Wiz Defend ist da: Bedrohungserkennung und -reaktion für die Cloud

Maple innovates virtual healthcare securely with Wiz

Maple, Canada's leading health tech company, uses Wiz to enhance its cloud security posture, enabling rapid and secure innovation in telehealth services.

Maple

Industrie

Gesundheit

Region

Nordamerika

Cloud-Plattformen

AWS

Entwickler-Plattformen

GitHub
Bereit für den Start?
Demo anfordern

Challenge

  • To power the future of healthcare, Maple had to ensure ​the security of its expanding cloud infrastructure ​while addressing tool sprawl and eliminating visibility gaps.  

  • The growth of the business required a new approach from security and development teams as the organization continued to migrate and scale in the cloud and acquire new cloud environments via mergers and acquisitions (M&A). 

  • Maple’s Security Team wanted increased visibility and context to help simplify and accelerate pinpointing critical risks in their AWS environment and prioritizing fixes. For instance, manually assessing the impact and exposure to Log4Shell was time-consuming.  

Solution

  • With Wiz, the Maple security team can continue to uphold high standards for security and privacy while acting as a business enabler and transform telehealth.  

  • Maple supports massive growth and introduces new technologies through M&A without adding security headcount.  

  • Maple uses Wiz to ease the resource burden for the security team, empowering them with automations that decrease manual effort and deep cloud context that supplements internal domain expertise. 

10x improvement  icon

10x improvement

in MTTD and MTTR​, reducing the time to assess vulnerability exposure from weeks to days

Several weeks icon

Several weeks

decrease in M&A process timelines

Maximized operational efficiency icon

Maximized operational efficiency

and handled expanding tech requirements for ​over​ 2 years without additional security personnel

Maple: providing access to healthcare across Canada 

Maple is a leading virtual care provider in Canada, with the goal of enabling people to consult with a doctor or nurse practitioner anytime, anywhere. The organization had a strong security program from the beginning ​to deliver on this commitment, Maple continually looks for ways to enhance​ its cloud security posture while also scaling operations in the cloud by minimizing friction for the security and development teams​ while​ improving the ​platform's user experience​.       

Scaling security and adding new technology at a growing organization 

As Maple’s business continues to scale​, so do its​ security​ needs​. The increase in scale and workloads created new learning curves across teams. The existing native AWS security tooling presented opportunities for optimization and improved prioritization. Patrick Lafleur, Maple’s Director of Information Security & Privacy, recalled that ​the team would begin to ideate an​d say​,​ ‘we want to start using this technology in the cloud,’ and I knew it was in the AWS menu, but not the specifics of what it was going to look like or how it needs to be deployed.”  

The Log4Shell vulnerability underscored the opportunity for enhancement. It highlighted the need for more comprehensive visibility into the end-to-end exposure of the company’s expanding cloud infrastructure. Maple needed the ability to identify exposure in a more turnkey way that may be integrated within its environment; for example, an agent bundled somewhere within the existing tech stack.  

How can we know when a zero-day vulnerability will happen? How can we answer the question of ‘what's our exposure?’ without needing to spend a whole bunch of manual time doing it?

Patrick Lafleur, Director of Information Security & Privacy, Maple

Maple’s existing agent-based solution posed another challenge in that it couldn’t scale to handle the company's expansion through mergers and acquisitions. The company’s previous mergers and acquisitions led to an increase in AWS accounts, and the existing tool could not quickly adapt to protect the larger number of accounts. Maple needed a solution that could integrate new acquisitions into its existing infrastructure while maintaining the integrity of its high standard of security. It also needed a way for teams to standardize their security practices and policies and ensure uniform cloud controls across their AWS cloud real estate. 

Staying with the status quo was not an option. John Kennedy, Maple’s VP of Business Technology, recalls that he knew Maple needed a tool “not just to monitor threats but also to detect vulnerabilities. We had a tool to consider, but it would have required us to deploy an agent. So when we discovered Wiz and the fact that it was agentless, that was a bonus – along with the level of visibility it could give us so quickly.”  

Getting context faster with Wiz 

Maple chose Wiz for a few key reasons: 

  • The ability to understand zero-day alerts quickly via the Wiz threat center -- which enables quick mitigation of risks and minimizes any potential impact on the organization. 

  • Its comprehensive visibility, context, and prioritization for cloud security issues. 

  • Due to the team’s lean structure, a solution with rapid setup was critical.  

  • The team saw value in Wiz's security graph, which allows a search across all machines for a particular vulnerability. (Lafleur mentions that the security graph is valuable even if he’s “not strictly trying to answer a security question, but just trying to view all databases across all accounts.”) 

  • Wiz’s ability to adhere to compliance standards. 

The initial deployment took just minutes using Terraform, and today Wiz scans all repositories and any new AWS accounts automatically. Maple uses a Jira integration to push information to a particular team, with enough context for stakeholders to understand what’s happening and work on it. 

Managing security at scale 

Maple minimizes friction between security and development teams by enabling devs to move quickly. It integrated Wiz with its Infrastructure as Code (IaC) repository and GitHub organization for automatic scanning of Terraform files and repositories (respectively).  

The company also uses Wiz for container security, scanning every time ​the development teams publish a new container​.  

With these integrations, developers have ​improved​ their productivity while incorporating security into their workflows. Lafleur notes that for Maple’s security and development teams, “that's the biggest operational step: taking findings that Wiz generated and putting them where people work. Our engineering team is going to work in GitHub. And the security workflows add a comment to a pull request with Wiz’s findings. So developers don't have to go anywhere else to see what the results are.” 

Operational improvements and business acceleration 

Maple improved operational efficiencies by keeping the security team lean while reducing Mean Time to Detection (MTTD) and Mean Time to Resolution (MTTR) of issues. Lafleur said, “​We were​ able to manage a significant increase in the company’s scale and additional technology without needing to add additional resources. This probably wouldn't have been possible without Wiz. Securing every new resource spun up in the cloud would have taken many more hours more of my time than it does now.” The team managed 2X growth at the company without needing additional hires. 

You get all the context in a Wiz issue; you suddenly have all the information and recommendations about what to prioritize. It's got a link to the portal and a CSV export of all the details. All of this makes it very easy to say, 'This is a high priority. We should work on this next.‘

Patrick Lafleur, Director of Information Security & Privacy, Maple

Using Wiz also accelerated Maple’s merger integration timelines. As John Kennedy notes about creating new AWS accounts post-merger, “When we spin up new AWS accounts, Wiz can quickly analyze the contents of those accounts and give us full coverage on that. A different tool would have required much more manual setup.” Accelerated integration of technology from acquired companies enabled Maple to see the benefits of its mergers more quickly. 

Expanding healthcare, securely 

Maple has big plans for the future. ​​Lafleur​ and the team plan to continue scaling their operations and expanding their reach to make healthcare more accessible to more Canadians. They also aim to continue advancing their cloud infrastructure security while migrating and scaling in the cloud. Maple plans to use Wiz as an integral part of shifting their tech stack and maintaining their strong security posture in a highly regulated industry. 

As we focus on continuing to scale, Wiz is a critical part of how we scale our cloud security operations successfully.

Patrick Lafleur, Director of Information Security & Privacy, Maple

Eine personalisierte Demo anfordern

Bist du bereit, Wiz in Aktion zu sehen?

“Die beste Benutzererfahrung, die ich je gesehen habe, bietet vollständige Transparenz für Cloud-Workloads.”
David EstlickCISO
“Wiz bietet eine zentrale Oberfläche, um zu sehen, was in unseren Cloud-Umgebungen vor sich geht.”
Adam FletcherSicherheitsbeauftragter
“Wir wissen, dass, wenn Wiz etwas als kritisch identifiziert, es auch tatsächlich ist.”
Greg PoniatowskiLeiterin Bedrohungs- und Schwachstellenmanagement