Miro Case Study

Scaling security for Miro’s billions of API requests

Miro is the online visual collaboration platform that enables distributed teams to work effectively together, from running brainstorming sessions and workshops to planning projects, from designing new products and services to facilitating agile ceremonies. Thousands of companies and millions of users rely on Miro for collaboration in the new work-from-home world. Obsession about customer experience and responsiveness makes Miro rely on modern protocols like WebSocket.

• ‍1000+ employees
• HQ: San Francisco, CA
• 20M+ users worldwide & accelerating
• 95% of the Fortune 500 are existing customers

‍
Why was the search for an API security vendor initiated?

The security of Miro user data is the highest priority. To increase the level of security and provide real time protection from emerging API threats, it was decided to bring API Security on the table. The requirement was to introduce threat prevention for the whole API portfolio.

‍
3 benefits of deploying 
Wallarm API Security

• Wallarm helps to monitor an interest from malicious actors to Miro’s APIs and alertSecOps team when required.
• Wallarm blocks malicious requests to the WebSocket and gRPC APIs in real-time, with no manual involvement of SecOps team.
• API-specific dashboard, smart triggers and integrations with DevSecOps toolchain allowed to automated incident response.

‍

"The major requirements are the ability to auto-scale to support billions of requests per month and the ability to support new tech stacks, gRPC and graphQL protocols, and new attacks. While doing these we wanted to have near real-time visibility into what’s happening and how we can detect, analyzeand defend application attacks against Miro." – Roman Bulbenko, Head of ApplicationSecurity at Miro
‍

‍

Miro’s technical 
infrastructure details

Miro infrastructure is hosted within AWS. A lot of different technical stacks and applications are used behind the scenes including REST APIs, WebSocket, and others. Miro application works in real time to provide collaboration. All applications and infrastructure need to support that scale, stability and security.

• AWS Infrastructure
• Online whiteboard for distributed teams – latency is important
• Provide beyond normal attacks coverage, visibility and ability to fine tune the WAF based on our application traffic
  
  
  

‍