SafetyDetectives spoke with Dazz co-founder & CEO Merav Bahat, about cloud security vulnerabilities, what to do if you’re the victim of a cyberattack, cybersecurity trends, and more.
What is your background, and what motivated you to start Dazz.io)
I have spent my career creating category-leading technology products and building high-impact teams.
Previously, I served as General Manager for the multibillion-dollar cloud security global business at Microsoft and was also Deputy CEO of Microsoft Israel R&D, overseeing more than 2,500 employees. Prior, I was Product Strategy Group Director for the Microsoft Cloud & AI Security business unit, and before that, Chief of Products and Business Development of Flash Networks, where I was a core member of the management team that led the company’s triple-digit annual growth and domain leadership.
I left Microsoft and founded Dazz to help customers get cloud security right from the beginning by fixing the biggest source of pain and risk for CloudSec and Dev teams – the cloud remediation process.
How does Dazz differ from other companies in the same market, and what unique features or services does it offer?
While cloud development brings greater speed and agility, there is a cost of doing business in the cloud: more complexities, vulnerabilities, and risks. Security teams are buying more controls to proactively detect issues but are now overwhelmed by the magnitude of alerts, duplicate alerts, and false positives coming at them. The process of manually investigating, triaging, and responding to issues is consuming their workday. It can take weeks to cut through the noise, prioritize issues, find root causes, and locate the right code owners to fix them. The longer risk windows are open, the greater risk there is to the business, as attacks in the cloud are super fast.
Developers–which nowadays can be infrastructure teams, DevOps, Platform teams, or application teams–are frustrated with their growing backlog of security fixes. To them, the security team is throwing issues over the fence with zero context and little to no understanding of the CI/CD process.
Everyone is frustrated by the inefficiency of the current remediation process, which wastes time and resources, drains productivity, creates friction between teams, and derails innovation that drives revenue for the business.
Dazz solves these problems by automating how security teams uncover blindspots, triage issues, shrink alert backlog into actionable root causes, and streamline remediation in the developer’s workflow. We improve the lives of cloud security and development teams, not by adding more alerts but by taking the pain and inefficiency out of the manual remediation process. Instead of chasing a never-ending backlog, security teams are able to pinpoint the issues that matter most and rapidly communicate with context to developers. On average, our customers experience that MTTR improves by 90% or more, duplicate alerts are reduced by 90% or more, security and development teams collaborate better together, and risk windows shrink from weeks to hours. What’s more, we keep developers focused on what they do best—coding.
What are the biggest vulnerabilities with cloud security, and how can a company secure its data?
Believe it or not, the biggest vulnerabilities are cloud misconfigurations. And according to Gartner, the biggest contributor to data breaches are human error, including vulnerabilities and misconfigurations that are known but have not been fixed.
Can you speak to the importance of incident response planning and what steps should be taken in the event of a cyberattack?
When an incident or breach occurs, the biggest issue is less about the planning and more about the lack of visibility into your environment. This is especially true of an organization’s cloud-based software development lifecycle (SDLC). Traditional detection tools don’t map the relationships between cloud environments, code repos, other security tools, and code owners. As a result, security teams don’t know where to start remediating. When we do preliminary cloud security assessments before deploying Dazz in customer environments — even if there are modern security tools in place — more often than not, we find rogue pipelines that are un-monitored by security detection tools like CSPMs, CWPPs, and vulnerability scanners.
What are some of the most common cyber threats that individuals and organizations face today?
When it comes to an organization’s software development pipelines, the threat is real. For many organizations, these are the crown jewels because they enable access to customer data, company data, and other valuable IPs. Unaddressed vulnerabilities can lead to compromise, either of the environment or the application being developed. This can be devastating, perhaps even existential.
How has the cybersecurity landscape changed over the past few years, and what trends do you see emerging in the near future?
Digital transformation has led to many more threats to organizations’ cloud environments. The pace and growth of companies migrating applications and workloads to the cloud have grown immensely because of how efficient it is to develop software there. One of our customers began by migrating fewer than five applications to their cloud CI/CD process, and in three short years, now has more than a thousand applications there. Because that’s where the action is, that’s where we’re seeing the growth in threats, exposures, and even breaches.