Case Study: Addressing Cloud Security Visibility Challenges with Solvo

Customer Profile

The customer is a large investment firm with billions of dollars under management. With offices worldwide, it operates a multi-cloud infrastructure running both AWS and Azure environments for different development and production needs, serving both internal and external customers.

Challenge

As the firm progressed with its cloud strategy, operational indecencies emerged due to limited security visibility. “We have a network and IT operations platform that enables us to monitor the resources deployed and their health,” says the firm’s Director of Cybersecurity. “But it doesn’t really provide a lot of security information.”

With no effective tools to provide additional clarity and insight into new security events and incidents, the firm’s incident response team had to reach out to the cloud team to provide more context so they could have a better understanding of the event, resulting in friction and disruption.

Solution

To address this challenge, the firm was looking for a solution providing context and visibility into events across the multi-cloud environment, and cloud infrastructure access risks in particular. Several cloud security vendors were evaluated, including Solvo. Following a successful PoC with the security and cloud development teams, the firm decided to implement Solvo initially in the dev environment, and later in production.

According to the firm’s Director of Cybersecurity, the cost-efficiency of Solvo was a major consideration. He explains “We had specific milestones, and we knew that if we bought Solvo we would be able to hit them. We didn’t want to waste a tremendous amount of budget on a solution that comes with multiple different capabilities, but I’m only consuming 2% of them to hit those milestones.”

Result

The installation of Solvo’s platform was seamless and fast. Within two weeks, the firm began submitting remediation tickets for issues identified by Solvo.

The deployment and use of the platform were optimized through a learning phase, gradually building trust in the platform’s automation capabilities. The Director of Cybersecurity explained their approach to automation: “Whenever a new risk is identified, we look at the feedback provided by Solvo, evaluate the output and the script, apply it manually in our lower environments, and test to make sure there’s been no impact. Then, if you have a successful outcome, you should feel fairly competent to do the automation in production.”

The phased approach to automation also fosters improved collaboration between security and engineering teams. “We’re now able to directly provide developers with solutions like, ‘Here’s how to fix your problem,’ instead of simply telling them, ‘You’ve got an issue, go find a solution.’ That’s a significant distinction.”

He adds that before installing Solvo, talking to developers about security concerns was “like speaking another language. They don’t want to be burdened with having to learn something new. They have time constraints and want to be told, ‘This is the problem, here’s the solution’.”

With Solvo, the firm was able to reduce the burden on engineering. When a risk is identified, the platform automatically scripts out the solution so the security team can simply share it with developers in Terraform or AWS CloudFormation. The developers don’t have to do any manual work other than reviewing and validating the code.

Operational benefits

The firm is currently working to enhance the processes for identifying and responding to issues with the ability to automate ticketing for the development team. Using this functionality, developers are instantly notified of new risks introduced by their changes.

“Now they have a ticket within the Jira platform, and an SLA to respond to,” says the firm’s Director of Cybersecurity. “Before Solvo, whenever the cybersecurity team stumbled upon a potential risk, they struggled to find out the actual owner of that risk. Then we created a ServiceNow ticket, and as this is an enterprise-wide solution, we had to navigate through it to get that ticket to the right person.

“Operationally, it significantly improved our workflows for identifying new risks, triaging them, creating tickets, and applying vulnerability standards or SLAs. With the Jira board, we can now see if we are meeting those SLAs. This level of visibility didn’t exist before.”

By using Solvo’s automated ticketing, the firm was able to reduce the time engineers spent identifying the owner of a particular risk, creating the ticket, manually finding out who’s responsible, and monitoring ticket progress.

Conclusions

Deploying Solvo significantly improved security visibility across the firm’s cloud infrastructure. Solvo’s multidimensional approach, leveraging contextual monitoring and analysis of infrastructure resources, applications and user behavior, and the data associated with them, proved highly effective in uncovering and addressing blind spots.

The firm’s Director of Cybersecurity provides an example demonstrating the improvement. “Previously, all the developers and all of the applications were running under a single account. The engineering team decided to move to a new model where each team and each application had its own account. But no one knew what to do with that old original account.

“We had applications still running there, active S3 buckets, and there wasn’t a lot of context on the consequences of turning off a bucket or shutting down this account. Does it impact any other production running in this new environment? Are there specific accounts that are over-provisioned to those resources that aren’t monitored as clearly as the new environment?

“That was the biggest pitfall. We didn’t have a full lifecycle of how different accounts are talking to each other and utilizing these resources, and we struggled to put together a clear picture of what it meant to shut down that old account.”

He concludes “Now, with Solvo, we have a lot more context to the blast radius, and the potential impact of making modifications. The cloud team is using this product actively to engage in operations to start shutting down those legacy apps.”

Request a demo