# Miro Case Study - Wallarm
> Canonical: https://www.wallarm.com/resources/miro-case-study
> Source: https://www.wallarm.com/resources/miro-case-study
> Schema: https://wallarm.mdai.build/resources/miro-case-study.json
> Generated: 2026-06-27T08:28:01.673Z
[

](/)

  
‍

![](https://cdn.prod.website-files.com/6a020fca21245d64af2c19db/6a020fca21245d64af2c27fc_close.svg)

  
‍

![](https://cdn.prod.website-files.com/6a020fca21245d64af2c19db/6a020fca21245d64af2c27fc_close.svg)

[Wallarm](/)

/

[Resources](/resources)

/

[Miro Case Study](https://hubspot.wallarm.com/hubfs/Miro%20Wallarm%20Case%20Study.pdf)

Case study

# Miro Case Study

When 20 million users, including 95% of the Fortune 500, depend on your platform for real-time collaboration, latency isn't just an inconvenience. It's a deal-breaker. Miro needed security that could handle billions of API requests per month without slowing anything down, while covering modern protocols like WebSocket and gRPC that most WAFs ignore entirely. This case study shows how they got there.  

[Get the case study](#)

**Thanks for filling out the form!**

The resource link will open in the new tab. If its not, please follow [this link](#)

![Miro Case Study](https://cdn.prod.website-files.com/6a020fca21245d64af2c19d8/6a020fca21245d64af2c44e5_Miro%20Case%20Study%20thumbnail.jpeg)

Trusted By

## The world's most demanding teams run on Wallarm.

![Panasonic Logo](https://cdn.prod.website-files.com/6a020fca21245d64af2c19db/6a020fca21245d64af2c268d_logo-panasonic.svg)

![Victoria's Secret Logo](https://cdn.prod.website-files.com/6a020fca21245d64af2c19db/6a020fca21245d64af2c2692_logo-victorias-secret.svg)

![Miro Logo](https://cdn.prod.website-files.com/6a020fca21245d64af2c19db/6a020fca21245d64af2c2664_logo-miro.svg)

![](https://cdn.prod.website-files.com/6a020fca21245d64af2c19db/6a020fca21245d64af2c2c41_Samsung_wordmark%20\(1\)%201.svg)

![Dropbox Logo](https://cdn.prod.website-files.com/6a020fca21245d64af2c19db/6a020fca21245d64af2c2665_logo-dropbox.svg)

![Rappi Logo](https://cdn.prod.website-files.com/6a020fca21245d64af2c19db/6a020fca21245d64af2c268b_logo-rappi.svg)

![Revenera logo](https://cdn.prod.website-files.com/6a020fca21245d64af2c19db/6a020fca21245d64af2c2854_Group%201867.svg)

![Wargaming Logo](https://cdn.prod.website-files.com/6a020fca21245d64af2c19db/6a020fca21245d64af2c2666_logo-wargaming.svg)

![Semrush Logo](https://cdn.prod.website-files.com/6a020fca21245d64af2c19db/6a020fca21245d64af2c2663_logo-semrush.svg)

![UZ LEUVEN Logo](https://cdn.prod.website-files.com/6a020fca21245d64af2c19db/6a020fca21245d64af2c2662_logo-us-leuven.svg)

[Learn More About Wallarm's Customers](/resources?tab=case-studies)

#### Scaling security for Miro’s billions of API requests

Miro is the online visual collaboration platform that enables distributed teams to work effectively together, from running brainstorming sessions and workshops to planning projects, from designing new products and services to facilitating agile ceremonies. Thousands of companies and millions of users rely on Miro for collaboration in the new work-from-home world. Obsession about customer experience and responsiveness makes Miro rely on modern protocols like WebSocket.

-   ‍**1000+ employees**
-   **HQ: San Francisco, CA**
-   **20M+ users** worldwide & accelerating
-   **95% of the Fortune 500** are existing customers

#### ‍  
Why was the search for an API security vendor initiated?

The security of Miro user data is the highest priority. To increase the level of security and provide real time protection from emerging API threats, it was decided to bring API Security on the table. The requirement was to introduce threat prevention for the whole API portfolio.

#### ‍  
3 benefits of deploying 
Wallarm API Security

-   Wallarm helps to monitor an interest from malicious actors to Miro’s APIs and alertSecOps team when required.
-   Wallarm blocks malicious requests to the WebSocket and gRPC APIs in real-time, with no manual involvement of SecOps team.
-   API-specific dashboard, smart triggers and integrations with DevSecOps toolchain allowed to automated incident response.

‍

>   
> "The major requirements are the ability to auto-scale to support billions of requests per month and the ability to support new tech stacks, gRPC and graphQL protocols, and new attacks. While doing these we wanted to have near real-time visibility into what’s happening and how we can detect, analyzeand defend application attacks against Miro." – **Roman Bulbenko,** Head of ApplicationSecurity at Miro  
> ‍

‍

#### Miro’s technical 
infrastructure details

Miro infrastructure is hosted within AWS. A lot of different technical stacks and applications are used behind the scenes including [REST APIs](https://www.wallarm.com/what/differences-soap-vs-rest#what_is_rest_), [WebSocket](https://www.wallarm.com/what/a-simple-explanation-of-what-a-websocket-is), and others. Miro application works in real time to provide collaboration. All applications and infrastructure need to support that scale, stability and security.

-   AWS Infrastructure
-   Online whiteboard for distributed teams – latency is important
-   Provide beyond normal attacks coverage, visibility and ability to fine tune the WAF based on our application traffic  
      
      
    

‍

![](https://cdn.prod.website-files.com/6a020fca21245d64af2c19d8/6a020fca21245d64af2c44e5_Miro%20Case%20Study%20thumbnail.jpeg)

## Ready to protect your APIs?

Wallarm helps you develop fast and stay secure.

[Get a demo](/request-demo)