Assent transforms its cloud operating model by fostering a security-first culture with Wiz

Challenges 

• With a growing cloud infrastructure and multiple tools, Assent looked to minimize a fragmented view of the risk landscape. 

• Assent looked to reduce alert fatigue due to a lack of contextualized risk detection.  

• Assent wanted to increase collaboration between security and dev teams by getting the right information in the relevant hands to identify and resolve issues faster. 

Solutions 

• Assent has clear, real-time visualization of what’s happening in its entire infrastructure using the Wiz Security Graph. 

• Assent identifies vulnerabilities and correlates risk to determine their severity and provide recommendations on how to proactively remediate issues using Wiz. 

• Assent empowers its security and dev teams with contextualized reports that provide guidance and prioritizes starting points. 

Trusted by the world's top manufacturers

Helping companies gain deeper insights into their supply-chain sustainability while protecting their reputations with anti-bribery, corruption, slavery, and human trafficking solutions is sensitive work. But Assent created a supply chain sustainability management platform that allows manufacturers to do just that. The solution collects data from their supply chains to ensure their products are safe, sustainable, and compliant with regulations. With over 700 customers, including many in the Fortune 500, Assent is trusted by some of the world’s most responsible, sustainably-focused complex manufacturers and security is a top priority.  

“We work with some of the biggest companies in the world, and we ingest, use, and report on that data,” says Darcy Boynton, the Manager of Security and Network Operations at Assent. “Ensuring that their data is secure is of the utmost concern.” 

Empowering teams through the cloud 

As Assent has grown to more than 700 clients, the strategy has evolved alongside. This included a shift to the cloud, and running on multiple environments ever since. During this process, minimizing friction between security and dev teams became critical.  

“We don’t embrace the ‘us versus them’ mentality you see at some companies where teams are siloed,” says Boynton. “Collaboration is built into our culture. When people join the company, no matter what their department is, one of the very first onboarding topics is security.”    

“We've embraced and adopted many cloud-native technologies,” says Boynton. “This empowers teams to become familiar with cloud computing and use those services and tools.”  

One or two accounts is still pretty straightforward to monitor and check what’s going on. But as you start to scale and ramp up into a lot of CI/CD pipelines from the dev side, it becomes incredibly important to have that visibility.

Darcy Boynton

Manager of Security and Networks Operations, Assent 

Embracing Automation 

As Assent scaled, it was important to reduce labor-intensive processes, and the security team was looking for a solution that would automate processes. 

“We found ourselves looking for a more streamlined way to identify and view information,” says Boynton.  

Assent found that many companies were saying they offered a single pane of glass view of the risk landscape, but none really delivered. “It was more like 15 different modules or tools mashed together,” says Boynton. “You're going to all these different places to get the same information. Seeing Wiz was eye-opening for us that a tool like this had come to market.” 

Almost too good to be true 

Assent could see the value that Wiz could bring immediately.  

“When you’re enabling developers to very quickly iterate and ship applications and software, it becomes incredibly important to have that in-depth visibility of your entire environment from just one place,” says Boynton. “​​One great thing Wiz does is provide all the information we need to get started and dig deeper.” 

Wiz was one of the only products where we could see the value and immediate cost-savings it would bring.

Darcy Boynton

Manager Security and Network Operations, Assent

When Assent ultimately deployed Wiz across the organization, Boynton and his team were very quickly impressed with the product’s functionality. “We started crawling the organization in the afternoon and when I logged back in at 7 a.m. the next day, everything was there,” says Boynton.  

Boynton claims Wiz is greatly expanding the reach of Assent’s security team, empowering team members with the tools to be successful. “How Wiz pulls third-party software inventories off computers is magic,” says Boynton. “When you have a large dev team that's working at a rapid rate, trying to get a handle on how many third-party software dependencies you have is critical.”  

Making the case for visibility 

Wiz is also helping the security team communicate information with C-Suite executives by making it easier to show what the issues are and what needs to be done to fix them. “It’s immediate. It’s visual. This is very impactful.” says Boynton.    

When you start to truly scale outside of that one and two account footprint in the cloud, where a relatively small team can keep an eye on it, Wiz is a truly a best-in-class solution.

Darcy Boynton

Manager, Security and Network Operations, Assent 

Saving people hours and money 

Assent uses Wiz to get the context and remediation guidance it needs to address issues quickly. 

“Wiz gives you a great starting point to resolve issues,” says Boynton. Wiz is also helping Assent by allowing a junior level analyst to get to work immediately. “When the security team opens a ticket, they rarely receive questions as Wiz has already provided that information,” says Boynton. “Wiz is very easy to use for onboarding people.” 

We're opening tickets faster than we ever have before. Our junior level SOC analysts don't have to reach out to the more senior people to get that context—Wiz already provides it.

Darcy Boynton

Manager, Security and Network Operations, Assent

Additionally, with Wiz, the security team doesn't have to do a lot of back and forth about what a particular ticket is about, and dev teams are becoming more efficient because they don't have to wait for answers to get their job done. “It takes a significant amount of manual effort to match an initial ticket to the information needed to address it. With Wiz, we no longer need to worry about that,” says Boynton. 

Assent is taking advantage of how easily Wiz integrates into the CI/CD pipeline and prevents issues from being deployed. “We've been using Wiz to validate and vet configurations,” says Boynton. “When anything is deployed into the dev environment, we use Wiz to validate the changes that pass down through production.” 

Security forward 

Assent is committed to security, and Boynton is looking forward to growing his team and keeping an ear to the ground for industry trends. Moving forward, Assent will be looking for new ways to use Wiz, including empowering team members to use Wiz’s custom reporting capabilities.  

Boynton also points out that the AppSec team is a heavy user of Wiz, and they are excited to continue leveraging Wiz. “Everyone in the organization wants visibility. It’s everything, so we’re looking at more ways to give this same visibility to other parts of the organization,” says Boynton. “I think Wiz is changing the industry. If you use clouds and you’re scaling, and you don’t have Wiz, you’re in trouble.” 

Wiz is not a nice to have, it’s critical.

Darcy Boynton

Manager, Security and Network Operations, Assent