Wiz offers cloud security management with key capabilities in visibility, risk prioritization, and comprehensive analysis. It supports multi-cloud environments, ensuring robust integration and streamlining security tasks effectively.
| Product | Mindshare (%) |
|---|---|
| Wiz | 13.1% |
| Prisma Cloud by Palo Alto Networks | 10.7% |
| Microsoft Defender for Cloud | 7.8% |
| Other | 68.4% |
| Type | Title | Date | |
|---|---|---|---|
| Category | Cloud-Native Application Protection Platforms (CNAPP) | Jun 23, 2026 | Download |
| Product | Reviews, tips, and advice from real users | Jun 23, 2026 | Download |
| Comparison | Wiz vs Prisma Cloud by Palo Alto Networks | Jun 23, 2026 | Download |
| Comparison | Wiz vs SentinelOne Singularity Cloud Security | Jun 23, 2026 | Download |
| Comparison | Wiz vs Microsoft Defender for Cloud | Jun 23, 2026 | Download |
| Title | Rating | Mindshare | Recommending | |
|---|---|---|---|---|
| Cloudflare | 4.3 | N/A | 96% | 79 interviewsAdd to research |
| SentinelOne Singularity Cloud Security | 4.4 | 6.4% | 99% | 129 interviewsAdd to research |
| Company Size | Count |
|---|---|
| Small Business | 7 |
| Midsize Enterprise | 10 |
| Large Enterprise | 27 |
| Company Size | Count |
|---|---|
| Small Business | 1200 |
| Midsize Enterprise | 684 |
| Large Enterprise | 2600 |
Known for its advanced features like CSPM module, Security Graph, and Threat Intelligence, Wiz enables cloud integration while minimizing false positives. Its agentless deployment and high-risk analysis granularity improve operational efficiency. Users note desires for better reporting, more security features, enhanced integration, notably for APIs and cloud services like Kubernetes. Challenges include dashboard customization limits, remediation automation, scanning frequency, and cost concerns, particularly in Brazil. Users adopt Wiz for tasks including cloud security posture management, vulnerability identification, automated security measures, and integrating security tools, effectively managing security in AWS, Azure, and GCP.
What are the key features of Wiz?
What benefits should users expect?
Companies in industries with complex cloud architectures, like finance and healthcare, leverage Wiz for its multi-cloud support, managing risks and compliance efficiently. Its integration with container technologies aids sectors reliant on Kubernetes. Retailers benefit from visibility into misconfigurations, ensuring robust customer data protection.
Wiz is the fastest growing software company ever - $100M ARR in 18 months: Wiz becomes the fastest-growing software company ever | Wiz Blog
Discover why companies, including Salesforce, Morgan Stanley, Fox, and Bridgewater choose Wiz as their cloud security partner. Read their success stories here: Customers | Wiz
| Author info | Rating | Review Summary |
|---|---|---|
| CISO at a computer software company with 1,001-5,000 employees | 4.5 | Wiz effectively reveals our cloud security posture, intelligently filtering issues and replacing other tools. Despite minor stability glitches, I found the support excellent, and it quickly surfaced significant cost savings, making me rate it highly. |
| Senior Program Manager, Security at Eventbrite | 4.5 | I value Wiz as a unified cloud security platform that significantly reduces risk and alert fatigue. It offers great visibility and support, though I hope for better code scanning, IAM, and reduced false positives in runtime detection. |
| Manager at a manufacturing company with 10,001+ employees | 4.0 | I find Wiz exceptional for cloud visibility, especially its security graph, which significantly reduces alert fatigue and prioritizes risks effectively. It offers automated compliance and multi-cloud management, saving substantial time and cost. While graphs load slowly, its robust features and support are commendable. |
| Senior Engineer at a insurance company with 10,001+ employees | 4.0 | I use Wiz for robust security scanning in my pipeline and locally, preventing vulnerabilities and improving compliance. It's stable, integrates well, and helps build client trust, though suggested fixes could be more accurate and AI-enhanced. |
| Principal Engineer at Aviatrix | 4.5 | I find Wiz invaluable for significantly reducing alert fatigue by grouping critical issues and consolidating multi-cloud security tools. It offers clear insights and easy setup, though I desire more automation to minimize human effort and accelerate response. |
| E VP And Chief Information Security Officer at Rate | 4.5 | I value Wiz as an excellent multi-cloud CSPM, robustly detecting vulnerabilities and misconfigurations. It helped me consolidate tools, is agentless, easy to deploy, stable, and scalable with great support. Despite a weaker ServiceNow integration, its low maintenance makes it worthwhile. |
| Senior Cloud Infrastructure Engineer at Self-Employed | 4.5 | I found Wiz excellent for AWS security monitoring, praising its easy setup, user-friendly interface, and compliance benefits. It was stable and scalable. My main issue was the expensive, automatically increasing license cost, despite good post-purchase support. |
| Senior Engineering Manager, Data & AI at Omnissa | 4.0 | I find Wiz excellent for consolidating security and inventory tools, effectively reducing alert fatigue and identifying critical threats in AWS. While highly recommended, I'd appreciate autonomous low-alert handling and deeper API security visibility. |
| Technical Specialist at Zensar Technologies | 4.5 | I found Wiz a comprehensive CNAPP solution, covering the entire SDLC, including AI security. It consolidates findings, provides crucial cloud/hybrid visibility, and is stable and scalable. Despite some remediation challenges, I rate it 9/10. |
| Platform Lead Commercial Integration Systems at a wholesaler/distributor with 5,001-10,000 employees | 4.0 | I appreciate Wiz for its broad project scope access and helpful AI features in container and code scans. While stable and scalable, I wish its AI could proactively warn about recurring vulnerabilities. |
We are delighted to have Wiz Cloud revealing our cloud security posture across our development, QA and production systems for both Azure and AWS. We share access to the results widely with our technical staff. It's great that Wiz permits unlimited user accounts. Our professional services and support can use Wiz to demonstrate to individual customers the security posture of the systems we are hosting for them.
Mika, the built-in AI, is easy to use. The query creation is intuitive.
The attack surface findings initially revealed numerous vulnerable systems. Upon investigation we learned that 100% of them were stale DNS entries. We deleted those but this gave us confidence that our security posture is better than the general industry. If we were to have a vulnerable system, we're confident that Wiz will quickly surface the finding.
To someone who is looking at buying Wiz but concerned they already have too many products that give them a lot of alerts, the overview dashboard does a great job of raising the issues that matter. It intelligently filters the signal from the noise. Interns on our team were immediately as productive with Wiz as experienced security experts.
Wiz allowed us to cancel two other tools with noticeably superior results.
Our Technical Account Manager set up weekly meetings, but we have switched it to monthly. We dove into self-training with Wiz Academy so there wasn't much value for us in the meetings. Anytime we need something, we open a support ticket and they are responsive.
We acquired Wiz Cloud in September, 4 months ago.
As for stability, we have seen some issues where our results changed radically from one day to the next, but we had not made radical changes, so we opened a case with support. It didn't cause us any downtime.
Scalability is not an issue for us because we have a constant load. It quickly took on our substantially large workload.
I have contacted Wiz technical support frequently.
The support is excellent. We contact via an in-application portal. We can see the support cases we personally open, and also the cases that other people have opened from our company. I appreciate that feature. Generally, support gets back to us within a few days with a good answer. There was one fellow in particular who has been knocking it out of the park. He is a great support person to deal with. We are happy with the support experience.
If I were to put Wiz support on a scale from one to ten, I would give them a ten.
Positive
Wiz distinguished itself immediately in the PoC, surfacing important issues that were entirely missed by both the products we were already using and other CNAPP's that we tested. We dropped both products.
For configuration management we had been using another product that we were happy with that was much cheaper, but it did not do any of the other things Wiz does. We also had what was formerly a leading CNAPP that was priced similar to Wiz, but the support and upgrades declined rapidly. In head to head comparison Wiz stood out as the superior solution.
The initial deployment of Wiz was super easy. It only took a few hours, so we were getting results the next day. There are still a few minor settings that Wiz scripts don't handle so we have to manually apply and then we will be fully deployed.
The deployment of Wiz is spread across different teams with different areas of responsibility on AWS and Azure.
Quickly identified around $40K in unneeded annual expenses that we were able to drop.
Wiz is expensive, but it offers good value for the money.
I feel confident that we are learning of the issues that matter. I rate Wiz nine out of ten.
Positive
I use Wiz for visibility, cloud visibility, and inventory. We will be using it for prioritizing toxic combinations like risk analysis or vulnerability management and compliance and governments.
The best features in Wiz are visibility and the security graph, which is one of the main core components of Wiz. Instead of flat results, Wiz builds a digital twin of your entire cloud environment such as AWS and Azure. A site scanning option is also available. One of the main features is automated compliance mapping in Wiz.
As a security analyst, I would say automated compliance mapping is one of the important features because many companies do not actually know everything they have running in the cloud. Wiz provides a single pane of glass to see shadow IT, discovering any forgotten database or server created by developers during unmonitored periods. Multi-cloud management allows seeing assets across different providers, such as AWS and Azure, and maintaining a real-time list of virtual machines, serverless functions, buckets, and containers.
Wiz is a full-scale cloud detection and response platform. Agentless scanning is taking a high-resolution photo of your house once an hour to check for unlocked windows. Runtime is having a motion-activated security camera or a guard on site for twenty-four seven. Unlike other traditional agents that slow down servers, Wiz uses extended Berkeley Packet Filter, which is one of the major key features. It is incredibly lightweight and provides deep visibility into containers and Kubernetes nodes, where agentless snapshots might miss live execution details compared to the previous tool I have worked with.
The security graph takes you to zero through the toxic combination filter, which is the fastest way to clear the queue by focusing on the security graph and its logic with a high CVSS score, vulnerability that is exposed and has server identity that can reach sensitive data. Resolving those specific combinations first means that once the path is broken, for example by closing a port or stripping a permission, the issue moves to zero. To automate that remediation and keep the queue at zero, you cannot rely on manual clicks, so you can set up automation rules that automatically resolve critical issues in Jira or ServiceNow. Serverless cleanup will trigger a Lambda function to automatically remove any permissive IAM role and quarantine any suspicious container the moment Wiz detects it.
Wiz reduces alert fatigue. Unlike traditional scanners, Wiz uses a security graph to filter out the noise. Time to value is achieved through agentless deployment. Wiz connects via API rather than requiring software installation on every server. It provides one hundred percent visibility in minutes, which is one of the key benefits.
For time saving, I have reduced around forty to fifty percent time reduction in investigation by using the Security Graph to show exactly how an attacker could reach a database. That almost saves seventy percent of my time. Instead of manually tracking, which would take much time, it saves overall around forty to fifty percent. The alert volume will decrease almost eighty to ninety percent. SLA issues are also addressed. While using this, I do not have to be afraid of facing any SLA issues since it will reduce almost all the backlogs, ensuring all the critical vulnerabilities are fixed within their required policy window. For cost saving, replacing several point solutions with one platform is absolutely cost saving compared to many other products in the market.
Everything Wiz has in place is good enough to analyze things.
Nothing has to be added in the future.
The alert fatigue zero issues and priority-based consolidation security graph and anything that has in it easily make it rate eight, including its customer service and support team service. Two percent would be that the loading time is taking a bit longer while loading the graph, and while navigating to other links, that is also taking some time. That is why I am giving it an eight instead of a ten.
I have been working with Wiz for almost five years.
I have not faced any stability issues during my use of Wiz.
I have not experienced any scalability issues.
The customer support in Wiz is really good. They are super quick to answer the queries that I am facing or any kind of issues that I am facing. They are responsive over time. The onboarding was easy and smooth.
The support team is really helpful, and whenever I raise any kind of ticket about issues I am facing, they will immediately respond to it.
Positive
It was easy while onboarding Wiz.
Wiz was purchased from the same marketplace. I did not buy it from a different place.
Wiz is absolutely cost-effective.
The setup cost is somewhere around twenty-four thousand dollars based on your organization's size.
Wiz does consolidate the issue and the priorities and the containers. I would recommend Wiz because of its time-saving ability. You can almost see what are the criticalities that are there and the consolidation feature that is also there in Wiz. Majorly, the security graph will give you a deep information to analyze things in a much better way.
Traditional scanners and other tools do not treat every vulnerability as a priority. Wiz has the security graph to filter out the noise and by only surfacing toxic combinations, security teams can stop chasing thousands of low-risk patches and focus on the few that actually matter. It allows a small security team to manage a massive complex cloud environment without hiring dozens of additional users to look into it.
For any organization who want to think of moving to Wiz, the Security Graph feature is amazing and awesome. It will give you deeper information than any other tools does. That is the main thing to consider. Overall, I rate this product an eight.
My main use case for Wiz is in my report, where I use it when we push any code changes on GitHub. The DevOps team sets one pipeline that includes Wiz scanning. When we push any changes, if there are any vulnerabilities or security issues related to the code, Wiz raises a vulnerability that stops the pipeline execution and prevents deploying any changes. When we need to deploy, we fix those changes first and then proceed to deploy.
Wiz fits into our workflow as a very good tool, which I can affirm because of the many levels of scans they offer. As developers, we focus on completing tasks and may overlook security aspects, but we have a Wiz plugin in VS Code and IntelliJ IDEA. We run scans locally to fix any issues before pushing code to GitHub, ensuring that we resolve potential problems upfront.
Wiz is deployed in my organization through a private cloud setup, and as a developer, I use it with integration provided by the Infosec and DevOps teams during code changes and deployment processes.
The best features Wiz offers include its comprehensive scanning capabilities, which are essential for my work.
In addition to the good features, Wiz scanning is integrated into our repo. The DevOps team added that functionality, and the reporting aspect alerts us via email when vulnerabilities are raised, indicating deployment failures due to those issues. We receive timely notifications after deployment failures and have good integration with our DevOps team and pipelines, along with a user-friendly interface that provides details and hints for fixing vulnerabilities.
Wiz positively impacts my organization, especially since we are in the insurance sector where data security is paramount. Cybercriminals and cyberattacks are constant threats; thus, Wiz's scanning helps ensure we do not expose vulnerabilities, enhancing my organization's security and trust with clients.
Regarding specific outcomes or metrics, compliance has notably improved in my organization. With the Wiz plugin at the local level, we identify vulnerabilities before pushing changes, allowing us to fix them ahead of time. While I cannot claim faster development cycles outright, I can say that Wiz helps mitigate issues that might arise post-deployment, reducing pressure and ensuring security upfront.
While Wiz provides excellent data and reports, sometimes the suggested fixes for vulnerabilities are not always accurate based on our code compatibility. For example, if Wiz recommends upgrading from log4j to log8j but our code only supports log6j, this can lead to issues. Additionally, I suggest incorporating AI to provide real-time hints for fixing vulnerabilities during scans, as this would enhance usability significantly.
Regarding needed improvements in Wiz, the integration and usability are quite effective, though adding AI-driven features could significantly assist developers in addressing vulnerabilities more efficiently, thereby improving deployment times and adherence to deadlines.
I have been using Wiz from last two years.
Wiz is stable and scalable, with no downtimes experienced during changes, ensuring that any vulnerabilities found are addressed without affecting my workflow.
Customer support from Wiz is quite good. While I have not directly engaged with them, our Infosec and DevOps teams liaise with Wiz and receive prompt responses, indicating a positive experience overall.
I am unsure about post-sales support services and whether my organization utilizes them. We typically raise tickets through the DevOps team, which handles communication with Wiz, and I find that process works well.
I am not certain about other solutions evaluated before Wiz, but we also use Snyk alongside Wiz. Both tools have their strengths, but I find Wiz to be more advantageous due to its detailed summaries and team support.
I have seen a return on investment with significant effort reduction, as Wiz vulnerabilities allow us to detect risks before cyberattacks can occur, building trust with my clients because we prevent sensitive data exposure.
I do not have detailed information about pricing, setup costs, or licensing as I am just a user. However, I have heard the setup cost is low and that we subscribe on a yearly basis.
Wiz reduces alert fatigue within my organization effectively, as we perform local scans before pushing changes to GitHub, which minimizes issues at the production level and alleviates the stress of resolving errors late in the deployment process.
Wiz runtime sensor effectively helps in identifying active threats, allowing us to recognize and address serious issues at the development and local levels before they reach production, thus ensuring security and reliability.
The cloud security democratization aspect of Wiz is significant, as it enhances my organization's security management by ensuring standards are upheld through local and repo-level scans, even though I do not manage cloud security directly.
My advice for others looking into using Wiz is that it is crucial for building trust with clients and securing products, as it addresses vulnerabilities effectively before production, thus helping prevent cyberattacks and enhancing organizational reputation.
My company only has a customer relationship with Wiz, and I do not have additional information regarding other business relationships they may have.
I rated this review 8.5 out of 10.
Wiz allows us to get a view into what's happening in our cloud environments, helping us see the gaps, how things are connected, and it aids in CVE monitoring, especially during incident response as we're able to look at what that environment or host might look like, how it connects, and how big of an issue this might be versus how small it could be, along with other indications gathered from Wiz's reporting that help us better understand what's happening and how it might have all started.
We have created a couple of custom dashboards and charts for Wiz to help keep track of specific environments. One example is when we were looking for certain types of activities; it allowed us to create a singular place to see the events in the subscriptions of interest that needed remediation, bringing it together quickly, allowing us to take action and track progress as things were fixed.
Zero Criticals is the dream for us; that's our goal, and we've made good progress, with Wiz allowing us to see everything together in an easy-to-understand way, giving us a path to have conversations with the business about what can be done from policy or user education standpoints to prevent recurring issues that need remediation, resulting in improved numbers and positively impacting our approach over time.
Wiz has enabled us to consolidate tools. Having multiple cloud providers presents challenges as each has its own versions of security products, leading to the problem of needing to monitor three different tools, which do different things. Wiz helps standardize alerting and responses while allowing us to fill in the gaps since many tools don't do CVE analysis and reporting, resulting in time savings and less effort in creating detections to fill those gaps.
Wiz helps us consolidate our alerting process. I am a strong advocate for avoiding alerts that do not add value to our environment. It's especially crucial to eliminate alerts that are single-instance or one-off occurrences. Instead, we need detections that tell a comprehensive story. Additionally, we require a way to drill down into these detections to understand them fully. Wiz has surpassed other tools across the multi-cloud landscape in alerting us to the issues that truly matter. It presents the information in a manner that allows us to address and remediate those issues effectively.
Wiz also includes excellent remediation steps within the detection, helping us understand what is happening. Our SOC team comprises individuals with varying levels of seniority and experience in the cloud, which can present challenges for skill development. Therefore, it is vital that we don’t just receive a barrage of noise in our SOC; we need information that clarifies what actually happened. Being able to communicate to the business how to resolve these issues is extremely important to us. Wiz has filled the gaps where other tools excelled in one or two areas but failed to provide a complete picture.
My favorite feature of Wiz is how it gathers information together; instead of generating a thousand independent signals, it rolls that up and shows you within that environment how all the different toxic combinations contribute to a critical alert, making it an issue worth responding to, unlike many other vendors or tools that show singular things which may appear small, but when looked at holistically, are actually part of a much bigger issue needing attention.
Wiz has significantly reduced alert fatigue in our organization. One of the key functions is that it groups together elements that can form toxic combinations. Instead of treating a policy violation and a critical CVE as separate issues that would generate two different alerts requiring two different tools, it consolidates them into a single event. This allows us to identify problems more effectively. For example, if I see a high or critical CVE alongside a policy misconfiguration tied to an account, I know I need to address both issues. This grouping enables us to take action rather than approaching it as a simple decision of whether or not to act on a single alert. Previously, I might see a policy issue and wonder if it’s significant enough to warrant attention. However, when these issues are combined, I can assess the full scope of what’s happening, allowing me to take appropriate action. I can also determine quickly whether something might be a false positive, preventing unnecessary investigations.With the critical issues we identify, we can confidently fix them and reach out to the right people without relying on a "hope" strategy or waiting for an hour of research to see if it turns into something actionable. Based on my experience with other tools, Wiz helps us bypass that frustrating process.
I believe they are on the right path. However, Wiz has a unique way of identifying issues. As part of its growth and maturity, I'm noticing that it is taking an approach where it not only detects problems but also provides solutions to fix them. This expansion into a more comprehensive ecosystem allows it to become a 360-degree product. Instead of just continuously pointing out findings and detections, it starts to integrate with existing solutions, reducing the cycle of repeated issues. We can learn from these mistakes, and ideally, they will only occur once, allowing us to address them effectively. I appreciate the continued growth in this partnership, as it aims to reduce the number of findings over time by tackling the root of the problem.
One significant area for improvement would be increasing automation. While they excel at identifying issues, we need assistance in minimizing the human hours required for tasks. Ideally, the process would become more automated, allowing us to quickly respond with steps such as: we found an issue, reached out, and fixed it immediately. In cybersecurity, if it takes several hours to address a concern and a human attacker is present, that delay can lead to severe consequences. We need more immediate measures in our response strategies.
I have been using Wiz for almost two years.
Regarding stability, I was pleasantly surprised by the performance of this SaaS provider. We haven't encountered any outages or issues with reports not running, finishing, or data being incomplete or inaccurate.
Scalability is great. We haven't faced any problems. There were no requirements like, “once you get to this point, you have to do this or that.” We were simply able to connect our accounts, and during our last round, our environment quadrupled in size. We didn’t have to make any adjustments or configuration changes; it just accommodated the growth. Even as some environments scaled back down, the service scaled back down with us, which has been a great benefit.
Regarding technical support, we haven't needed to contact them. All the questions and issues we encountered were addressed by our account team. It was very helpful not having to open a ticket and wait for assistance; our account team was knowledgeable about the tool and could provide immediate answers. This level of support was refreshing, as we didn’t have to deal with delays or uncertainty. Overall, we were very satisfied with the support we received.
For support, I would rate them a ten out of ten. They have great documentation and excellent support from the account team, which reduces how much you have to rely on technical support. I've dealt with other tools where the account team couldn't answer any questions, and the only option was to open a ticket and wait, sometimes for a day or two, for someone to respond. However, with this service, we received answers immediately and at the level we needed. Additionally, we received plenty of training and education without having to pay for expensive classes. So, I would definitely give them a ten in that area.
Positive
It was very easy to deploy. We were able to get everything set up quickly during a call with our Wiz account team. They walked us through the process, and once we connected the accounts, it was off and running. From that standpoint, it was great to easily tap into the different cloud providers. The experience was positive overall.
After the initial setup, the team also assisted us with health checks to ensure everything was functioning properly. They provided feedback and helped us make any necessary adjustments to permissions so that the tool would work effectively.
As for the setup time, we had a 30-minute call scheduled, and we managed to complete the setup within that timeframe. It mostly involved connecting the parent account and giving Wiz access to deploy the tool. After that, we were able to start viewing the results. So, in total, we spent about 10 to 15 minutes actually configuring it during that 30-minute window.
I’m familiar with their pricing. I believe it aligns well with what we typically see for security tools. It’s not unreasonable or outrageous. They have a great product that works effectively and fulfills its intended purpose. I don’t think there’s anyone else out there offering the same level, scale, or efficiency. While their pricing may be a bit on the premium side, it also enables users to consolidate tools, which can offset some of those costs.
A significant alternative out there is AWS GuardDuty. It operates within a single scope, analyzing your logs and identifying signals of potential issues. However, this can lead to high alert fatigue because it focuses on individual events. Instead of grouping and triaging alerts, it may send you multiple separate notifications for a single host or device performing several actions.
In addition, we've utilized scanners for Common Vulnerabilities and Exposures (CVEs) like Rapid7. This tool effectively scans for CVEs, but it requires thorough configuration, continuous monitoring of output, and the creation of reports to take necessary actions. This process is not on the same level as Wiz, which consolidates all of these tools into one platform.
We haven't used Wiz Runtime Sensor; we've seen demos and it looks really cool, but it's not something we have implemented.
I believe there isn't a perfect tool, but Wiz comes very close, continuously growing and expanding to add more value into its ecosystem, and I'm happy with it. I would rate Wiz a nine out of ten.
I have been using Wiz for approximately three years in my career. Our first use case is Cloud Security Posture Management. We needed that because we are a multi-cloud company. We have most of our infrastructure in AWS, but we also have some in Azure and some in GCP. So we needed a CSPM to cover all three environments.
The feature I appreciate most about Wiz as a CSPM is the vulnerability detection and misconfiguration identification. It helps us to ensure that we know if there are misconfigured cloud workloads and what those are, as well as if there are vulnerabilities. That is one of the key value adds for us.
What we have done is create a tool that is not just a security tool but is actually used by other teams. We have created dashboards for other teams, for product teams who are developing code. They can see their assets, or our cloud team or other teams that own different assets can view their own team's vulnerabilities and misconfigurations through per-team dashboards.
For us, the value add when considering Wiz is that I would rather consolidate under fewer tools to get to a platform. This allows for alerts, administration, and dashboards to all be under one platform, simplifying the environment. It makes operations easier and ultimately enhances our ability to use the platform more effectively.
Wiz allows us to consolidate tools, particularly in vulnerability management. We used to use a technology called Tenable to do our vulnerability scans, not just on-prem but in the cloud, and we replaced Tenable with Wiz's capabilities as well as the capabilities of an endpoint protection technology we use called CrowdStrike.
Regarding scalability, we have connected to all our cloud accounts and have never had any capacity or performance issues, so scalability really has not been a topic of conversation for us because we have never had any issues.
I have contacted customer support for Wiz. They are aware of our discussions about it. We have talked about it during our quarterly business reviews.
I have never seen any instability with Wiz, such as lagging, crashing, or downtime.
We have connected to all our cloud accounts and have never had any capacity or performance issues, so scalability really has not been a topic of conversation for us because we have never had any issues.
I have contacted customer support for Wiz. They are aware of our discussions about it. We have talked about it during our quarterly business reviews.
I am a few steps removed from the details about the support quality and speed, but my impression through the team and talking with the account team directly is that when we raise issues, they are addressed thoughtfully, professionally, and quickly. I do not think there have been any lingering support issues we have had. We have also surfaced feature requests or changes, and they have implemented those and rolled those out within a few weeks. Wiz does a good job of listening to the feedback of their customers and using that to help shape the platform.
Positive
I have not used any alternatives to Wiz. Wiz was our choice; although we evaluated different technologies when we were looking for a CSPM, we went with Wiz, so we went from nothing to Wiz.
The initial deployment of Wiz was easy from my point of view. Essentially, once we connected Wiz to our AWS account, all the data starts to flow in and telemetry on our cloud assets, any vulnerabilities, and misconfigurations. So the dashboards light up with red, yellow, and green indicators. After deciding to go with Wiz, our proof of concept ended up becoming our production implementation, and we just expanded Wiz to more accounts, then to Azure and GCP. So it was very easy.
I do not know exactly how long it took to fully deploy to a working condition because it has been so long ago, but I will say that getting the visibility was in a matter of weeks to connect the accounts, probably within a week. Then it was a few months to build some of the dashboards and operationalize what we were seeing.
Feature-wise, I cannot tell you that it is a bit expensive compared to its peers, but I do think the premium is worth it. One of the things that Wiz has done well is that there are no agents for the CSPM, at least from what we are doing. It is very easy to roll out, easy to configure, maintain, and generally it does what it says it does with few issues. We had more overhead and more issues with other competing CSPM platforms.
From the team standpoint, I do not think Wiz requires much maintenance on our end because it is all cloud-based and Wiz does a great job of providing almost weekly updates. The ongoing maintenance itself of Wiz is low. We do have integrations which require some care and feeding. We have an integration with ServiceNow, but Wiz's ServiceNow integration is not the best. I have been told there have been issues getting the data out of Wiz and plugged into ServiceNow effectively, so that has taken a little bit more attention.
We are working on achieving zero criticals in our issue queues with Wiz. It has helped us gain visibility into our critical issues, but we still have a few dozen left to work through. A lot of that actually has to do with some older infrastructure and workloads that applications use. So we have some application migrations in the works, but we have not quite got to the zero critical status.
I would rate this review as a 9 overall.
The product was implemented for AWS monitoring and cloud infrastructure monitoring. Our goal was to conduct security monitoring of cloud infrastructure. Wiz was the first product we selected, and we were not using any other product, so this was not a consolidation effort.
The installation and configuration process was straightforward, and the onboarding was smooth. The user interface of Wiz, including the graphics, dashboards, and overall design, is user-friendly. The customization capabilities are excellent, allowing us to tailor the tool based on our requirements.
When someone worked from another country and connected with an unusual IP address, the system provided us with a notification, which was valuable.
Wiz significantly helped with our compliance requirements. The tool makes it easy to generate compliance reports by selecting a specific compliance framework, and it creates the report automatically.
The product provides an overview of our entire company through dashboards, and access was not limited to our security team. We provided access to other departments and software developers, allowing them to monitor the dashboards as well. This broader accessibility made Wiz a valuable tool for our organization.
During the initial setup, obtaining support was not easy initially. When assistance was needed, response times were longer than desired. However, the documentation was comprehensive, so there were no major blocking challenges.
After purchasing the product, support quality improved significantly. As a paying customer with a license fee, we found that support was responsive and easy to reach.
From a technical perspective, Wiz is excellent, but the pricing is too expensive.
We experienced pressure to monitor license costs constantly because they increased automatically. There was no way to limit these increases, which was a significant stress point.
Wiz is very reliable. The services were stable, and we did not experience any downtime. During monitoring operations, we did not encounter any issues that required attention or fixes. From the first day of implementation, the product worked well and remained stable.
Wiz scales easily. The platform automatically scales itself, though this automatic scaling also increased our license costs, which required monitoring. The scalability happens in the background without requiring manual intervention.
After purchasing the product, support was satisfactory. As a paying customer with a license fee, we received good support and found it easy to reach out to the team. Overall, the support experience was satisfactory.
I used this product at my previous company but am no longer a customer.
The installation and configuration process was straightforward, and the onboarding was smooth.
During the initial setup, obtaining support was not easy initially. When assistance was needed, response times were longer than desired. However, the documentation was comprehensive, so there were no major blocking challenges. Overall, we did not experience any significant blocker challenges with Wiz.
We did not experience any security threats, but the monitoring of our infrastructure was valuable. We did not use any other solution, though it was reassuring to know that Wiz was operational and running.
We conducted proof-of-concept evaluations with different tools. Wiz was easy to onboard to our infrastructure. We did not want to spend excessive time on integrations and configurations during the initial phase. The process was straightforward, which was a key factor in our decision. Additionally, because we were using AWS infrastructure, Wiz could be purchased directly through the AWS Marketplace, which was another reason we selected it.
The setup process takes approximately fifteen to twenty minutes. If you are not using artificial intelligence, you may not need this capability. However, if you are using artificial intelligence in your portfolio, it is important.
Control is essential when using artificial intelligence because there are instances where you feel out of control. You do not know what is happening in the background, and artificial intelligence agents are working and performing tasks. When you have a security tool controlling everything, it is truly useful.
We used filters that Wiz provides while configuring alerts. You can avoid false positives, excessive noise, or alert spam by using these rules and alert configurations.
The company was a startup in its initial phase, and I was involved in choosing the technology tools stack from the beginning.
We did use the features available. Our goal was not to avoid using the product's capabilities. I would rate this review nine out of ten.
Positive
I mostly work with a lot of AI use cases and some data governance use cases where we are focusing on the data because data can reside anywhere in the cloud. It is not limited to some storage. We do have a variety of services where data can reside and it is very crucial to identify those sensitive data and label them. When data is exfiltrated from one resource to another resource, we have to make sure that the DLP policies are fulfilled or enforced.
I have found that Wiz covers all the stages of the software development life cycle. It covers application or code security, DevOps security, and runtime security. It is a full-fledged CNAPP solution. All the areas within the development and the deployment side are covered.
The impact of consolidation on my ability to prioritize critical risks in the cloud environment is all about the correlation and how the technology works at the back end. It picks the data from different sources and correlates and identifies the high-priority risk. It provides visibility, meaning the risk score about the resource where we need to focus on.
Wiz does reduce alert fatigue for our customers, but alert fatigue is the main concern for every organization. If you don't have the proper workflow for each incident, it also depends upon the implementation and the workflow that you have decided. Sometimes it is a very big concern and a big headache for the customer because it finds a lot of findings that could be false positives. We have to fine-tune those alerts as per the infrastructure design. Sometimes some findings could be false positives, so we have to assess all these findings and we have to make sure that all policies are relevant for the environment.
The second point is basically the remediation steps. Sometimes it creates a burden or headache for the customer because the remediation of those kinds of findings are difficult. It may need a dedicated team who can get involved and fix them. Ownership and accountability is the main concern. We have to collaborate with different teams and make them understand the impact of that finding. The workflow also depends upon whether automation should be there. Automation is not for all findings, but for where we can do some kind of alerts where we can do the automation. For example, with IAM, those guys having the extra privilege, we can decide the workflow and we can remediate. But somewhere the service is running, we cannot immediately remediate those findings because it involves a lot of impact. First, we have to analyze each alert and what kind of impact it could be, then based on that, we have to plan whether it will be manual or through automation.
Wiz is currently allowing us to consolidate everything, the findings, the visibility of your environment, and everything is there.
Wiz Code is also covering your secrets and your vulnerabilities inside the IAC. It also provides us the SCA, Software Composition Analysis, and also provides an SBOM report that helps developers to look at the security standpoint while creating or writing any code. There are a lot of other things it is providing, but these are the major things.
Regarding Wiz Defend, the runtime protection, we do have the agent or sensor on the endpoint where it can defend in real time. There are two approaches. Detection is the one capability and protection is the second capability. At some stage, it only provides us the visibility, and at some stage, it also defends the attack.
I find AI security posture management very important in cloud security strategy. Nowadays, every organization is using different kinds of models or enhancing their applications. While they are using the models or they are calling through APIs, maybe sometimes they are using models inside their environment, sometimes they are just buying the APIs for any third-party model. While we are buying any APIs for their application or to integrate the LLM model into their application, it is crucial that we should have the visibility. Whoever kind of prompts the end user is triggering and what kind of data in or out is happening. Such kind of sensitive information may be traversing inside our network. The visibility of these things should be there so that preventive control can be implemented.
I believe Wiz could be improved or enhanced by acknowledging that nowadays a lot of technology is coming. Every solution is now doing the integration at the backend. They are trying to cover more areas in terms of cybersecurity. Definitely, every solution is growing as per the market demand. We can see a couple of more things coming soon, and every technology or technology owner is working behind the scenes. The purpose is basically the baseline foundation. If you talk about the CIA triad, that should be covered properly and everyone is doing the same thing.
I would like Wiz to push backend integration more, but not that much because license and procurement happen through a different team.
I have been working with Wiz for the last three months, during which I deployed this Wiz solution for one of the clients.
The stability and reliability of Wiz are good. I don't feel any issues. It is good because whenever they are planning any activity, they generally inform us prior to implementation.
Regarding the scalability of Wiz, it is good. I don't see or feel any kind of issue on the scalability or the performance. Every solution is running behind most probably on the Kubernetes services, they are using multiple containers and the pods behind those services. In terms of scalability, I don't feel any issues. It totally depends upon the license, how much license you procured. Based on that you can onboard or you can consume those licenses. Even if you go beyond that, you don't see any kind of challenges. It is pretty much good, not limited to Wiz but for all solutions I'm talking about. They are providing 99.99 kind of SLA. I don't see and feel such kind of issues in the past.
I communicate with the technical support at some times when we feel that the technology is not working as expected. The outcome that we suppose is not getting as expected, so we generally raise a ticket with the provider. They assist as they regularly do.
I have found that Wiz covers all the stages of the software development life cycle. It covers your application or code security, also covers DevOps security, and also finally covers the runtime security. It is a full-fledged CNAPP solution. All the areas within the development and the deployment side are covered.
My impression of Wiz Runtime Sensor is quite good. Runtime, as I already mentioned, in the runtime sensor, we are basically deploying the sensor on the endpoint. It could be your EC2 instance, the virtual machine, container, and the Lambda function as well. It detects and blocks in real time and blocks the attack in real time. It is really convenient. Sometimes zero-day vulnerability is not possible in agentless scanning. When I say agentless scanning, we don't have a sensor on the device. But while we are putting the sensor, we have these kinds of visibility and it protects or helps us with zero-day attacks as well. That is really helpful for the organization.
On the ability side of Wiz regarding its ability to achieve zero criticals in its issue queues, there is no doubt. But it also depends upon the use case as well. We have a limited use case for the recent deployment, it is all about the deployment. But as a part of product maturity, we can leverage or we can explore more things.
While deploying any controls, there are a lot of prerequisites and readiness for that. We have to collaborate with different teams. It could be the network team, generally the network team, the cloud team, and the infrastructure team, where we have to explain the use case of that particular control, why we are putting it, and what is the requirement. Once we have a good understanding about the infrastructure and about the technologies, we generally deploy the solution phase-wise. In phase one, we just target one or two test environments where we can provide some ROI against those accounts and resources. Down the line, we are covering in phases, more accounts and resources. That is how the approach we are currently following, and generally every organization is doing the same thing.
Most of the customers prefer a hybrid environment, not limited to the on-prem or cloud. Everyone is using a hybrid environment nowadays. It could be Azure, AWS, and sometimes on-prem. But the capability that the solution is providing is very limited to the on-prem environment. They more focus on the cloud environment first and are limited to the endpoint protection if I talk about the runtime monitoring. The rest of the things cover the cloud environment only, the identity and the access part.
To get the full potential of Wiz, it is good and good for the cloud environment and the hybrid cloud environment. Some part of it is covering the on-prem as well.
I would rate this product a 9 out of 10 based on its comprehensive coverage and capabilities.
I am a customer of Wiz, and we use Wiz for container scans, image scans, and code and build scans, with most of my use cases involving container and code and build scans.
What I appreciate most about Wiz is that it has access to all project scopes. For example, in an organization where I am part of a particular workstream, if I compare Wiz with other tools such as Snyk, I could only access my part of the organization, but in Wiz, the project scope lists all the areas of the projects. If I'm interested to know what's happening across data, finance, and warehouse, I can click and understand and review their vulnerabilities and trigger points. That's quite valuable.
The other thing I find useful is the information about policies. It has graph control which lists issues based on severity, risk, external attack surface, unprotected data, and remedies, and in some cases it highlights these. Recently, they added Mika AI, which is a cool feature. I can ask anything related to my work, and it responds based on certain trends, which is quite useful.
AI security is important to me because it helps. I have found one of their AI agents which is quite effective. It scans and provides trends of anomalies or vulnerabilities across various projects while supporting remedies as part of that. It is very important for me to assess what the AI suggests based on the scan it reviews across other projects. We review this before we hook our pipeline to see if we have vulnerabilities or anomalies in a particular area. We also try to prevent these rather than cure them, so we use the stats provided by AI to prevent anomalies or vulnerabilities from being detected and our security team having to chase us to fix them.
I'm not certain if Wiz allows me to consolidate tools because we link our integrations. When I say consolidate, I mean integrating with other third-party providers. We integrate with our integrations which are run via our build scan, so my experience is limited to our domain. I am not from security; I am a user of Wiz, and I try to use Wiz to ensure that the vulnerabilities it finds and scans can be actioned by our engineers. With respect to consolidation, I'm aware of what it does in my area. We only integrate our container and build scans with Wiz, and that works pretty well for us.
I think Wiz could be improved by identifying vulnerabilities occurring in a repeated pattern in the same estate. The AI capability should scan these and warn us based on historic data before moving or running a container scan. It should suggest somewhere on the dashboard that based on the last year, I've identified these vulnerabilities in a repeated fashion, so perhaps it's time to improve.
I have been using Wiz for the last two years, probably around close to a year, but then I moved out from that engagement. I still have access to Wiz, and my account is still active with Wiz. The last time that I had hands-on experience with Wiz was three months ago.
I find Wiz to be pretty stable, and I have not heard of it going down.
In terms of scalability, it is straightforward. During our busiest period, Black Friday, I have not heard of issues with Wiz struggling to cope with the volumes we handle.
I would rate the technical support of Wiz a seven, as it is fairly decent. I can't think of anything I am not happy about with the technical support since I have not been directly involved; it is our security team. I haven't heard them complaining much, and they were responsive to our queries when we started the engagement.
Before Wiz, I used Snyk for the same use cases. The decision to stop using Snyk and switch to Wiz was a central security decision, not mine. From what I understand, it may be related to Snyk becoming overly particular about the pricing models.
I participated in the initial setup of Wiz during a pilot conducted by our security team, where my team was chosen to run scans on some of our repos. This was around two years back. I found the initial setup of Wiz not entirely straightforward; there is a learning curve involved. I believe the Wiz team was pretty supportive during our adoption journey.
I am not certain if I utilized Wiz Defend in my security strategy as I haven't heard of it. There is a separate security team which adds the policies and the setup, and we are asked to run the respective pipeline so that all the container scans and build scans adhere to our security guidelines. It may be done as part of our security offering by the security team, which I am not aware of.
I am not certain what Wiz Runtime Sensor is or if it is part of the offering. I think it is available as part of the explorer, but I can't remember.
I can confirm that zero criticals in our issue queues is not possible; you will get critical vulnerabilities. What we have to assess is the level of security threat based on the score that is assigned. We do have critical vulnerabilities, but what Wiz does is help identify them, and wherever possible, provide a remedy or solution for them. We try to assess and review that periodically and try to reduce the severity of the vulnerability. In some cases, Wiz suggests certain actions which could probably downgrade the critical severity to medium or high.
Wiz has reduced alert fatigue in our area to some extent. It will identify a vulnerability, send an alert, and if there is a possible fix, if I give that command, then Wiz will try to do that by itself. I can't comment on the organization as a whole, but in the project that I have access to, I can see that for the last six months, Wiz has helped reduce alert fatigue by about twenty percent over a given time period.
Regarding the pricing of Wiz, that's a question for our security team; I don't know what tenant or at what level they have been using it. From what I understand, they are quite competitive and fairly price their offering. In an area where Wiz is helping us is in endpoint management, where their RED agent provides endpoints whenever incidents are raised. I believe they are pretty flexible on the pricing since they want to enhance their footprint globally.
I rate this review eight out of ten.
