Wiz Reviews

The solution provides visibility into our business integrations in the cloud environment. We have a multi-cloud environment, and the tool provides a visual representation of misconfigurations, including the risks associated with combinations of multiple misconfigurations. Additionally, we use the solution to track resources provisioned in the cloud for compliance with our organization's baseline controls. Wiz is deployed as a SaaS.

Wiz helped us reduce blind spots in our risk detection capabilities; the older tools we previously used did not offer the same level of visibility and capability. The solution can validate exposures, which we can then communicate to the application team, allowing the developers to configure their applications to be more secure.  

Our most important features are those around entitlement, external exposure, vulnerabilities, and container security.

The Wiz Security Graph provides a single prioritized view of risks in our cloud environments. The query functionality also helps us write custom queries and quick searches, allowing us to find vulnerabilities and prioritize externally exposed servers or resources. We can then use other tools to segregate outcomes and prioritize actions between teams based on the threats. 

Wiz's ability to scan every layer of our cloud environments without agents gives us profound visibility into the vulnerabilities. The scanner can search the ports and running services, detecting vulnerable packages in the server. The solution also helps in the storage of Cleartext credentials; it can see if files contain cloud or private keys, whereas an agent-based scanner cannot. This visibility allowed us to fast-track remediation by informing the relevant teams about their vulnerabilities. 

Having visibility into our risk detection with a contextual view for prioritizing potentially critical risks is essential. Our environment is segregated, so it's crucial to understand what will happen if a particular resource is exposed to the internet. We need some context in the back end, including whether it's a production, nonproduction, or development resource, and it's important to attach the misconfiguration risk order. 

One significant issue is that the searches are case-sensitive, so finding a misconfigured resource can become very challenging.

The second area for improvement concerns grouping resources into a set. It usually works fine but it depends on the tags configured to the cloud platform. We can group resources into the same project, but we also need the capability to run a check on, say, 15 or 20 resources by grouping them into a compliance set. That would be a welcome improvement.

We've been using the solution for over a year. 

The solution is relatively stable; over the past year or so, we faced two minor issues around logins, resulting in around an hour of downtime. 

The solution is highly scalable; as it's a SaaS, we don't have to manage any back-end infrastructure. We can onboard whatever we want and purchase the additional licensing if necessary.

The technical support is quick and easy; as we were onboarded as new customers, we had Wiz representatives available for hand-holding during the deployment. Post-deployment, we faced a few issues around integrations and always got a response within a couple of hours, so I rate the customer support nine out of ten.

We previously used a Prisma product and switched because the technology was not getting upgraded, among other issues. We also disagreed with Palo Alto's vision about where they wanted to take Prisma, and we submitted meditation reports, bug reports, and feature requests: none of which were addressed.

During our market research, we found Wiz to be superior in terms of ease of use, plus we were impressed by the company's commitment to features and functionality. We discussed changes with them during the demo period, and they had already been implemented by the time we went into the POC, which was one of the reasons we decided to go with them. 

We saw that Wiz offers better visibility and builds a view based on correlated resource configurations, so we decided it was a better solution for us. 

The deployment was straightforward, as was the initial integration; we didn't have to customize many settings. We did some customization based on our integration environment, but we knew what we were rolling out as we had already carried out a POC. We integrated and onboarded all our cloud environments within a week or so.

One staff member was responsible for tool management during deployment, and as we were integrating into different environments, one to two representatives from each were also involved. Regarding maintenance, we set the rules and do some fine-tuning, but no tool maintenance is required.  

We started seeing the value of Wiz within a couple of months following deployment, as it helped us rapidly gain visibility that we didn't have previously. The product allowed us to visualize which servers were exposed to the internet immediately, the associated package logs, and so on.

We implemented the solution in-house, with on-call support from Wiz.

I'm not involved in the pricing or licensing, so I can't speak to it.

We tested the capabilities of several cloud providers.

I rate the solution nine out of ten. 

We have yet to explore the product's newer features, but we will conduct that exploration and enrollment very soon.

We attempted to consolidate tools using Wiz, but we have yet to be able to due to our organizational level of adoption, not because of any limitation with the product. We have both cloud and on-prem areas in our environment, so if we were to consolidate tools in the cloud, we would also have to replicate that in our data center.

To someone looking into buying Wiz but concerned that they already have a bunch of products that give them many alerts, I recommend the product because it significantly helps with prioritization. Not every alert is critical, but when it comes to combinations of multiple misconfigurations, these can be, and the solution highlights them as such. You can then start fixing the configurations step by step. At the same time, Wiz reprioritizes the vulnerabilities, meaning you can always be focused on the most pressing concerns, regardless of the number of alerts received. 

Additionally, whether someone implements Wiz or not depends on their technology. If they already have a product that does scanning and vulnerability correlation, then a product focused on handling the number of alerts is a consideration. For those using older Cloud Security Posture Management (CSPM) tools, I recommend they switch to Wiz, but if they have a newer one and are determined to stick with it, the switch is a more complicated case to make.

We are primarily using Wiz for vulnerability scanning on our servers. If there is a vulnerability, we work on remediating it.

A valuable feature is that Wiz helps in identifying vulnerabilities. We can get information like remediation suggestions and links to understand vulnerabilities better. Additionally, we can download reports for all servers at the same time, which saves us the need to check each server individually.

In Wiz, if there is one vulnerability that occurs multiple times, it is listed only once. However, even if it is a single vulnerability in the same category, it repeats multiple times. This feature can be time-consuming as it requires continuous scrolling.

I have been using Wiz for one year.

Our team manager and the director have communicated with the vendor for support.

Neutral

There is another team responsible for the deployment part, so I did not work on that.

We also use Qualys.

We use both cloud and on-premises versions. I mainly work on the cloud side but we use on-premises as well. I would rate the overall solution an eight out of ten.

Hybrid Cloud

Other

I have worked in security for a while, but I'm new to the cloud security world, and Wiz helps me understand how to secure cloud environments like AWS and Azure on the backend. We have about 50 Wiz users, including four admins and the SOC team. About 10 members of the CloudOps team have access. 

Wiz's biggest benefit is visibility. My organization acquired a few other companies, and we didn't know what we had. With Wiz, we only needed to create a service account and add new accounts to gain visibility into how they are configured, what security holes they have, and how to fix their vulnerabilities.

Visibility into critical risks is essential to our security team's job. You need to know what's out there to protect the environment. Wiz helps us reduce blind spots in our remediation, and we're constantly working on that. Our cloud security team is relatively small, so we're still seeing several servers with vulnerabilities.

We're still refining our remediation process. Now, when we see a vulnerability, we open a ticket with CloudOps to remedy it. However, the company recently made some acquisitions, and the other organizations we bought have their own processes.

We've been able to consolidate a few tools. For example, we had another product that we were using to pull reports from AMIs, but we recently started doing that in Wiz, so we don't need it anymore.  It's easier to use one tool with a single pane of glass instead of logging into multiple tools to get some information, you can do it from the Wiz platform.

I like Wiz's reporting, and it's easy to do queries. For example, it's pretty simple to find out how many servers we have and the applications installed on each. I like Wiz's Security Graph because you can use it to see the whole organization even if you have multiple accounts. We can sort it by a specific account or see them all in one place. I can't imagine logging in to each AWS account every time I need to see something with it. It's making things much easier.

Given the level of visibility into all the cloud environments Wiz provides, it would be nice if they could integrate some kind of mechanism to better manage tenants on multiple platforms. For example, let's say that some servers don't have an application they need, such as an antivirus. Wiz could include an API or something to push those applications out to the servers. It would be great if you could remedy these issues directly from the Wiz platform. 

I have used Wiz for about a year.

I'm impressed with the stability. We've only had downtime from maintenance and updates, and they notify us in advance, so we aren't impacted. 

We haven't needed to scale anything. It's a SaaS solution, so everything happens in the background. I haven't noticed any issues. 

I've never contacted tech support directly, but I meet with our account managers weekly, and they help me when I have issues. They open the case for me and provide a solution. At the next meeting, they follow up with me, and it's usually resolved pretty fast.

We realized value immediately after implementing Wiz. 

I rate Wiz nine out of 10. Before implementing Wiz, you should have all the information about your cloud environment in hand. It's straightforward once you get started. The challenge is getting connected to the environment. It will be difficult if you don't have the keys to the environment. Make sure you have a list of all your tenants for AWS, Azure, GCP, etc., so you don't miss anything.

You're always going to have a lot of alerts in this business, but Wiz has the flexibility to tailor your controls to your company's specific needs. That will reduce the amount of alerts. 

When we first purchased Wiz in 2022, our goal was to identify vulnerabilities in our cloud environment, including misconfiguration and other issues. It was also useful in identifying inactive resources that we can terminate to save money.

It also helps us automate some minor tasks that we don't want to do manually, such as forwarding issues to the appropriate teams. Wiz has various workflows to route the vulnerabilities it discovers to the right teams. We integrated it with ServiceNow, enabling us to send ServiceNow incidents to the teams. We can also send Azure DevOps work items to developers.

Fast forward to 2026 and Wiz has exploded in capabilities, and we are now leveraging it for much more than just CSPM. Specifically, we now have it scanning our GitHub and ADO repos as well as integrating directly with GitHub and Terraform Cloud for gating mechanisms. Specifically, we can define what type of behavior (IaC misconfigurations, secrets exposure, vulnerabilities) is acceptable in our environment and prevent anyone from violating that behavior. I am hoping to begin also using Wiz for drift detection and prevention.

More recently, Wiz released a unified vulnerability management (UVM) solution following their acquisition of Dazz. While this is certainly a need of ours, and while I was able to POC this within Wiz and appreciated the insights it provided, we have already signed a contract with another vendor. This is something we would like to explore in the future as Wiz matures in this area. We have also begun using CrowdStrike's cloud workload protection rather than Wiz's. This is also an area we intend to explore in the future.

Wiz helps us reduce and manage our issues. Six months ago, we had no idea where we had problems in the cloud. We used another tool, but we still didn't know where most of the issues were. Wiz made it so easy to see from a high level. 

Before adding any projects, it showed us all the open issues we needed to fix. It started with the big ones because Wiz groups the issues by control. For example, you can see you have 100 issues under one control, so you start by trying to fix that. We can fix these 100 issues across all accounts by fixing one control.

Maybe we can put in some guardrails or prevent people from doing something problematic using CI/CD. Wiz helps us identify issues, prioritize them, and determine which ones should be resolved globally. 

If something can't be fixed at the highest level, Wiz can automatically send it to the appropriate teams. Wiz enabled us to define a structure for routing issues to people. We add a set of AWS accounts to a project and make them owners, so automation rules can be defined to send tickets to all project owners. That functionality helps us get the tool to operate.

Wiz is like a blind spot detector. You don't know what you don't know, so all I know now is what Wiz tells me. We don't leverage any native AWS features, so we rely solely on Wiz now. We're heavily in the cloud, but we still get our feet wet with it and ensure it's set up correctly. 

Wiz was the first tool we used to determine what we should look at and fix. We are notified when people do things they shouldn't, and employees are taking more responsibility for that. People are more conscious about what they put in their AWS accounts. 

Employees know they're being monitored and are responsible for it at the end of the day. Our InfoSec team will see it and ping them about it. They'll also see it when they get a ticket for the issue that they need to fix. It helps to create a secure-by-design mindset.

Addressing blind spots gives us peace of mind because we know that what we're doing makes sense. We can implement guardrails, understand why people continue to do things wrong and discover ways to prevent the problem from happening. It helps us develop best practices.

Wiz hasn't reduced the staff we need, but it has automated many tasks. It has built-in integration with other tools we can leverage by configuring automation rules. You don't need an external automation solution or a SOAR platform because you can do everything with Wiz's native tools. 

It allowed us to decommission a cloud security tool that wasn't working well. Besides that, we haven't consolidated much because we don't have many other cloud tools. I expect a tool like Wiz could replace a traditional vulnerability scanner, like Rapid7. I prefer it over something like that. However, there will always be a use case for a traditional on-prem vault scanner for desktops, firewalls, and other hardware that doesn't have agents on it. 

We still need an endpoint detection tool and a traditional vault scanner. But if we were using other cloud security tools like Divvy and Lacework, we could have consolidated both of them into this.

The automation rules are essential because we ultimately want to do less work and automate more. The dashboards are easy to read and visually pleasing. You can understand things quickly, which makes it easy for our other teams. The network and infrastructure teams don't know as much about security as we do, so it helps to have a tool that's accessible and nice to look at.  

It's easy to see what needs to be fixed, which is crucial for the other teams. We are trying to adopt a comprehensive governance approach. The security team isn't necessarily responsible for fixing the problems, but we are responsible for ensuring they get fixed. We need to route things to the infrastructure team, and it's straightforward for them to find everything on the dashboard.

Wiz lets you group AWS accounts logically into projects. We have AWS accounts associated with an application, so we create a project named after that application, and the project owners will receive any related incidents. It's easy to identify who's responsible. It requires some configuration, but it's handy. 

They have a security graph with a point-and-click interface, so you can click the resources you want to search for. If you aren't sure what you're looking for, you can click through. You open the little browser, and it says "EC2 instance." When you click on that, it populates several other options. You see that the EC2 instance has a network interface and click it. That has a public IP, so you can start granularly filtering down using the security graph. 

I can use the security graph for threat hunting and identifying resources. I can click on a virtual machine and see it has been detected. I have AWS and VMware integrated so that I can see more than just our cloud environment. It provides visibility into the VMware environment. I can drill down further based on a specific project or subscription. I can see all the VMs in a particular project if I want. If I do that on our infrastructure project, it changes the results, and now I see around 800 VMs in this project.

It helps you understand the resources associated with individual projects. You can do that at the subscription level and narrow it down. It will show you that one project uses S3 buckets and another has VMs. You can determine if assets are active or inactive. It's a valuable tool. 

They have a new inventory feature that allows you to detect and classify technologies. For example, let's say a Linux server has an FTP application installed, but we're not supposed to have those on our Linux servers. You can mark it as unwanted. Wiz has controls triggered when you classify something as an unwanted technology, so it generates incident reports for your projects based on what you've specified in the inventory. If I say FTP is undesirable, it will detect that on resources and send tickets to the appropriate teams notifying them to fix it.

I like the features for managing SLAs. You can define SLAs, set due dates, and use the security graph to see if any SLAs are due soon. I also think they do an excellent job with SSO implementation. Using SAML role mappings, we can integrate Wiz with our identity provider and set it up based on different groups. It's simpler to manage user access. We don't need to do all that manual stuff no one wants to do.

The ability to scan every layer without agents is a huge selling point because we're multi-agent. We are heading in that direction, so it's vital to have something that works that way. We use agents where necessary because we've got endpoint detection and response. We have a vulnerability scanner that isn't agent-based. Reducing the number of agents, we must maintain on servers or desktops is essential. They fall a bit short when it comes to performing on-demand scans. However, I don't think that's their goal.

I don't think Wiz wants people to come in and click "scan now." In some cases, having more frequent scanning than what they currently have would be helpful. It is a little confusing to understand which scanner does what. They have disk and data security scanners that scan buckets and a dynamic scanner that scans other things. I don't know which scanner is doing what or if they all follow the same schedule. I don't think we could use it if it weren't agentless.

The reporting isn't that great. They have executive summaries, but it's only a compliance report that maps all current issues to specific controls. Whether you look at one subscription or project, regardless of the size, you will get a multipage report on how the issues in that account map to that control. Our CSO isn't going to read through that. He won't filter that out or show that to his leadership and say, "Here's what we're doing." It isn't a helpful report. They're working on it, but it's a poor executive summary.

All the other reports look great when you try to create them. I can pull a report of issues for a specific project, but it's a CSV file with findings, which isn't helpful. I expect a slick visual summary that looks like what they have on the dashboard. They spend a lot of time making the dashboard easy to understand, but you can't get that information into a report for our executive leadership. We want to show them the trends and what we're doing. It's critical for our team to demonstrate the tool's value. At the end of the year, we have to go to a meeting and show management the progress we made this year. I can only do that by going into open issues, putting them all in notepad, and taking a couple of screenshots. 

I would also like the dashboards to be customizable. They have excellent dashboards, but you can't create or customize them. At the same time, Wiz seems open to that feedback, and I think they're relatively new. They're growing fast and implementing new features quickly, so I hope this will be added soon.

A third issue is that we can't provide email notifications on connector status. Everything comes into Wiz through a connector. Our AWS environment is added as a connector, and there's no way to notify anyone if an issue is detected. We could wake up the next morning and not have any data from our AWS cloud environment because there was an issue with the connector, but no one would've known about it. I think that's something that needs to be fixed.

Wiz has room for improvement in terms of risk assessment. It has a severity meter with five levels: critical, high, medium, low, or informational. If I click on the highs, it sorts the issues by the control with the most total issues. They're all high, but it doesn't prioritize based on anything other than the number of issues that are impacted by that control. It's not a priority. It tells you you'll get the most bang for your buck if you fix this one. There's no risk score or anything like that.

For example, if a public-facing device has a significant vulnerability, it will consider that business context and label it "critical," but that's all it does. All the severity levels have the same weight. Wiz prioritizes well in terms of sorting the issues into broad categories. However, it doesn't prioritize those. I'm looking at all the highs right now, and I don't know if one of these is more impactful to fix than the other.

It helps to have an overview showing that 103 resources will be impacted if we fix this control. We can fix the control at the global level, put guardrails around it, and prevent the issue from happening in the future. You can start thinking that way, but it doesn't tell you this is more severe than other issues in the same severity category.

We have been using Wiz since October 2022.

I've never seen Wiz go down. It sometimes loads slowly, but that hasn't happened recently.

Wiz automatically scales with you. It's seamless.

I rate Wiz support a nine out of ten. Originally, they offered support through a chat app on their website, which was awful. They recently changed to Zendesk, which has been so much better. We also have a Slack channel with some of our account team. They've been excellent.

Positive

We used Lacework, but it couldn't operationalize like Wiz, and there were a lot of false positives. We found Wiz because we needed a replacement for Lacework that provided a better idea of our cloud environment.

Wiz does a better job than Lacework. It shows you what you need to fix on the front page. Lacework didn't do that as well, and it wasn't easy to automate. Once we knew what needed to be fixed in Lacework, it was difficult to forward the issue to the appropriate team. Wiz shows you what to fix and makes it easy to fix it.

Setting up Wiz is as straightforward as you want it to be. It's easy to set up, but there's a lot to learn, and there will be more as Wiz continues to add features. Being there from the beginning was nice because I learned all about the scanners and how they worked. 

Wiz is a SaaS solution connected to AWS, Azure, and our on-prem VMware environment in our data center. We worked with the Wiz team for the most part, but the platform is easy enough to do it yourself.

We already had Lacework, so we knew what we wanted to connect. We knew we wanted to connect our AWS and Azure cloud environments. We weren't thinking about VMware during our POC. We didn't care to add VMware. Our traditional vulnerability scanners would pick up the on-prem stuff, but they added it as an integration, so we decided to evaluate it. 

I was primarily responsible for deploying the solution, but I'm not a cloud engineer, so we called on some cloud resources to assist. If it's a one-person IT team with access to the cloud environment, they could do that on their own. I don't have access to certain things in AWS, so I needed our cloud team, which is two people, but I only worked with one of them. 

Some Wiz components require on-prem hardware. The VMware connector requires an agent-based server deployment. I deployed an EC2 instance with Docker on it, and each VMware vCenter environment requires its own agent. It was easy to set up, but some on-prem infrastructure is necessary to connect to them, get the information, and push it up to the cloud.

Though Wiz is a SaaS solution, it requires some maintenance on our side. If we have issues with the connectors, they must be fixed to ensure everything is coming in properly. If Wiz makes changes requiring additional permissions that impact the connectors or they release a new feature that requires additional permissions, we need to make some manual adjustments on our end.

We almost realized an ROI. The company only operationalized Wiz in January, even though we've had the tool for a while. We went through the POC. Then we tried to figure out the best method for implementing it and getting stuff out to our teams. I disappeared for a month because I was on paternity leave, so we've had maybe half a month where teams were addressing issues Wiz raised. Our issue count isn't increasing, and we continue to enable more rules and controls. People are starting to take accountability and proactively address issues they've seen in the ticketing system. 

I think we're reaching the point where we'll see a return on investment, and we'll be there by the end of the year. We started at the cloud level and already started implementing some of the things Wiz recommended. It might not trigger an issue on the platform, but it's one of those best practices. 

We realized value almost immediately, even during the POC. We plateaued a bit in terms of the ROI because we fixed some of the low-hanging fruit. We were like, "Okay, now what do we do?" We started creating accounts and putting them in projects. We set up the ticketing and tried to figure out where things were going. That took a few months to get going, and now we've enabled some of those. As time passes, we'll start to address some of these issues globally and hopefully implement the CI/CD stuff. 

Wiz is pretty expensive. It costs more than others in the market. For example, Lacework was half as much. We didn't get as much obviously, but it was half as much. The other platform was even less than Lacework, so Wiz is at the higher end of the market.

We looked at other tools like Ermetic. Rapid7 was actively pitching DivvyCloud to us. It's now called Insight Cloud SEC. We didn't evaluate that one though. We evaluated Ermetic but didn't do a POC. The company briefly tried them, and they didn't meet our expectations. Wiz is easier to use and navigate than the other solutions. 

I rate Wiz a nine out of ten. I recommend evaluating it with a full POC, but be prepared to set up connectors and go through the entire process. You'll know if you like the tool within a month. Try it if you have the budget. 

If you're concerned about getting too many alerts from multiple solutions, I would say it depends on what you can consolidate. Not everything can be consolidated into Wiz. At the same time, Wiz mainly reports actual issues, and there isn't a lot of noise or false positives. Wiz will detect specific resources that might be exposing ports to the internet and trigger an issue on that. But that's by design. In some cases, you might have network resources that a firewall needs to have exposed to the internet in that way.

Wiz has accounted for everything, so you can configure it to ignore particular issues for a given resource. They've implemented a few ways to work around issues you don't want to address so you can clear from the interface and get people to focus on what's important.

Public Cloud

Amazon Web Services (AWS)

Our primary use case for this solution is within our security team for monitoring purposes. We have integrated the solution with our cloud environments to establish notifications for security misconfigurations. These notifications create tickets for relevant teams to address the issues, and our security team ensures the tool works properly, assisting product teams with remediation and consulting on resolving the generated tickets.

The product's most valuable feature combines different contexts and attributes to produce highly confident alerts. It can detect issues based on factors like public exposure, network vulnerabilities, and privilege assignments, leading to minimal false positives and a low volume of alerts, which is highly valuable for our operations.

They could improve the product's visibility in the internal network topology. It focuses mainly on external risks, and additional visibility into internal network communication and cross-cloud or cloud-to-on-prem connectivity would be beneficial.

We have been using Wiz for almost three years.

The solution is generally stable. I would rate its stability as eight or nine out of ten.

The solution is highly scalable.

Our experience with customer service and support has been positive. While initial replies are fast, the resolution time can vary depending on the issue.

Positive

We previously used a different solution from Check Point. We decided to switch due to the additional features, capabilities, and support offered by Wiz.

The initial setup was straightforward and can be completed in a few hours with the necessary permissions.

I rate the process an eight.

Based on the features and capabilities, the product pricing seems reasonable.

I rate Wiz a nine out of ten. 

I lead and manage our vulnerability management and threat intelligence program so relying on having quick visibility, coverage, comprehensiveness, and depth is an absolute benefit; Wiz agentless deployment and scaling give us that quick use CVE-based vulnerability scanning, detection, continuous monitoring, threat intelligence, and risk prioritization with little to no downtime or impact to availability. Lastly, the CSPM, threat-intelligence, and dashboard capability within Wiz gives leadership quick and efficient reporting on our overall risk in the cloud.

I believe the genius of Wiz is that, as we move towards a more zero-trust approach to cybersecurity, we can avoid using agents, which can be intrusive and difficult to manage. Furthermore, granting an agent full read rights access to our endpoint is not always the most secure, least privileged approach. I appreciate how Wiz can take a snapshot, scan it, and deliver results without affecting our workloads. Working with Wiz is great because it eliminates the need for staging and production environments. When we can't pick a snapshot-like reproduction environment right away, it does not have any impact.

We went from 1,000 to 10,000 employees after merging with a large company and purchasing another. Prior to this, it was like the Wild West. With Wiz, we were able to set up quickly and have visibility into our cloud workloads and environment. This has been incredibly helpful in reducing our attack surface and allowing us to prioritize risks. Wiz significantly lowered our risk and caused little to no disruption which is quite amazing.

It is extremely important for our organization to have visibility into our risk detection with a contextual view for prioritizing potential critical risks. When companies try to approach this single pane of glass from a risk perspective, it is essential to be able to share this information with stakeholders and non-technical people, such as the president, CFO, or other C-level personnel. I believe it is possible to share our cloud posture and risk overall within a five-minute presentation.

With the deep coverage and visibility that Wiz provides, we need more resources. It's clear that we have a lot of issues to address and we need to be careful and strategic in how we roll out solutions so that we don't overwhelm the business. Wiz has been helpful in determining our needs and getting us the resources and people we need.

Remediation is currently a manual process. Because the automation workflow within the tool is lacking, we have a remediation webinar to help. I still recommend and suggest that Wiz build it within the tool itself and not depend on manual processes. I have created an SOP to review and share findings, but it is a tedious process and can take up a lot of time. We are not yet in an optimized automated state and the tool and procedure are not there yet. However, Wiz does help and I have set up projects to help with organization and remediation workflow. The security personnel I work with have been pleased with the results, as I can provide a link to the issue and we can review it together. I usually have biweekly remediation calls and internal SLAs to track the ticket creation of the finding to when it is remediated. I find it useful to use that feature within the solution. Wiz allows us to go into the issue and assign a due date, which is very helpful. It would be great to have our own remediation board within Wiz, more like a dashboard.

There are many different features within Wiz that are valuable in their own right. I believe the best features are cloud security posture management, threat intelligence, and risk prioritization. This combination is my favorite aspect of Wiz. There are very few false positives. Wiz does an excellent job of leveraging their threat intelligence and distinguishing issues from findings to prioritize their risk. Having threat intelligence as part of our overall cloud posture management, cloud configurations, CVEs, and CWEs helps to prioritize our inherent and residual risk to the business. Wiz does not try to make actions overly complex, so even a non-technical person can take a webinar and understand the basics of how it works. The solution is very user-friendly.

I like the security graph feature, and being able to start with a dashboard. I am a fan of drilling into the dashboard, and I love how the solution handles different technologies. If we go to Wiz's inventory, they have their work, visibility, and coverage of technologies, as well as how they prioritize external exposures, cloud entitlements, containers, overall vulnerabilities, malware findings, and so on.
I really appreciate the visibility and the way the security graph lays out the risks. When we join the security graph, we can get very detailed and granular information. I like how I can drill into an issue, for example, if I want to look at a critical finding. I can look up fields in my query for all the hits and interact with the security graph and those expressions easily. It's a very digital footprint, root cause analysis type of interaction. I like that element of the security graph. We can get very specific, elaborate, and add to it. Whether we just want to look at the security graph level or drill into the issue specifically, it gives us a detailed footprint of the attack. It's pretty cool.

Wiz is trying to get into File Integrity Monitoring and it would be nice to set up what they call 'alert profiles' in their dashboard. For instance, if they had a threshold of a hundred images or files within a Docker container, image, or files within a particular workload that has been deleted within one minute, this could be an Indicator of a compromise of ransomware or something else. We typically don't think of this in the cloud, but the same rules apply as they would on-premise. It would be beneficial for Wiz to expand into this space and set up alert profiles for thresholds that indicate areas of compromise.

The remediation workflow within Wiz could be improved. For example, Rapid7 has done this well with InsightVM, which they call goals, SLAs, and projects in their remediation workflow. It would be beneficial to have a remediation tab that focuses on the visibility and coverage of findings, as well as an automated remediation workflow. This would save time, as it would not require creating tickets in Jira or going to another place. If these two can be done, it will be very helpful for the user, the person administering the tool, and the developers who need to fix the findings and issues.

I have been using Wiz for almost one year. Six months of that was proof of concept, and now in my current role, four to five months.

We have not encountered any issues with Wiz since I have been here, and it remained stable with no downtime or changes required. I give the stability a ten out of ten.

I am a great admirer of scalability. Wiz scales very well. The only potential obstacle to perfect scalability is probably in the remediation workflow space. The product's availability is excellent. The scalability is almost there. However, by focusing on the remediation automation workflow, goals, SLAs, and projects, we can get Wiz to scale quite well. I give the scalability a nine out of ten.

The technical support is good. The only improvement I would suggest is that Wiz should make their information more publicly accessible, rather than requiring users to have a console account in order to access the portal. This can be an extra step for SREs who do not need to use the tool but still need to access the documentation. It would be helpful to have public documentation that can be accessed by anyone associated with the domain.

Positive

At my previous company, I used Aquasec and Prisma. When I joined my current organization, they were using Wiz.

The initial setup could not be more straightforward. 

We saw the value of Wiz right away. We had onboarded a company we had purchased within three weeks and set up Terraform, AWS, Kubernetes connectors, and BS connectors. We also created a staging environment and a production environment. I was working with SRE to manage posture and address CV-based vulnerabilities that we were seeing. Thankfully, Wiz had a great zero-trust approach and the solution was really good.

The deployment was completed by myself, an SRE engineer, and an SME from Wiz.

We have three different business units. Within those three business units, we have 341 containerized application endpoints. Our next step is to get these onboarded into Wiz, which will be a big project due to the number of applications and workloads. For Prism, the resources we have for both Azure and AWS for our core applications and Namely are all set and ready to go.

The implementation was completed in-house.

Now, with any organization, security is a cost center. However, with the model I suggested, we turn our global cybersecurity team into a service model. This is one of the service offerings we have for our cloud environments. The return on investment is not just a cost to the business, but rather, we provide visibility and coverage of the risk and its potential impact. If this particular issue became a security incident, it would have an operational and financial impact. Ultimately, who is the cost center? By providing a cybersecurity service internally to our customers, we can show them the return on investment. This is not just a cost, but a way to improve our overall security posture. We often say in security, "It's not if, it's when a breach happens." Therefore, it is important to be proactive rather than reactive, which will bring a return on the investment.

I wish the pricing was more transparent. We are in the discovery phase of onboarding other business units and looking at what our pricing looks like. Wiz is agentless and goes based on our projects and resources, so it is good in terms of pricing compared to others. There is room for improvement on our pricing models, so it would be nice if Wiz could share the price beforehand rather than onboarding and then having pricing based on utilization. Despite this, the pricing is fair given the capabilities and features that Wiz offers, as competitors are not doing this at the same level yet.

We evaluated Prisma Cloud by Palo Alto Networks and Aqua Cloud Security Posture Management. In an effort to achieve a single pane of glass, Wiz is the closest to doing that, which is a difficult task. Wiz does this through their security portfolio. Cisco also accomplished this with Cisco SecureX, a unified dashboard and single pane of glass.

Wiz has done a great job of being transparent about their roadmap and capabilities. They are not over-promising on delivery, which is important. In contrast, Aqua had a single pane of glass, but they moved on from one feature or module that wasn't perfected before moving on to something else, resulting in issues. Wiz does a good job of balancing the need to make money in the market and keep up with the times. Wiz is taking a slow and steady approach to winning the race. This is a major difference compared to other solutions. Additionally, Wiz's risk prioritization and user-friendly interface are impressive. From a design perspective, Wiz is trying to keep things as simple and organized as possible, which is very much appreciated by someone managing and running the tool for a vulnerability management program.

I give Wiz a nine out of ten. If Wiz can figure out the remediation workflow, I would put the solution close to a ten out of ten.

Although we are not able to consolidate tools with Wiz yet, the solution is getting there. It is on Wiz's roadmap. We will deprecate our SaaS and SCA offerings once Wiz rolls that ability out by the end of the year.

Very rarely do people truly conduct a thorough proof of concept. Analysts from Gartner or Forrester may not fully understand individual environments, as each one is unique. To get a better understanding, we need to compare side-by-side, setting up Prisma, Aqua, and Wiz. It will become clear how Wiz is a leader in the space, both from a technical standpoint and from a high-level view. Additionally, other solutions often lack up-to-date documentation, whereas Wiz takes documentation seriously and has excellent documents and revisions. Furthermore, Wiz's portal is user-friendly and prioritizes risk, making it stand out from its competitors.

With any solution, we want to conduct a health check. We schedule health checks with Wiz every six months to ensure the solution is well maintained.

Public Cloud

Microsoft Azure

The Primary use cases are within cloud security posture management, in which we identify misconfigurations and any type of what they call "toxic combinations" of risk and vulnerabilities that are affecting our cloud deployments.

In the last year we have enabled DSPM and expanded on CIEM use cases. 

In addition to the agentless functionality, we have deployed the Wiz Sensor and enabled Admission Controller in our Kubernetes workloads. 

We don't consider Wiz just a cyber security tool. What we have done is opened up the visibility to our cloud users. Now, our cloud users are able to see for themselves what is affecting their assets. It helps enable a shared model of responsibility for security. With the visibility that Wiz enables, our users are no longer receiving a report in the form of a spreadsheet. They're able to quickly see and navigate, and drill into anything, if they need to, to see what is affecting their environments. 

Now that we have given them visibility into what's running in production, through some of the capabilities available in Wiz, we are investing in how we can shift things and identify some of those issues earlier in the pipeline so that they don't have to worry about things after going to production.

In addition, the fact that Wiz is agentless and that it's leveraging APIs to give us visibility at the organizational or the account level, are factors that have definitely reduced some of the overhead that come with other technologies that use agents to attain the same results.

Another benefit is that it consolidates tools. We now have one tool that is capable of giving us vulnerabilities, not just on modern services or cloud-ready services, but also on traditional instances in which we would have been using an agent to be able to pull the information we need. The fact that Wiz is agentless and is capable of looking at traditional compute as well as modern compute has reduced the need for additional tools that are agent-based.

Out of all the features, the one item that has been most valuable is the fact that Wiz puts into context all the pieces that create an issue, and applies a particular risk evaluation that helps us prioritize when we need to address a misconfiguration, vulnerability, or any issue that would put our environment into risk. The fact that it's able to reveal those toxic combinations has been really key for us in prioritizing what to fix first.

Having visibility with a contextual view for prioritizing potentially critical risks has been quite important. Especially in the cloud, it's no longer about applying a particular patch or applying particular updates to address a CVE. It's more about, for example, how a combination of a misconfiguration with the fact that it's externally facing allows us to prioritize that to be addressed first. There's a higher risk for an externally facing asset that has a vulnerability with, potentially, a service account that has high privileges. We're able to say, "Hey, we need to fix that first," and not worry so much about a compute engine that might be vulnerable, but is still protected by some other security controls that are in place. Knowing where we gain the most value, from a security perspective, and where we can reduce the most risk, has been a critical piece of our adoption of Wiz.

The solution's Security Graph has been key as well. One of the things that Wiz provides is out-of-the-box dashboards, but the Security Graph allows us to pinpoint things by creating custom reports to target specific vulnerabilities. We have multiple use cases in which we can target, for example 

• a subscription ID that we are after, and that we are trying to prioritize for remediation
• if a particular CVE is part of our environment. 

Through the Security Graph, we're able to quickly determine those types of things. It also enables us to start looking at our assets and our inventory. It's almost human-readable. I don't have to write any type of RQL code. Rather, it allows me to quickly select, through the UI, the pieces that I'm interested in and build a report or query for it.

In addition, the automated attack path analysis is one of the factors that we use when we're prioritizing where we should focus first in our remediation. Understanding any type of lateral movement within an attack path helps us determine the type of urgency involved, as we try to prioritize what to address first. It has been very important in detecting assets that we consider valuable and quickly identifying if they are well protected.

Something that we're starting to look into is identifying vulnerabilities for which we potentially need to delay the remediation. We wish there were a way, beyond providing visibility and automated remediation, to wait on a given remediation, due to a critical aspect, such as the cost associated with a particular upgrade. We don't have remediation prevention capabilities available through Wiz. We would like to see preventive controls that can be applied through Wiz to protect against vulnerabilities that we're not going to be able to remediate immediately.

We've been using Wiz for almost 4 years.

It is pretty stable. We initially had some problems with timeouts, but they addressed them and the platform has been quite stable.

We have not had any problems with being able to scale to meet our demands.

We did not have a previous solution for the cloud.

It was straightforward. We did it in partnership with Wiz.

We have it deployed across multiple public clouds and it's deployed at the organization level. All of our application teams and our 250-plus cloud users are able to see the data through Wiz.

We started with one FTE on Wiz and, since then, we have grown the team to three FTEs. 

In terms of maintenance, no solution is perfect. We have been able to identify issues on the platform and to engage support to either address the bugs and issues that we see, or to enable a feature enhancement for a particular use case.

We have seen ROI from Wiz and we continued to see value in Wiz. Although we have been using Wiz for close to two years, one of the key items that we are still driving is adoption. The more cloud users that adopt the tool, the more value we gain from it. We still continue to see value added. 

In terms of immediate benefits, the first major benefit was asset management. We got a better understanding of the type of workloads or services that were being run in our cloud. The second benefit was around vulnerabilities. Wiz quickly proved that a lot of our application teams were not following best practices related to patching. We were able to quickly tell a story: although you are using a modern service in the form of a container, you are not maintaining the container image in a way that prevents vulnerabilities.

One of the main values that we see is that as a SaaS platform, Wiz continues to deploy new features. As those new features are enabled, more value is being gained by us and by our community.

I believe they're moving to a different licensing model. We are still grandfathered to the initial pricing models. What I do like is that the pricing seems pretty simple. We don't have to do a lot of calculations to figure out what the components are. They do it by enabling specific features, either basics or advanced, which makes it easy to select. But I'll have to see how the new pricing model will work for us.

We evaluated Aqua Cloud Security Posture Management, Prisma Cloud, and Orca Security. Wiz seems to be more user-friendly. It enables a user to quickly identify risks with minimal intervention. That was definitely a positive factor and a welcome one because it's less hands-on than some of the other tools.

Also, the fact that Wiz is able to see and contextualize multiple components or issues, provides a richer way of looking at risk. It takes into account not just a particular vulnerability that is CVE-driven, but also items like misconfigurations, over-privileged service accounts, and other factors that help us better prioritize our risk.

Initially, there was unplanned work when our cloud owners saw the risks in their environments. But because we were prioritizing what needed to be fixed first, they were able to utilize existing staff resources to address those vulnerabilities. We were not just trying to patch or fix something that might be low risk. Rather, we were always trying to identify where our critical issues were and address those first.

If you're looking at Wiz but are concerned that your existing products already give you a lot of alerts, I would ask about your journey to the cloud and what you're focusing on. Are you mainly focusing on what I call CVEs and patching? Or are you looking into other areas like compliance and identity and access management pieces? If you are, then Wiz is definitely the right choice. It has to be driven based on that journey to the cloud. Visibility, once deployed, is one thing, and visibility prior to deployment is another thing. You should have a good understanding of what your requirements are and where you see the value of addressing any type of risk that is introduced into your environment.

Understand what is important to you. Are you more focused on the CSPM features that are available through Wiz? Are you more focused on cloud infrastructure entitlements that are available through Wiz? Are you looking to remove existing agents that could create overlap, and how does that fit into your roadmap? Understanding your requirements for the type of information that you want to see out of the tool is going to be critical to understanding your use cases, and how your community is engaged with those use cases, regardless of how easy the tool is to integrate. Those are factors that are going to be vital to your success.

We currently use Wiz for cloud security management to identify and address vulnerabilities in our AWS platforms. Wiz is also integrated with our EKS clusters, allowing us to monitor and manage cluster security. We deploy sensors across our infrastructure, from the base level to more advanced setups, to gather comprehensive vulnerability data. Additionally, Wiz helps us manage our inventory and images. We have integrated Wiz with our ECR to monitor and secure container images through the ECR connector.

Our main goal is to use Wiz as our secondary product. We aim to gather all logs and vulnerabilities and integrate them into our main tool, Splunk. Wiz helps us identify issues, but Splunk remains our primary solution. We forward all logs from Wiz to Splunk. The client, Vericore, uses Splunk as their main tool to gather data from third-party CSPM tools like Prisma and others, including DDoS detection. This integration allows us to generate reports and distribute them to other departments to address the identified vulnerabilities.

Wiz offers greater visibility and more in-depth findings in terms of configuration, misconfiguration, and vulnerabilities.

The APIs are currently quite limited and not very mature, which makes integration with Splunk difficult. As a result, we often have to use Wiz instead of our mainframe to handle tasks related to Splunk. We regularly meet with the Wiz team, who then consult their product team to find solutions and alternative methods for these tasks.

I have been using Wiz for six months.

It is stable.

We don't have any issues with the scalability. 45-50 users are using this solution.

We have multiple departments, including product security and sales. We have development teams and other departments as well. For each senior and director in these departments, we have created users and provided them with access to Wiz. This allows them to gather reports from Wiz. Additionally, if they cannot get the reports from Wiz, they can use Splunk, with which we have integrated Wiz.

We have deployed Wiz in three organizations on AWS, each with approximately 70 to 80 accounts, totaling more than 120 accounts. We have also deployed Wiz in Microsoft environments, ensuring we can gather data from every platform.

Support has been great. We have a dedicated channel with Wiz and are always in communication with them.

Neutral

The initial setup was very straightforward. We used the deployment connectors in Wiz. We deployed three connectors for our AWS environment, and each connector requires specific roles: Wiz rules and read-only roles. The deployment was done using the CloudFormation template through our management account, and we deployed the template to all the accounts in the organization.

The deployment took no more than 48 hours because it was done easily. However, the setup to get all the data from AWS into Wiz took about 24-48 hours.

We use Splunk for DDoS detection and the AWS Security Data Lake for micro detections. We use Wiz for cloud platform configuration. For threat detection, we rely on the AWS Security Data Lake and Splunk.

We use Wiz to enhance our cloud security, and as a result, the number of vulnerabilities has gone down. We have integrated Jira authentication with Wiz to create tickets. We have set up rules in Wiz that generate tickets for misconfigurations. These tickets are sent to the respective departments that own the accounts with the identified vulnerabilities and misconfigurations. Our security team pushes these tickets to the relevant teams, enhancing security. 

Integration and deployment are relatively easy. However, we have encountered some incidents with Wiz in the past. As Wiz mentioned, some policies included in the connectors were flagging our production EBS in AWS. 

Maintenance is very easy.

I recommend Wiz for its simplicity, comprehensive findings, and impressive security graph. It provides excellent visibility, threat detection, and data classification rules. Additionally, Wiz offers more control compared to Prisma and other third-party tools.

Overall, I rate the solution at eight-point five out of ten.

Public Cloud