Challenge
Blackstone is expanding their presence in the cloud, and requires cloud-native security to enable them to identify and prioritize issues across their environment.
Blackstone was looking to address multiple security use cases with one platform, rather than isolated point solutions, to address real and complex risks, and wanted to avoid agents wherever possible.
Their forward-thinking Security team was seeking a security partner that could work with them to achieve advanced cloud-native use cases and solve cutting-edge problems.
Solution
Wiz delivered a cloud infrastructure security solution that consolidated CSPM, CWPP, and more capabilities into one unified platform that the Blackstone team could leverage to address deep cloud-native risks that span the cloud stack.
Wiz's agentless deep scanning deployed within minutes and began identifying and correlating issues across the cloud stack immediately.
Wiz's network and identity exposure engines answered Blackstone's advanced cloud-native questions and met their high security standards.
Blackstone is the world’s largest alternative asset manager, with $731 billion in assets under management. As Blackstone’s Technology team started their digital transformation journey, a major focus was moving to the cloud to be more flexible and agile for their stakeholders and constituents. Blackstone uses Amazon Web Services (AWS) exclusively, and their Security team was looking to implement advanced use cases that required them to go beyond isolated misconfigurations or vulnerabilities and understand the real risks in their cloud.
Blackstone’s Security team identified five key categories of focus that came with moving to the cloud: posture management, breach path detection, vulnerability scanning, secrets management, and container management. They quickly realized that addressing these categories separately wouldn’t allow them to achieve the granular level of security they wanted across identities and network exposure in AWS.
Although we could have had similar capabilities with multiple products, integrating them together was challenging for us since we had limited resources. We appreciated that Wiz's product was able to consolidate five key capabilities that we felt were important to securing our cloud environment using a single platform. They made it so that one resource could operate that environment and then connect it and empower the owners of our cloud workloads to remediate issues quickly with minimal involvement from our team.
Adam FletcherChief Security Officer, Blackstone
As Blackstone’s Security team explored cloud security solutions, they realized that in order to achieve the level of risk-centric security that they wanted, they needed to find a tool with a deep understanding of cloud that would help them actually focus on key areas, not isolated issues. To center their focus meant finding something that would allow them to avoid dealing with multiple products that don’t integrate well together. Given the dynamic and ephemeral nature of the cloud, they also wanted to avoid relying too heavily on agents wherever possible. So they set out to find an agentless solution that could help them address use cases like network exposure in hybrid cloud environments, the secure use of AWS roles in mixed Kubernetes and cloud identity scenarios, and others, in one place. After a few false starts with other solutions, they found Wiz.
When we looked at Wiz, we were impressed that the product was not just a point solution that could identify an isolated misconfiguration in a single layer of your cloud environment, but really one that could consolidate information using their graph database across multiple layers of the cloud environment to identify where a breach path could be, or what is at risk in our environment. Pulling that into a single user interface that's intuitive and easy to ask questions and get answers from, that was something we felt was missing.
Adam FletcherChief Security Officer, Blackstone
Wiz combines traditional CSPM and CWPP functionality with an advanced Cloud Risk Engine to analyze secrets, permissions, and network exposure. With the Security Graph, Wiz was able to identify the toxic combinations of flaws across multiple layers that represent real risks. This allowed Blackstone to visualize their full cloud environment and answer questions like “what kind of coverage do I have with my other security tooling?” and other customizable queries. By leveraging Wiz to agentlessly scan their workloads and full environment and layer together misconfigurations, network exposure, exposed secrets, vulnerabilities and more, Blackstone had the visibility and power they needed to address their advanced use cases and see how everything in their cloud environment interacts together.
I see Wiz as the cloud security platform for people who understand how to protect the cloud. Wiz has all of the capabilities that we've identified as core to our cloud security strategy, and I look forward to seeing them continue to grow. As the cloud providers engineer new solutions that require new security technologies, I'm confident that Wiz will develop them.
Adam FletcherChief Security Officer, Blackstone
Blackstone collaborated with Wiz around key use cases to chart the advanced security journey they wanted to implement in AWS. For example, the team is using transit gateways to connect their on-premises environment with their AWS cloud environment in a cloud-native manner. For security purposes, they wanted to determine not only what’s accessible from the internet in their AWS environment, but also what’s accessible from their private networks. They worked with the Wiz team to extend Wiz’s built-in network exposure analysis to handle this use case and ensure the security of their cloud migration on the network exposure level. By partnering with Wiz, Blackstone could leverage their deep understanding of cloud security to realize the most advanced and customized use cases they had.
Wiz has provided value for Blackstone’s Security team, acting as a foundational solution to help them secure their move to the cloud and implement advanced security functionality across use cases with network exposure, identity analysis, and more. With Wiz in place, Blackstone has the cloud-native visibility they need to feel more assured in their cloud security, so they can continue to move faster and make better decisions.