environments, the secure use of AWS roles in mixed Kubernetes and cloud identity scenarios, and others, in one place. After a few false starts with other solutions, they found Wiz.

Wiz combines traditional CSPM and CWPP functionality with an advanced Cloud Risk Engine to analyze secrets, permissions, and network exposure. With the Security Graph, Wiz was able to identify the toxic combinations of flaws across multiple layers that represent real risks. This allowed Blackstone to visualize their full cloud environment and answer questions like “what kind of coverage do I have with my other security tooling?” and other customizable queries. By leveraging Wiz to agentlessly scan their workloads and full environment and layer together misconfigurations, network exposure, exposed secrets, vulnerabilities and more, Blackstone had the visibility and power they needed to address their advanced use cases and see how everything in their cloud environment interacts together.

Blackstone collaborated with Wiz around key use cases to chart the advanced security journey they wanted to implement in AWS. For example, the team is using transit gateways to connect their on-premises environment with their AWS cloud environment in a cloud-native manner. For security purposes, they wanted to determine not only what’s accessible from the internet in their AWS environment, but also what’s accessible from their private networks. They worked with the Wiz team to extend Wiz’s built-in network exposure analysis to handle this use case and ensure the security of their cloud migration on the network exposure level. By partnering with Wiz, Blackstone could leverage their deep understanding of cloud security to realize the most advanced and customized use cases they had.

Wiz has provided value for Blackstone’s Security team, acting as a foundational solution to help them secure their move to the cloud and implement advanced security functionality across use cases with network exposure, identity analysis, and more. With Wiz in place, Blackstone has the cloud-native visibility they need to feel more assured in their cloud security, so they can continue to move faster and make better decisions.