Back

Industry: Travel

VroomVroomVroom is family-owned and operated, and is one of the largest car rental online travel agencies in the Southern Hemisphere. In working to deliver each and every day the best prices and availability to customers, VroomVroomVroom facilitates hundreds of thousands of rental car bookings per year with internationally respected suppliers including Avis, Budget, Enterprise, Europcar, Hertz, Sixt and Thrifty.

Challenge

Managing an environment that evolved organically over time left a significant trail of legacy assets and operational noise.  

  • Accumulated technical debt & blindspots: Years of organic cloud growth left forgotten, old resources hanging around since the AWS account's inception, creating unmapped exposure.  
  • High operational noise for lean teams: The team lacked consolidated visibility to easily distinguish between a critical, exploitable threat and lower-priority issues.  
  • Volatile supply chain risks: High-severity CVEs are appearing faster than ever, and patches themselves have become a risk vector. Without environment-specific context, updating blindly introduces fresh deployment risks.

"We've got stuff that's been hanging around since the AWS account first started. We hadn't really got on top of it, but I feel like we're getting somewhere" - Hieu Vu, Head of Product Strategy & Security

Solution

Vroom Vroom Vroom took a highly methodical, batch-driven approach to adopt Plerion across their workflows

  • Targeted recommendation lists: Plerion aggregates and priorities specific, clear recommendations, giving the engineering team a concrete roadmap of assets to target and clean up.  
  • PR-Workflow code security: Integrated Plerion’s code security scanning directly into the team's pull request (PR) workflow. This flags security issues on every PR, giving developers immediate feedback at the point of change before deployment.  
  • Contextual exploitability analysis: Plerion contextualies vulnerability severity against the team’s live environment, helping them realistically decide which high-severity CVEs warrant immediate action and which can be safely deferred.  
  • Granular cost & scanning controls: Adopts CWPP scanning interval controls to actively reduce cloud spend on non-production environment.

Key benefits

  • Successful operational clean-up: Enabled the team to easily identify and delete old, neglected Lambda functions and API Gateways left behind from historical testing environments.  
  • Realistic risk prioritisation: Allowed the team to intelligently isolate assets behind a VPN. By shifting non-public assets behind network barriers, Plerion appropriately lowers their risk priority so the team can focus purely on public-facing exposure first.  
  • Sustainable development Velocity: Instead of dumping an automated mountain of tickets on developers, the team triages findings in small, manual batches to maintain continuous delivery sprint velocity.  
  • Strategic asset rationalisation: Turned cloud security from a terrifying "one-time project" into a sustainable, ongoing dev habit of archiving unused code and shrinking the attack surface.

"Moving assets behind a VPN lowers their risk priority, so we can focus on the public-facing stuff first. It's not avoiding the problem, it's being realistic about where the actual risk sits" - Hieu

Results

"Moving assets behind a VPN lowers their risk priority, so we can focus on the public-facing stuff first. It's not avoiding the problem, it's being realistic about where the actual risk sits" - Hieu

With Plerion bridging code-to-cloud visibility, Vroom Vroom Vroom is continuously optimiing how they catch developer mistakes and cloud misconfigurations early. Tooling recommendations will continue to act as a core mechanism for identifying exactly when the team needs to step back, re-evaluate architectural debt, and scale securely without adding team overhead.

Want to see it live? Book a demo and see what it’s like to have real help.

Vroom Vroom Vroom
Blog

Learn cloud security with our research blog

X
Stay ahead in cloud security
Sign up for the Plerion newsletter and get:
🔸Expert strategies for securing your cloud
🔸Invitations to exclusive events and workshops
🔸Updates on Plerion’s latest features
🔸Early access to cloud security research
Check - Elements Webflow Library - BRIX Templates
Thanks for joining our newsletter.
Oops! Something went wrong while submitting the form.