1. Overview (Project Background)

Global Airline K operates thousands of cloud-based services for worldwide operations and faces a massive security environment that must simultaneously meet global regulations including aviation security, operational stability, and passenger information protection. The key objective was to establish an integrated threat analysis system that manages security complexity and meets global security standards in this environment.

Previously, large-scale cloud infrastructure information and multiple fragmented security solutions each provided information separately. This made integrated threat analysis impossible and made it difficult to identify potential threat propagation, creating challenges in understanding the overall security posture of the cloud environment. Additionally, the existing CSPM solution required agent-based management, creating high operational burden, and the threat and resource relationship visualization features were not intuitive, limiting the ability to understand and respond to security risks.

Megazone Cloud proposed WIZ CNAPP to integrate fragmented security solutions including CSPM, KSPM, DSPM, CIEM, CWPP, SBOM, and IaC SAST into a single platform, accurately discovering hidden attack paths and security blind spots to drive multi-cloud security innovation. 

2. Challenges (Problem Definition)

1. Due to fragmented security solutions, the entire attack path was not visible, creating a risk that a single vulnerability could impact large-scale services.

2. Hidden resource relationships and propagation paths were invisible, resulting in actual critical security blind spots.

3. Agent-based operational burden and running multiple solutions in parallel slowed actual threat response speed and increased operational risk.

4. Security could not keep pace with multi-cloud expansion speed, increasing the risk of compliance failure.

3. Solutions (Resolution Approach)

1. Established an attack path-based threat analysis system by connecting millions of resources through a single integrated security view.

Integrated dispersed information into a single map with Wiz CNAPP and automatically analyzed hidden relationships and propagation paths among numerous resources, enabling at-a-glance identification of actual risk factors (Attack Paths) across the entire large-scale airline service.

2. Reduced compliance risk by detecting all cloud configuration errors in real-time with agentless CSPM.

Continuously scanned multi-cloud environments without agent installation, immediately detected Misconfiguration, and provided automatic guidance to keep enterprise security policies and compliance standards always up-to-date.

3. Proactively eliminated operational downtime risk by automatically diagnosing configuration vulnerabilities in K8s and container environments.

Scanned Kubernetes clusters and container configurations against security standards (CIS) using KSPM functionality to early block configuration errors that could impact operational services.

4. Reduced data breach potential by automatically identifying sensitive data exposure and permission paths.

Automatically classified sensitive information (PII, payment, customer data) in storage/DB through DSPM and detected excessive permissions through CIEM to structurally reduce data exposure and insider permission misuse potential.

5. Strengthened IaC security at the development stage to fundamentally prevent the risk of 「vulnerable infrastructure being deployed to production」.

Scanned incorrect configurations in Terraform and CloudFormation code at the Shift-Left stage to automatically block vulnerable infrastructure from entering the production environment.

6. Created a foundation for immediate response to service spread risk by integrating workload vulnerability and malware management.

Automatically scanned vulnerabilities across OS, applications, and container images and detected malicious files to proactively block service spread potential.

4. Results (Achievements)

• Threat response speed improved dramatically, eliminating the problem of missing potential threats because they were 「invisible」.

• Operational burden of managing fragmented solutions disappeared, significantly improving security team operational efficiency.

• Security blind spots in resources, permissions, and data were eliminated, systematically reducing security risks.

• Established a foundation to reliably meet the high compliance standards required by global airlines.