Challenge
Matillion's compact security team faced inefficient workflows: manual piecing together data from multiple cloud and runtime security tools and creating bottlenecks in their threat detection and vulnerability management processes.
Maintaining five to six separate security solutions was a financial and operational burden for Matillion. Their tools had overlapping functions and features, driving up costs, yet their siloed nature meant that Matillion still lacked complete visibility across their multi-cloud environment.
Matillion's reliance on a managed SOC provider meant they had little control over their incident readiness and threat detection. Adjusting ignore rules, for example, could take days.
The combination of fragmented workflows, overlapping tools, and slow response times created both financial and operational burdens. Matillion needed a solution to consolidate its security stack, reduce costs, and gain unified visibility.
Solution
Matillion selected Wiz to simplify and centralize its cloud security operations. By adopting Wiz’s unified platform, the team consolidated multiple tools and gained a single view of their entire cloud and runtime environment.
Key capabilities adopted:
Unified visibility across AWS, Azure, and GCP environments
Consolidation of multiple security tools into Wiz Cloud and Wiz Runtime Sensor
In-housed threat detection with Wiz Defend, replacing the managed SOC provider
Enhanced data security posture management (DSPM), giving the team proactive insight into sensitive data exposure and potential attack paths
50% cost reduction
by replacing managed SOC with Wiz Defend
Minutes vs. days
to implement threat detection logic changes and ignore rules
1 weekend
to implement Snowflake integration during critical security event
Building rapidly while maintaining security
Matillion, a data productivity platform for data teams, is on a mission to remove data friction for its customers by providing an all-in-one, low-code/no-code platform for building and managing data pipelines.
To protect their global workforce and cloud-native infrastructure, Matillion's lean security team has to secure a complex environment. This includes containerized applications in Kubernetes across multiple AWS accounts, with additional Azure and GCP tenants used for testing. For a lean team responsible for security operations and engineering, efficiency is critical.
Consolidating tools to increase efficiency and reduce costs
Before implementing Wiz, Matillion struggled with tool sprawl and inefficient security workflows. The team was managing 5-6 different security tools, each focused on specific functions like container security, AWS configuration, or threat detection. These siloes made it difficult to connect the dots between potential risks and vulnerabilities and understand what needed to be fixed or monitored within their environment.
"We had one tool for container security, including configuration, inventory, threat detection, vulnerability management. We had AWS config, which was basically what we were using for inventory," explains Nate Stevens, who handles the technical side of security operations at Matillion. "All that data was in different places. Trying to bring it together was a nightmare. "
The team also depended on a managed SOC provider for threat detection, which limited their control and slowed response times. Changes to ignore rules could take days to implement, and adding new threat detection rules equally took days to coordinate with their MDR.
We used a managed SOC, so we didn’t have much control — especially when it came to suppression rules. Every change had to go through them, and it could take days. With Defend, we have full autonomy. We can adjust what we need, when we need it.
Nate Stevens, Security Operations, Matillion
The decision to evaluate Wiz was primarily driven by the desire to consolidate tools and reduce costs. James Collinson, Security Operations Manager explains, "Our primary goal was to consolidate our operations to reduce overall spending. The main benefit was centralizing everything into one product, which allowed us to detect and address threats and issues more efficiently.
Securing cloud, containers, and Kubernetes environments with Wiz
Matillion started by consolidating multiple tools with Wiz Cloud and the Wiz Runtime Sensor. improving secure configurations and posture (CSPM) for their AWS environment in addition to monitoring their container workloads in production. As an added benefit, they found Wiz also provided DSPM capabilities they didn't have before, proactively identifying and classifying sensitive data in their environment and alerting them to attack paths that could lead to a breach.
As the team became more familiar with Wiz, they identified opportunities for further tool consolidation. This led them to implement Wiz Defend, bringing threat detection functions in-house and replacing their managed SOC provider.
"We quickly realized with Defend that we could manage this ourselves with a team of three," Collinson highlights. "While a significant driver was financial, this was only possible due to Wiz Defend's effectiveness."
The transition to Wiz Defend resulted in substantial cost savings. Stevens notes, "We halved our costs by moving from our managed SOC to Wiz Defend, which includes the cost of both log collection and the Wiz license."
Beyond cost savings, the team has been impressed with Wiz's rapid pace of development and new features. "The pace of change with you guys and the rate of development and new features... it's just kind of mind-blowing," says Collinson. "One of the key things and the reasons why I would always like to stay with Wiz is there's just so much new functionality coming out."
The time to value is just amazing. I don't think I've seen this level of immediate impact in any other security tool over the past few years. The value Wiz delivers in such a short period of time is remarkable.
James Collinson, Security Operations Manager, Matillion
Dramatically increasing coverage while slashing response times
By using Wiz Defend, Matillion's security team dramatically improved their threat detection and response capabilities. They reduced their mean time to investigate (MTTI) and mean time to respond (MTTR) by hours by creating automated workflows that route and triage alerts to dedicated Slack channels based on severity and context.
Matillion achieved faster response to their most critical threats with Wiz by setting up an integration with PagerDuty for immediate notification and response on their high-severity threats. Lower-severity threats are given longer Service Level Agreement (SLA) and don't trigger direct alerts, keeping the team focused on what matters most.
Lastly, Wiz enabled Matillion to detect, investigate, and respond within one interface, effectively becoming their end-to-end incident management platform . Using the bidirectional Wiz integration with Jira to automatically create dedicated tickets for threat issues. This and the deep context available with Wiz Defend’s threats enabled the team to manage findings, quickly validate true and false positives, and escalate incidents without friction. The two-way sync between Wiz and Jira allows them to resolve most issues directly within Wiz, keeping documentation synced and eliminating the need to switch platforms. As Stevens explained, "We go into Wiz, we deal with it in Wiz, we stay in Wiz."
Prioritizing based on exploitability, investigating in real-time
With Wiz, Matillion gained a single comprehensive and prioritized view of its entire cloud environment, both in terms of actual risks and exploitable vulnerabilities.
Wiz allowed Matillion to start using an Exploit Prediction Scoring System (EPSS) via the Wiz API, prioritizing vulnerabilities that are actually exploitable and directing engineering efforts more effectively. As Stevens explained, they can determine if a vulnerability is actively being exploited in their runtime or just exists on a device.
With context-rich insights, the Wiz Security Graph has become a crucial tool for investigations. Its flexibility allows them to quickly gather information and answer questions from other departments far faster than with their old tools. Matillion also used Wiz's cloud-native threat intelligence capabilities to provide timely alerts for new vulnerabilities discovered in their environment, gaining quick understanding of exposure as well as both high-level summaries for executives and technical details for engineers.
Looking ahead: Securing AI and optimizing costs
As Matillion scales its security program, the team is focused on enabling secure AI adoption across the company. “There’s a big push to embed AI in everything we do — from corporate workflows to how our engineers write and ship code, even into our products,” says Stevens.
That shift brings new risks, especially around exposed secrets or sensitive data being logged. “Wiz helps us stay ahead of those challenges by giving us visibility into where AI services are running in our cloud,” Stevens adds.
The team is also streamlining its stack — replacing legacy tools with Wiz as new capabilities roll out. “It keeps unlocking new opportunities,” says Collinson. “As Wiz expands, we’re spotting more areas where we can consolidate and cut costs, which is a huge focus for us right now.”
For others evaluating Wiz, Stevens puts it simply: “Think about all the tools in your stack. Chances are, Wiz covers them. It’s broad, it’s deep, and you can shape it to fit the way your team works.”
