Wiz Defend is Here: Threat detection and response for cloud

Deloitte’s Cyber Cloud Managed Services (CCMS) - Enhance cyber posture with AWS and Wiz

Discover how Deloitte’s CCMS, powered by Wiz, enhances AWS cloud security with automated workflows, democratized risk management, and streamlined remediation to protect modern cloud environments.

7 minutes read

As organizations increasingly migrate to the cloud, ensuring cloud security has become a top priority. Although the cloud provides scalability, flexibility, and cost efficiency, it also presents new security challenges that traditional methods may find difficult to address. Key challenges include maintaining regulatory compliance, limited visibility into cloud environment, a shortage of skilled security experts, and an expanding attack surface, all of which can create vulnerabilities in cloud environments. 

Deloitte’s CCMS

CCMS is a core component of ConvergeSECURITY, which is a powerful blend of Deloitte's [1] security and compliance services with Amazon Web Services’ (AWS) cloud security services. As part of ConvergeSECURITY, CCMS helps clients manage the overall cybersecurity posture of their organization through its manage, detect, respond, and recover capabilities.   

CCMS solution initiates with the automated deployment of broad security capabilities on the AWS cloud. This includes:  

  • Industry-aligned controls: Aligned with latest industry standards  

  • Cyber Predictive Analytics: Leveraging advanced analytics to foresee and mitigate potential threats 

  • Defined Auto-Remediations: Implementing automated responses to identified security issues 

  • Efficient Workflows: Streamlining processes for optimal security management 

In addition, experienced security professionals provide 24x7 support on continuous compliance and monitoring of resources including AWS services and operating systems, and additional guidance to security teams on maintaining a secure cloud environment.  

Deloitte’s CCMS powered by Wiz 

While security teams are central to managing, detecting, and responding to threats, other departments are also critical to achieving overall cyber resilience and minimizing business impact. This calls for a company-wide effort, and this is where the new CCMS powered by Wiz comes in. 

CCMS platform security assurance workflow with Wiz Secured AWS Landing Zone 

Wiz Secured AWS Landing Zone 

Wiz offers an agentless approach to cloud security, providing continuous deep visibility across cloud environments. Its unified platform allows security teams to respond swiftly to threats, maintain compliance, and streamline operations. Wiz secured AWS Landing Zone helps organizations secure AWS environments from day one by incorporating AWS guardrails, applying Wiz cloud native application protection controls and assigning each application team to a dedicated Wiz project. This setup gives each team control over their accounts and security posture while enabling centralized oversight by the security team. 

Wiz Secured AWS Landing Zone facilitates the onboarding of AWS accounts at the organizational level, creating a dedicated Wiz project for each cloud workload account and assigning appropriate access via Security Assertion Markup Language (SAML) integration. With built-in CNAPP (Cloud-Native Application Protection Platform) capabilities, it empowers application teams to manage their cloud security effectively from day one. 

CCMS platform security assurance workflow 

 

  

Figure 1: CCMS powered by Wiz – Security Assurance workflow 
  1. CCMS automates the deployment of AWS Security Landing Zone and enabling and configuring of AWS native security tools 

  2. CCMS automates the onboarding process of your AWS organization to Wiz 

  3. CCMS automates the creation of Wiz projects and assigns each project to the corresponding team 

  4. Automated alerts are sent to each team for any Wiz issues within their respective Wiz projects 

  5. Team members (non-security practitioners) can navigate Wiz issues using the Wiz Security Graph, remediate risks, or respond to threats directly through the Wiz GUI and apply fixes to the AWS accounts they manage 

  6. Wiz issues are automatically sent to the security information and event management (SIEM) team, typically a few per day. These issues represent a combination of vulnerabilities that could lead to a breach. They are aggregated and prioritized to reduce alert fatigue and reduce SIEM costs. 

  7. CCMS operators triage only the alerts that remain unresolved by non-security practitioners within each team. 

  8. A minimal number of events or incidents are escalated to the security team. 

  9. Remediation and resolution tasks are handled by the security team, with fixes applied to the relevant AWS cloud accounts. 

By leveraging asset correlation, modular API integration, customer-centric design, and shift-left remediation, the Wiz platform enables client and provider practitioners to contribute meaningfully to cloud hygiene. The product helps reduce cognitive load; enhance collaboration; and provides an intuitive, scalable solution that aligns with the real-world needs of modern cloud environments. With these enhancements, we can offer a broad, flexible, and efficient cloud security management platform tailored to our clients’ organizational structures, making securing cloud environments more efficient and effective for practitioners

Aaron Brown, Partner at Deloitte & Touche LLP.

How Wiz augments CCMS capabilities 

Wiz complements AWS native security tools 

Wiz provides a modern approach to cloud security, bridging the gap between development and security teams. It empowers organizations to innovate with confidence in a secure cloud environment. By combining Wiz with AWS tools, security teams gain a comprehensive, unified solution for cloud security.  

Key Features of Wiz’s Unified Cloud Security Platform 

Wiz provides a centralized platform to monitor AWS environments, offering features such as: 

  • Cloud Security Posture Management (CSPM) 

  • Cloud Workload Protection (CWPP) 

  • Vulnerability Management 

  • Cloud Infrastructure Entitlement Management (CIEM) 

  • Continuous integration and continuous delivery (CI/CD) Security (Infrastructure as Code (IaC) and container security) 

  • Data Security Posture Management (DSPM) 

  • Artificial Intelligence Security Posture Management (AI-SPM) 

  • Secrets and Malware Scanning 

  • External Network Exposure Monitoring 

  • Compliance Reporting 

  • Cloud Detection and Response 

Unconditional Visibility  

Wiz’s agentless, full-stack coverage provides visibility across workloads, data stores, accounts, and infrastructure in minutes. This allows security teams to detect and prioritize critical risks, reducing the likelihood of breaches.  

Focused on Critical Risk Reduction  

Wiz continuously monitors cloud environments for risks such as misconfigurations, exposed secrets, vulnerabilities, malware, sensitive data, and identity risks. By correlating these risks on the Wiz Security Graph, Wiz helps teams prioritize issues that matter most, effectively managing security across complex cloud infrastructures. 

Security Graph for Enhanced Risk Management  

Wiz’s platform leverages AWS Neptune to store a graph of security metadata, enabling teams to visualize and query interconnected risks. This graph-based approach simplifies the identification of critical threats, helping security teams quickly detect attack paths and address the most critical risks. For example, a simple query can identify: 

  • Resources accessible to the “AllUsers” group that contain sensitive data, 

  • Publicly-exposed containers with high Kubernetes privileges, 

  • Externally exposed, unpatched VM instances with plaintext SSH keys. 

 

 

Figure 2: Wiz Security Graph uncovers most critical attack paths 

 

Coordinated and automated "low-code" remediation and response 

Wiz’s advanced "low-code" remediation capabilities enables organizations to address security issues through a coordinated and automated approach. These remediation and response features empower cloud security teams to enforce security best practices in real time while equipping incident responders with tools to quickly contain incidents and minimize the blast radius. 

Key benefits of this new capability include: 

  • Streamlined Investigation and Remediation: Identify misconfigurations detected by Wiz and remediate them with a single click. 

  • Automated Policy Enforcement: Set up automation rules to auto-remediate misconfigurations that deviate from organizational security policies. 

  • Real-Time Response: Leverage Wiz’s real-time CSPM detection to respond promptly to threats and maintain compliance. 

  • Incident Containment: Rapidly respond to unfolding incidents to limit their impact and reduce the potential blast radius. 

  • Customizable Infrastructure: Add tailored remediation functions to meet the unique needs of your organization. 

These automation capabilities offer versatile applications. Teams can use them to determine that configurations consistently adhere to security best practices by addressing deviations as they occur. In the event of cloud security incidents, these tools facilitate swift, automated responses to mitigate risks and minimize potential damage. 

Democratize Security 

Traditionally, cloud security has been the responsibility of centralized security teams who may not always have a deep understanding of the cloud environment or applications. Meanwhile, cloud and application teams who are responsible for managing workloads often lack strong security expertise. This disconnect can lead to security teams becoming bottlenecks, slowing cloud adoption and application modernization. 

The new cloud security model democratizes security by embedding it seamlessly into the responsibilities of all teams and not just security experts. This provides security teams with continuous visibility, while cloud and application teams receive alerts with actionable context, making security everyone’s responsibility. For example, if a DevOps team spins up a new Kubernetes cluster or a developer experiments with a new Artificial Intelligence (AI) service, security team is instantly made aware and they can assess associated risks. If there is any risk or a threat to critical assets, or compliance baselines are violated, the responsible development team is automatically alerted with clear context on why the risk is critical and guidance on how to address it. This approach maximizes the impact of both security and development teams without requiring additional headcount, ensuring that security is integrated into the development process from the start. As Generative AI (GenAI) adoption grows, this collaborative approach helps both security and development teams rapidly adapt to new risks and technologies. 

 

Figure 3: New cloud operating model democratizes security by incorporating it into everyone's roles 

Platforms like Wiz play a key role in democratizing security by providing comprehensive visibility into security risks and delivering prioritized lists of critical fixes directly to the relevant teams. This approach allows teams to address risks within their own workflows, making the secure path as the easiest path and bridging the traditional gap between development and security. 

With Wiz, each team has tailored visibility into their specific cloud resources and security posture, empowering them to manage security without overwhelming non-security professionals. Additionally, the Wiz Security Graph simplifies cloud security management by helping users navigate and resolve security issues effectively. 

  

 

Figure 4: Wiz empowers teams to remove cloud security risk in their own workflows 

Benefits of using CCMS powered by Wiz and Wiz Secured AWS Landing Zone 

  • Speed of Deployment: Wiz’s agentless design enables rapid setup, providing insights within hours, a critical benefit for organizations that need quick implementation 

  • Automated Operations: Wiz’s self-updating nature minimizes manual intervention, facilitating ongoing protection without disruptive software updates 

  • Cost Savings: Automation of complex tasks and democratization of security across the organization support efficient operations 

  • Scalability for the Future: Wiz’s platform evolves with AWS and meets the changing needs of cloud security 

In summary, Wiz Secured AWS Landing Zone, along with Deloitte’s CCMS, can help organizations enhance security across their AWS environments, offering teams rapid deployment, automated security, and democratized access to risk management. With its modern approach, Deloitte’s CCMS powered by Wiz enables organizations to better secure their cloud infrastructure with agility and confidence. 

 

[1] As used in this document, ‘Deloitte’ means Deloitte & Touche LLP, which provides audit, assurance, and risk and financial advisory services and Deloitte Consulting LLP, which provides strategy, operations, technology, systems, outsourcing and human capital consulting services. These entities are separate subsidiaries of Deloitte LLP. Please see www.deloitte.com/us/about for a detailed description of our legal structure. Certain services may not be available to attest clients under the rules and regulations of public accounting. 

Continue reading

Get a personalized demo

Ready to see Wiz in action?

“Best User Experience I have ever seen, provides full visibility to cloud workloads.”
David EstlickCISO
“Wiz provides a single pane of glass to see what is going on in our cloud environments.”
Adam FletcherChief Security Officer
“We know that if Wiz identifies something as critical, it actually is.”
Greg PoniatowskiHead of Threat and Vulnerability Management