As the company grew, the amount of data and number of alerts also increased. The company looked for a new solution that provided full visibility of its environment with strong contextual prioritization of risks to help it scale and remain efficient.
Fiverr wanted to empower its development teams to take ownership of resolving issues and enable them to move fast without sacrificing security.
Fiverr had multiple security standards and regulations, it looked for a solution that would provide more efficient and effective incident response.
Fiverr deployed Wiz to gain comprehensive visibility into all cloud resources (IaaS, PaaS, SaaS), identify and prioritize security risks, and automate enforcement of security policies.
Fiverr prioritizes the issues with Wiz’s contextual graph correlation that lowers the number of critical risks dramatically.
Compliance reports are automatically generated with Wiz’s reporting functionality to help maintain compliance with multiple security standards and regulations.
Fiverr's Security Manager Idan Pinto knew that he needed an advanced tool with new features and capabilities to deal with cloud risks as they evolve every day.
"Our previous primary tool for cloud risk management didn't give us the comprehensive visibility we needed into all of our cloud resources," explains Pinto. "It was difficult to use and get the information we needed out of it, and it didn't provide the context necessary to properly assess risk and prioritize remediation efforts."
Fiverr also needed a solution that empowered its development teams to take ownership of security without slowing them down.
Trying to bridge the gap between development teams who just want to move fast and our security team's need to protect the company was a real challenge. We needed a way to give developers the autonomy they need while still providing the visibility and control that our security team needs.Gai HanochiVP, Business Technologies, Fiverr
Fiverr also benefits from Wiz's ability to map the findings to the different security standards like ISO27001, SOC2, and PCI DSS, and presents them in a report.
“Seeing the risks and findings mapped to the different certifications in Wiz really helps me focus and prioritize my work” says Pinto.
Pinto turned to Wiz for a solution that would not only deliver the visibility and control needed to manage security risks across Fiverr’s AWS environment, but also help prioritize risks based on context and business impact.
"At the beginning, we wanted to focus on identity management with cloud events to catch lateral movement in our cloud infrastructure. Connecting Wiz was easy, with help from the support team and documentation."
"Our first issues appeared within a couple of hours. Some of them were really interesting, things that we hadn't seen before. They were related to the combination of identity management and external exposure," explains Pinto. "After that, we started connecting more and more accounts and now we have full visibility in our cloud infrastructure and the added ability to see all the events in our environment."
With Wiz Cloud Detection and Response, Pinto was able to finally give developers the tools they needed to act with more autonomy.
We use Wiz to monitor and alert us of changes in our AWS environment that could be security risks. We assign all issues to the owners performing the change and give our development teams the ability to self-service their own needs while also remaining compliant with our internal security policies.Idan PintoSecurity Manager, Fiverr
Pinto and his team have been able to quickly address risks with Wiz.
"We've had a few scenarios where we were able to identify issues early and prevent them from becoming full-blown incidents.” With Wiz, Pinto has been able to not only streamline remediation efforts for security standards, but also automatically map the risks in the compliance reports. "This has been a huge help for us in maintaining compliance with multiple security standards and regulations."
Since deploying Wiz, Fiverr has seen a significant reduction in its overall cloud security risks and discovered vulnerabilities missed by the previous solution. The team has also been able to respond to incidents more quickly and effectively, saving both time and resources.
"The automation that Wiz provides and the available integrations to our messaging systems helped close loops in a timely manner and collaborate with our DevOps and R&D teams," says Pinto. "Using the prioritization that Wiz provides, we are able to focus on the actual critical issues in our environment."