Challenge
A complex multi-cloud architecture managed by multiple teams made it difficult to establish clear and consistent security processes.
As a fast-growing company, AppsFlyer needed to ensure that it could protect its cloud environment without letting security become a barrier to developer productivity and efficiency.
AppsFlyer needed a security solution that was easy to deploy and manage at scale, and that was capable of delivering deep, contextualized visibility into security risks.
Solution
AppsFlyer operationalized security management across its wide range of cloud environments and workload types with one CNAPP tool.
By scanning infrastructure as code (IaC) for security risks before they are applied, AppsFlyer empowered development teams to shift left.
AppsFlyer gained complete visibility into its infrastructure using Wiz's agentless scanning capabilities and centralized security dashboard.
Scaling security in a rapidly maturing organization
One of the greatest challenges for any marketing team is attribution. Clearly connecting a return on investment (ROI) for specific ad campaigns is especially challenging, and AppsFlyer provides campaign performance metrics to help businesses maximize customer lifetime value. These ROI challenges are so common, in fact, that AppsFlyer has experienced exponential growth in the last few years. The organization has nearly doubled its headcount and has nearly 400 developers.
These teams also work across a sprawling cloud infrastructure. Their cloud environment operates across more than four cloud providers, processes more than 1 billion daily compute events, and uses more than ten different programming languages. This has presented a large challenge for its security team as it works to protect the growing infrastructure. “We experienced a tremendous amount of growth,” says Danny Robinson, Cyber Security Engineering Manager at AppsFlyer. “We had to think about a company security strategy that would serve us whether we were supporting 1,000 employees or 5,000.”
We were fighting fires because they needed to be put out, but what we really needed was a strategy. And that strategy needed to include new ways to help our teams connect and work together.
Doron Schwartz, DevSecOps Engineer, AppsFlyer
To meet these new needs, AppsFlyer brought in a new CISO, Dikla Saad Ramot, to unify its existing security processes. Centralizing the company’s security program with this team included moving away from project-based security toward a more strategic, risk-based approach. Instead, the team wanted to reduce time spent on manual vulnerability investigation and connect its disparate tools.
Additionally, the organization found that its security team, which is subdivided into engineering, operations, and governance teams, needed a more direct way to communicate. “We had to learn how to speak the same language in our weekly meetings and be able to react to issues quickly,” says Robinson. AppsFlyer needed more than a tool; it needed a security partner to help shape solutions to the security challenges posed by its sprawling and dynamic cloud environment, including a major focus on IaC scanning. It was during this search that AppsFlyer found Wiz.
Shifting left by shifting security priorities
Knowing that the team wanted to improve visibility, communication, and collaboration, it initially adopted Wiz as a CSPM solution to simply monitor its infrastructure while using other solutions to remediate. With AppsFlyer’s multi-cloud environment—one that includes extensive infrastructure as code (IaC) such as virtual machines, containerized apps hosted on Kubernetes, and standalone containers—the team found they also had to unify monitoring and remediation to create smoother deployment processes.
Further consolidating its security management led AppsFlyer to adopt Wiz for IaC scanning to take advantage of more functionality within a single tool and further centralize its CNAPP solution. “We wanted to implement IaC into our pipelines, but to do it right, we needed to easily scan our critical infrastructure deployments,” says Robinson. “With Wiz, all of our scanning runs in the same place, and we have a clearer, more holistic view of our security posture.” Equipping the team with more contextualized and focused information about its risks helped AppsFlyer gain a more holistic view of its extensive infrastructure. The team has been able to use Wiz’s agentless scanning to free up time to strategize and design more explicit guidelines for what the company considers valid, secure infrastructure.
As a cloud-native company, cloud security is an essential part of our security strategy. Working with Wiz to scale our security program has helped us keep pace with rapid changes in technology requirements and our own capabilities to adapt to those changes as they come.
Dikla Saad Ramot, CISO, AppsFlyer
This change in approach has also helped the team shift left, or prioritize reviewing and addressing risks earlier in the development process, and improve collaboration between the security engineering and development teams. With greater context into their risks across AppsFlyer’s complete infrastructure, teams have gained a better understanding of which risks need to be prioritized. “With our previous solution, we would be notified of many vulnerabilities that weren’t actually exploitable,” Robinson says. “Our team was spending a lot of time reviewing non-issues, but now we can understand which of our risks are important.”
Operationalizing security to build stronger teams
One of the most important goals for AppsFlyer was to use its new security tooling to improve the relationship between security and research and development (R&D). To achieve this, security knew they had to share information in a way that wouldn’t impact production timelines. “Supporting the relationships with our R&D teams is more important than fixing any single issue. We’ll fix the risks,” says Robinson. “The more important thing for us was not blocking anyone.”
The company integrated Wiz with their incident response platform to streamline responses to security alerts and trigger automated remediation workflows created by AppsFlyer's operations team. “Wiz helped us change the mindset around what a security platform does for the organization,” Robinson says.
“Moving us from a time when other teams saw security as a blocker to today when those same teams come to us to start a conversation is an important change,” added Doron Schwartz, DevSecOps Engineer at AppsFlyer. “We can more easily work together to discuss how they can safely start projects.”
We needed a holistic view of our entire cloud infrastructure, applications, and the level of risk in each of those assets. It can be difficult to know where to start conversations about an environment of this size, and we get that visibility out of the box with Wiz in just a few clicks.
Danny Robinson, Cyber Security Engineering Manager, AppsFlyer
With a more comprehensive view of its environment, the team was also able to quickly identify and remediate issues related to Log4J. “When Log4J hit, we didn’t have to start scanning, Wiz did it automatically,” Robinson says. “We were able to identify the responsible teams, share the issues they needed to address, and point them to which files were impacted—all in one place.”
This single pane of glass approach has also made reporting simpler than ever. “When we’re asked about AppsFlyer’s security posture, we can provide absolute numbers that speak for themselves, and when we need it, we also have contextualized answers about our security health,” Robison says. “We didn’t have the ability to do that before, and it’s made a massive difference in how we share information.”
Soaring into a new era of security with AppsFlyer
While collaboration across AppsFlyer’s security teams continues to improve, the company is looking toward additional solutions to make the process even smoother. This includes bringing its runtime scanning into Wiz with the Runtime Sensor to get even more context around why a vulnerability is exploitable and further reduce time spent remediating unnecessary risks. This will be especially important in the world of virtual machines and docker images to further secure its live, containerized applications.
