Challenges:
Yossef Levi, CISO at Mesh, needed complete visibility into applications and workloads but refused to consider agent-based solutions.
Omri Vaizman, senior cloud security engineer at Mesh, wanted a tool that would bring together the context required to triage potential risks.
Mesh sought a security partner that could assist their upcoming shift to containers.
Solutions:
Wiz agentlessly discovers and scans everything in the cloud, even the workloads DevOps doesn’t want anyone to know about.
Wiz automatically correlates evidence from every layer of the tech stack, allowing cloud security engineers to write accurate tickets for devs.
Wiz offers a full-fledged Kubernetes Security Posture Management solution to protect Mesh's containerized environment.
Mesh empowers finance managers by presenting unparalleled visibility, equipping them with the tools they need to optimize and control corporate payments. This transforms the way finance teams operate, giving them a centralized and automated spend management platform that provides maximum flexibility while saving time and effort at every step of the payment journey.
Wiz offers unparalleled visibility in minutes
Founded by Oded Zehavi and Eran Katoni in 2018, Mesh has been cloud-native from day one, building its applications in AWS. Yossef Levi, Mesh’s CISO since 2022, knew when he joined that protecting Mesh’s cloud computing infrastructure would require a similarly forward-thinking security product. “Agent-based solutions simply don’t work in the cloud.”
As he and his team compared cloud-native security tools, Wiz stood out because it actually delivered what its PR promised.
Levi and his team were surprised by how quickly and easily they were able to connect Wiz to their cloud environment, and they were blown away by the total visibility that Wiz immediately provided: “It was hard to believe that after only two or three clicks we received so much information”.
Depth and flexibility put security engineers in control and keep devs coding
Now that Mesh has been using Wiz for more than a year, Omri Vaizman, senior cloud security engineer, does almost all his daily work in Wiz. “Other than email, it’s the first thing I open every day. Wiz has all the information I need to do my job. And it even has built-in dark mode!” He is especially impressed by the wide variety of integrations that Wiz supports and the flexibility this gives him around alerting and automation.
Other security tools seem like they’re trying to suck you in because they force you to log in to receive alerts; Wiz lets me do basically anything I want with Slack, webhooks, the Wiz API, etc. I have complete control.
Omri VaizmanSenior Cloud Security Engineer, Mesh
This flexibility magnifies the impact of Mesh’s security team. In order to free their colleagues in R&D from getting distracted by too many details, Levi and Vaizman perform their own initial investigation and validation of Issues detected by Wiz before sending tickets to developers. The depth and breadth of the information that Wiz assembles for them makes this triage process super smooth, improving the quality while reducing the quantity of tickets they need to hand off to their colleagues.
Wiz lets me tell the developers ‘Fix this package, in that repo, on those VMs.’ All they have to do is fix it, then they get back to work.
Omri VaizmanSenior Cloud Security Engineer, Mesh
On more than a few occasions, Wiz has identified vulnerable packages that the developers’ own tools missed, and the evidence that Wiz automatically assembled allowed Levi and Vaizman to convince their skeptical colleagues in minutes.
Wiz automatically identifies new resources and new risks
Vaizman and Levi work closely with their colleagues in DevOps, sometimes with comical results. Once, when a particularly vulnerable EC2 instance was accidentally spun up, Wiz scanned it and generated an alarming number of critical and high-severity Issues almost immediately. “When I went to DevOps and asked them what was going on with that machine, they were shocked I even knew about it. They had already taken it down. But not before Wiz caught it and scanned it.”
In addition, the large number of granular user roles that Wiz offers allows Levi and Vaizman to grant their colleagues in DevOps direct access to Wiz. This gives everyone at Mesh a common language to analyze cloud security risks and prioritize remediation efforts, reducing their mean time to respond (MTTR).
Mesh embraces containerization
Perhaps the most impactful aspect of the relationship between Wiz and Mesh is yet to come: containerization.
Wiz offers a rich array of features that allow Kubernetes clusters to be inspected, analyzed, and protected in much the same way that Wiz assesses other compute workloads. To Wiz, Kubernetes is just another cloud. As the DevOps team at Mesh engages with R&D to more fully embrace containerization, Vaizman and Levi are ready and waiting to connect Wiz to every cluster. As Levi puts it, “Wiz’s existing features, their roadmap, and their CISO club are showing us how we should build a world-class security program”.
Levi has a simple message for his fellow CISOs: “Modern cloud environments are too complex and dynamic. Without Wiz, you’re lost.”