Wiz Reviews

Our primary use case is related to using Wiz as a cloud-native application protection platform. We are currently in the midst of onboarding resources and streamlining the integration of Wiz.

It has been user-friendly, and most of the integrations and configurations are straightforward.

Wiz is a very powerful product technologically. Our requirement is related to the CNAPP solution, which is a cloud-native application protection platform. It is user-friendly, and most of the integrations and configurations are straightforward.

I have not measured certain abilities on a scale yet. The ultimate value depends on the requirements of your organization.

We are still in the midst of implementing Wiz. As such, we are still analyzing its behavior.

We are still analyzing its behavior as we are in the midst of the implementation.

We still get support for at least a month by default after implementing any tool. As of now, everything is good.

Positive

In the past, I worked with Check Point, specifically their firewall product and RaaS VeeTrail subproducts. I no longer use Check Point products as I switched my domain from network security to application security and cloud security.

Since we are still in the midst of implementing the new solutions within our environment, it is a work in progress.

We are currently onboarding resources and working to streamline the implementation of Wiz.

This feedback is not based on much experience yet, as we have only conducted POV or POC.

We compared Wiz with other products, such as Orca and other industry standard solutions.

I do not want my name or my organization's name to be reflected in any of the feedback provided.

I'd rate the solution eight out of ten.

The solution provides visibility into our business integrations in the cloud environment. We have a multi-cloud environment, and the tool provides a visual representation of misconfigurations, including the risks associated with combinations of multiple misconfigurations. Additionally, we use the solution to track resources provisioned in the cloud for compliance with our organization's baseline controls. Wiz is deployed as a SaaS.

Wiz helped us reduce blind spots in our risk detection capabilities; the older tools we previously used did not offer the same level of visibility and capability. The solution can validate exposures, which we can then communicate to the application team, allowing the developers to configure their applications to be more secure.  

Our most important features are those around entitlement, external exposure, vulnerabilities, and container security.

The Wiz Security Graph provides a single prioritized view of risks in our cloud environments. The query functionality also helps us write custom queries and quick searches, allowing us to find vulnerabilities and prioritize externally exposed servers or resources. We can then use other tools to segregate outcomes and prioritize actions between teams based on the threats. 

Wiz's ability to scan every layer of our cloud environments without agents gives us profound visibility into the vulnerabilities. The scanner can search the ports and running services, detecting vulnerable packages in the server. The solution also helps in the storage of Cleartext credentials; it can see if files contain cloud or private keys, whereas an agent-based scanner cannot. This visibility allowed us to fast-track remediation by informing the relevant teams about their vulnerabilities. 

Having visibility into our risk detection with a contextual view for prioritizing potentially critical risks is essential. Our environment is segregated, so it's crucial to understand what will happen if a particular resource is exposed to the internet. We need some context in the back end, including whether it's a production, nonproduction, or development resource, and it's important to attach the misconfiguration risk order. 

One significant issue is that the searches are case-sensitive, so finding a misconfigured resource can become very challenging.

The second area for improvement concerns grouping resources into a set. It usually works fine but it depends on the tags configured to the cloud platform. We can group resources into the same project, but we also need the capability to run a check on, say, 15 or 20 resources by grouping them into a compliance set. That would be a welcome improvement.

We've been using the solution for over a year. 

The solution is relatively stable; over the past year or so, we faced two minor issues around logins, resulting in around an hour of downtime. 

The solution is highly scalable; as it's a SaaS, we don't have to manage any back-end infrastructure. We can onboard whatever we want and purchase the additional licensing if necessary.

The technical support is quick and easy; as we were onboarded as new customers, we had Wiz representatives available for hand-holding during the deployment. Post-deployment, we faced a few issues around integrations and always got a response within a couple of hours, so I rate the customer support nine out of ten.

Positive

We previously used a Prisma product and switched because the technology was not getting upgraded, among other issues. We also disagreed with Palo Alto's vision about where they wanted to take Prisma, and we submitted meditation reports, bug reports, and feature requests: none of which were addressed.

During our market research, we found Wiz to be superior in terms of ease of use, plus we were impressed by the company's commitment to features and functionality. We discussed changes with them during the demo period, and they had already been implemented by the time we went into the POC, which was one of the reasons we decided to go with them. 

We saw that Wiz offers better visibility and builds a view based on correlated resource configurations, so we decided it was a better solution for us. 

The deployment was straightforward, as was the initial integration; we didn't have to customize many settings. We did some customization based on our integration environment, but we knew what we were rolling out as we had already carried out a POC. We integrated and onboarded all our cloud environments within a week or so.

One staff member was responsible for tool management during deployment, and as we were integrating into different environments, one to two representatives from each were also involved. Regarding maintenance, we set the rules and do some fine-tuning, but no tool maintenance is required.  

We started seeing the value of Wiz within a couple of months following deployment, as it helped us rapidly gain visibility that we didn't have previously. The product allowed us to visualize which servers were exposed to the internet immediately, the associated package logs, and so on.

We implemented the solution in-house, with on-call support from Wiz.

I'm not involved in the pricing or licensing, so I can't speak to it.

We tested the capabilities of several cloud providers.

I rate the solution nine out of ten. 

We have yet to explore the product's newer features, but we will conduct that exploration and enrollment very soon.

We attempted to consolidate tools using Wiz, but we have yet to be able to due to our organizational level of adoption, not because of any limitation with the product. We have both cloud and on-prem areas in our environment, so if we were to consolidate tools in the cloud, we would also have to replicate that in our data center.

To someone looking into buying Wiz but concerned that they already have a bunch of products that give them many alerts, I recommend the product because it significantly helps with prioritization. Not every alert is critical, but when it comes to combinations of multiple misconfigurations, these can be, and the solution highlights them as such. You can then start fixing the configurations step by step. At the same time, Wiz reprioritizes the vulnerabilities, meaning you can always be focused on the most pressing concerns, regardless of the number of alerts received. 

Additionally, whether someone implements Wiz or not depends on their technology. If they already have a product that does scanning and vulnerability correlation, then a product focused on handling the number of alerts is a consideration. For those using older Cloud Security Posture Management (CSPM) tools, I recommend they switch to Wiz, but if they have a newer one and are determined to stick with it, the switch is a more complicated case to make.

We use Wiz for cloud security posture management and related services, such as visibility, inventory, risk management, patch management, and framework maturity.

We saw benefits from day one. Wiz gives us greater visibility into S3 buckets and sensitive data that may be exposed or compromised. For example, it might show us buckets that are public but should not be or immediate areas where patching should be applied.

Wiz enabled us to consolidate tools into a single pane of glass. That sped up our meantime to respond. The single pane of glass helps our security teams identify zero-day threats and vulnerabilities to tackle first. Wiz has been a game-changer for us.

It's one of our core security tools for preventing breaches in our organization. Since we're a 100 percent cloud environment, Wiz is critical to our security toolset. 

Wiz helped to reduce blind spots in our risk detection capabilities. Their dashboard has pre-populated queries for zero-day threats that take the guesswork out of building a query. Everything's simple, understandable, and pre-populated for you to customize. It offers visibility into the vulnerability and what you must do to resolve it. 

I could take care of threats immediately and confirm to the executives that zero-day threats are prevalent in the industry for other organizations. It handles the security operations, governance, and risk compliance aspects of the cloud in a single solution.

Wiz also helped us avoid building a large team. We can use the team we have and scale the tool as needed because it provides visibility to multiple teams. Fewer people are needed to operate Wiz. 

The CSPM module has been the most effective. It was easy to deploy and covered all our accounts through APIs, requiring no agents. Wiz provides instant visibility into high-level risks that we need to address.

It's the best tool in its class. I have used many different tools in previous environments, and this was the easiest to use. It provides the most visibility from the dashboard and highlights areas that must be addressed immediately.

Wiz can seamlessly scan every layer of our cloud environment without agents. The documentation was thorough, with screenshots and examples of what to do next.

Wiz's reporting capabilities could be refined a bit. They are making headway on that, but more executive-style dashboards would be nice. They just implemented a community aspect where you can share documents and feedback. This was something users had been requesting for a while. They are listening to customer feedback and making changes. 

They could add more security functionality and visibility into EKS and Kubernetes in general. I believe that is on their roadmap. Wiz should just keep pace with the changes in the cloud and new features customers are requesting. 

I have used Wiz for two and a half years.

We've never had any issues or outages.

I rate Wiz a ten out of ten for scalability.

I rate Wiz support a ten out of ten. Their support is excellent. We can always reach our account representative when we have a problem or need to speak with technical staff to clarify things. It's easy to get help when needed.

Positive

Setting up Wiz was straightforward. We only had two engineers on our side working on the deployment. One was responsible for documentation, and the other handled the hands-on aspects. Realistically, you only needed one person to deploy it.

Wiz is deployed in a public cloud environment. We have seven or eight different accounts, and the rollout was seamless. There were no issues. We aren't multi-regional. It's currently one region, but we are looking at expanding. The solution currently gives us the coverage we need for those environments. Wiz requires no maintenance. It runs on its own. 

We deployed Wiz using API integration through a VAR service. It was a streamlined process from a VAR perspective. Both sides understood the problems, and we made adjustments to the size of the setup we needed to meet our demands. That was a good aspect of the VAR relationship.

The pricing is fair and comparable to their competitors. The cost seems to be going up, which is a concern. There are potential savings from consolidating tools, but we're uncertain how Wiz's pricing will change over time. 

It might follow a trajectory similar to Splunk. Early adopters got an excellent deal, but it became pricey when they became the market leader. Many CISOs are concerned about the longevity of Wiz's pricing model. It's becoming a go-to product that lots of folks are shifting toward. 

I can't talk about the other tools, but we looked at the best in the industry, and Wiz outshined all of them.

I rate Wiz a ten out of ten. Take a look at competitors and make your opinion. At the same time, most people choose Wiz because of its ease of use, support, and return on investment. Those are the main reasons we selected and stayed with them.

I have worked in security for a while, but I'm new to the cloud security world, and Wiz helps me understand how to secure cloud environments like AWS and Azure on the backend. We have about 50 Wiz users, including four admins and the SOC team. About 10 members of the CloudOps team have access. 

Wiz's biggest benefit is visibility. My organization acquired a few other companies, and we didn't know what we had. With Wiz, we only needed to create a service account and add new accounts to gain visibility into how they are configured, what security holes they have, and how to fix their vulnerabilities.

Visibility into critical risks is essential to our security team's job. You need to know what's out there to protect the environment. Wiz helps us reduce blind spots in our remediation, and we're constantly working on that. Our cloud security team is relatively small, so we're still seeing several servers with vulnerabilities.

We're still refining our remediation process. Now, when we see a vulnerability, we open a ticket with CloudOps to remedy it. However, the company recently made some acquisitions, and the other organizations we bought have their own processes.

We've been able to consolidate a few tools. For example, we had another product that we were using to pull reports from AMIs, but we recently started doing that in Wiz, so we don't need it anymore.  It's easier to use one tool with a single pane of glass instead of logging into multiple tools to get some information, you can do it from the Wiz platform.

I like Wiz's reporting, and it's easy to do queries. For example, it's pretty simple to find out how many servers we have and the applications installed on each. I like Wiz's Security Graph because you can use it to see the whole organization even if you have multiple accounts. We can sort it by a specific account or see them all in one place. I can't imagine logging in to each AWS account every time I need to see something with it. It's making things much easier.

Given the level of visibility into all the cloud environments Wiz provides, it would be nice if they could integrate some kind of mechanism to better manage tenants on multiple platforms. For example, let's say that some servers don't have an application they need, such as an antivirus. Wiz could include an API or something to push those applications out to the servers. It would be great if you could remedy these issues directly from the Wiz platform. 

I have used Wiz for about a year.

I'm impressed with the stability. We've only had downtime from maintenance and updates, and they notify us in advance, so we aren't impacted. 

We haven't needed to scale anything. It's a SaaS solution, so everything happens in the background. I haven't noticed any issues. 

I've never contacted tech support directly, but I meet with our account managers weekly, and they help me when I have issues. They open the case for me and provide a solution. At the next meeting, they follow up with me, and it's usually resolved pretty fast.

We realized value immediately after implementing Wiz. 

I rate Wiz nine out of 10. Before implementing Wiz, you should have all the information about your cloud environment in hand. It's straightforward once you get started. The challenge is getting connected to the environment. It will be difficult if you don't have the keys to the environment. Make sure you have a list of all your tenants for AWS, Azure, GCP, etc., so you don't miss anything.

You're always going to have a lot of alerts in this business, but Wiz has the flexibility to tailor your controls to your company's specific needs. That will reduce the amount of alerts. 

Our primary use case for this solution is within our security team for monitoring purposes. We have integrated the solution with our cloud environments to establish notifications for security misconfigurations. These notifications create tickets for relevant teams to address the issues, and our security team ensures the tool works properly, assisting product teams with remediation and consulting on resolving the generated tickets.

The product's most valuable feature combines different contexts and attributes to produce highly confident alerts. It can detect issues based on factors like public exposure, network vulnerabilities, and privilege assignments, leading to minimal false positives and a low volume of alerts, which is highly valuable for our operations.

They could improve the product's visibility in the internal network topology. It focuses mainly on external risks, and additional visibility into internal network communication and cross-cloud or cloud-to-on-prem connectivity would be beneficial.

We have been using Wiz for almost three years.

The solution is generally stable. I would rate its stability as eight or nine out of ten.

The solution is highly scalable.

Our experience with customer service and support has been positive. While initial replies are fast, the resolution time can vary depending on the issue.

Positive

We previously used a different solution from Check Point. We decided to switch due to the additional features, capabilities, and support offered by Wiz.

The initial setup was straightforward and can be completed in a few hours with the necessary permissions.

I rate the process an eight.

Based on the features and capabilities, the product pricing seems reasonable.

I rate Wiz a nine out of ten. 

The Primary use cases are within cloud security posture management, in which we identify misconfigurations and any type of what they call "toxic combinations" of risk and vulnerabilities that are affecting our cloud deployments.

In the last year we have enabled DSPM and expanded on CIEM use cases. 

In addition to the agentless functionality, we have deployed the Wiz Sensor and enabled Admission Controller in our Kubernetes workloads. 

We don't consider Wiz just a cyber security tool. What we have done is opened up the visibility to our cloud users. Now, our cloud users are able to see for themselves what is affecting their assets. It helps enable a shared model of responsibility for security. With the visibility that Wiz enables, our users are no longer receiving a report in the form of a spreadsheet. They're able to quickly see and navigate, and drill into anything, if they need to, to see what is affecting their environments. 

Now that we have given them visibility into what's running in production, through some of the capabilities available in Wiz, we are investing in how we can shift things and identify some of those issues earlier in the pipeline so that they don't have to worry about things after going to production.

In addition, the fact that Wiz is agentless and that it's leveraging APIs to give us visibility at the organizational or the account level, are factors that have definitely reduced some of the overhead that come with other technologies that use agents to attain the same results.

Another benefit is that it consolidates tools. We now have one tool that is capable of giving us vulnerabilities, not just on modern services or cloud-ready services, but also on traditional instances in which we would have been using an agent to be able to pull the information we need. The fact that Wiz is agentless and is capable of looking at traditional compute as well as modern compute has reduced the need for additional tools that are agent-based.

Out of all the features, the one item that has been most valuable is the fact that Wiz puts into context all the pieces that create an issue, and applies a particular risk evaluation that helps us prioritize when we need to address a misconfiguration, vulnerability, or any issue that would put our environment into risk. The fact that it's able to reveal those toxic combinations has been really key for us in prioritizing what to fix first.

Having visibility with a contextual view for prioritizing potentially critical risks has been quite important. Especially in the cloud, it's no longer about applying a particular patch or applying particular updates to address a CVE. It's more about, for example, how a combination of a misconfiguration with the fact that it's externally facing allows us to prioritize that to be addressed first. There's a higher risk for an externally facing asset that has a vulnerability with, potentially, a service account that has high privileges. We're able to say, "Hey, we need to fix that first," and not worry so much about a compute engine that might be vulnerable, but is still protected by some other security controls that are in place. Knowing where we gain the most value, from a security perspective, and where we can reduce the most risk, has been a critical piece of our adoption of Wiz.

The solution's Security Graph has been key as well. One of the things that Wiz provides is out-of-the-box dashboards, but the Security Graph allows us to pinpoint things by creating custom reports to target specific vulnerabilities. We have multiple use cases in which we can target, for example 

• a subscription ID that we are after, and that we are trying to prioritize for remediation
• if a particular CVE is part of our environment. 

Through the Security Graph, we're able to quickly determine those types of things. It also enables us to start looking at our assets and our inventory. It's almost human-readable. I don't have to write any type of RQL code. Rather, it allows me to quickly select, through the UI, the pieces that I'm interested in and build a report or query for it.

In addition, the automated attack path analysis is one of the factors that we use when we're prioritizing where we should focus first in our remediation. Understanding any type of lateral movement within an attack path helps us determine the type of urgency involved, as we try to prioritize what to address first. It has been very important in detecting assets that we consider valuable and quickly identifying if they are well protected.

Something that we're starting to look into is identifying vulnerabilities for which we potentially need to delay the remediation. We wish there were a way, beyond providing visibility and automated remediation, to wait on a given remediation, due to a critical aspect, such as the cost associated with a particular upgrade. We don't have remediation prevention capabilities available through Wiz. We would like to see preventive controls that can be applied through Wiz to protect against vulnerabilities that we're not going to be able to remediate immediately.

We've been using Wiz for almost 4 years.

It is pretty stable. We initially had some problems with timeouts, but they addressed them and the platform has been quite stable.

We have not had any problems with being able to scale to meet our demands.

We did not have a previous solution for the cloud.

It was straightforward. We did it in partnership with Wiz.

We have it deployed across multiple public clouds and it's deployed at the organization level. All of our application teams and our 250-plus cloud users are able to see the data through Wiz.

We started with one FTE on Wiz and, since then, we have grown the team to three FTEs. 

In terms of maintenance, no solution is perfect. We have been able to identify issues on the platform and to engage support to either address the bugs and issues that we see, or to enable a feature enhancement for a particular use case.

We have seen ROI from Wiz and we continued to see value in Wiz. Although we have been using Wiz for close to two years, one of the key items that we are still driving is adoption. The more cloud users that adopt the tool, the more value we gain from it. We still continue to see value added. 

In terms of immediate benefits, the first major benefit was asset management. We got a better understanding of the type of workloads or services that were being run in our cloud. The second benefit was around vulnerabilities. Wiz quickly proved that a lot of our application teams were not following best practices related to patching. We were able to quickly tell a story: although you are using a modern service in the form of a container, you are not maintaining the container image in a way that prevents vulnerabilities.

One of the main values that we see is that as a SaaS platform, Wiz continues to deploy new features. As those new features are enabled, more value is being gained by us and by our community.

I believe they're moving to a different licensing model. We are still grandfathered to the initial pricing models. What I do like is that the pricing seems pretty simple. We don't have to do a lot of calculations to figure out what the components are. They do it by enabling specific features, either basics or advanced, which makes it easy to select. But I'll have to see how the new pricing model will work for us.

We evaluated Aqua Cloud Security Posture Management, Prisma Cloud, and Orca Security. Wiz seems to be more user-friendly. It enables a user to quickly identify risks with minimal intervention. That was definitely a positive factor and a welcome one because it's less hands-on than some of the other tools.

Also, the fact that Wiz is able to see and contextualize multiple components or issues, provides a richer way of looking at risk. It takes into account not just a particular vulnerability that is CVE-driven, but also items like misconfigurations, over-privileged service accounts, and other factors that help us better prioritize our risk.

Initially, there was unplanned work when our cloud owners saw the risks in their environments. But because we were prioritizing what needed to be fixed first, they were able to utilize existing staff resources to address those vulnerabilities. We were not just trying to patch or fix something that might be low risk. Rather, we were always trying to identify where our critical issues were and address those first.

If you're looking at Wiz but are concerned that your existing products already give you a lot of alerts, I would ask about your journey to the cloud and what you're focusing on. Are you mainly focusing on what I call CVEs and patching? Or are you looking into other areas like compliance and identity and access management pieces? If you are, then Wiz is definitely the right choice. It has to be driven based on that journey to the cloud. Visibility, once deployed, is one thing, and visibility prior to deployment is another thing. You should have a good understanding of what your requirements are and where you see the value of addressing any type of risk that is introduced into your environment.

Understand what is important to you. Are you more focused on the CSPM features that are available through Wiz? Are you more focused on cloud infrastructure entitlements that are available through Wiz? Are you looking to remove existing agents that could create overlap, and how does that fit into your roadmap? Understanding your requirements for the type of information that you want to see out of the tool is going to be critical to understanding your use cases, and how your community is engaged with those use cases, regardless of how easy the tool is to integrate. Those are factors that are going to be vital to your success.

We currently use Wiz for cloud security management to identify and address vulnerabilities in our AWS platforms. Wiz is also integrated with our EKS clusters, allowing us to monitor and manage cluster security. We deploy sensors across our infrastructure, from the base level to more advanced setups, to gather comprehensive vulnerability data. Additionally, Wiz helps us manage our inventory and images. We have integrated Wiz with our ECR to monitor and secure container images through the ECR connector.

Our main goal is to use Wiz as our secondary product. We aim to gather all logs and vulnerabilities and integrate them into our main tool, Splunk. Wiz helps us identify issues, but Splunk remains our primary solution. We forward all logs from Wiz to Splunk. The client, Vericore, uses Splunk as their main tool to gather data from third-party CSPM tools like Prisma and others, including DDoS detection. This integration allows us to generate reports and distribute them to other departments to address the identified vulnerabilities.

Wiz offers greater visibility and more in-depth findings in terms of configuration, misconfiguration, and vulnerabilities.

The APIs are currently quite limited and not very mature, which makes integration with Splunk difficult. As a result, we often have to use Wiz instead of our mainframe to handle tasks related to Splunk. We regularly meet with the Wiz team, who then consult their product team to find solutions and alternative methods for these tasks.

I have been using Wiz for six months.

It is stable.

We don't have any issues with the scalability. 45-50 users are using this solution.

We have multiple departments, including product security and sales. We have development teams and other departments as well. For each senior and director in these departments, we have created users and provided them with access to Wiz. This allows them to gather reports from Wiz. Additionally, if they cannot get the reports from Wiz, they can use Splunk, with which we have integrated Wiz.

We have deployed Wiz in three organizations on AWS, each with approximately 70 to 80 accounts, totaling more than 120 accounts. We have also deployed Wiz in Microsoft environments, ensuring we can gather data from every platform.

Support has been great. We have a dedicated channel with Wiz and are always in communication with them.

Neutral

The initial setup was very straightforward. We used the deployment connectors in Wiz. We deployed three connectors for our AWS environment, and each connector requires specific roles: Wiz rules and read-only roles. The deployment was done using the CloudFormation template through our management account, and we deployed the template to all the accounts in the organization.

The deployment took no more than 48 hours because it was done easily. However, the setup to get all the data from AWS into Wiz took about 24-48 hours.

We use Splunk for DDoS detection and the AWS Security Data Lake for micro detections. We use Wiz for cloud platform configuration. For threat detection, we rely on the AWS Security Data Lake and Splunk.

We use Wiz to enhance our cloud security, and as a result, the number of vulnerabilities has gone down. We have integrated Jira authentication with Wiz to create tickets. We have set up rules in Wiz that generate tickets for misconfigurations. These tickets are sent to the respective departments that own the accounts with the identified vulnerabilities and misconfigurations. Our security team pushes these tickets to the relevant teams, enhancing security. 

Integration and deployment are relatively easy. However, we have encountered some incidents with Wiz in the past. As Wiz mentioned, some policies included in the connectors were flagging our production EBS in AWS. 

Maintenance is very easy.

I recommend Wiz for its simplicity, comprehensive findings, and impressive security graph. It provides excellent visibility, threat detection, and data classification rules. Additionally, Wiz offers more control compared to Prisma and other third-party tools.

Overall, I rate the solution at eight-point five out of ten.

Per my company’s guidelines – I am not allowed to share any information about our environment or detailed use cases. What I am sharing is at a very high level.

Overall I can share that we are using Wiz for AWS cloud discovery, identification, and remediation of misconfigurations as well as vulnerabilities.

We are considering more use cases and scenarios (as well as expanding to more teams in the org) in time. For now, these are the primary use cases that we are currently using Wiz for.

The solution has made a difference in the organization via: 

Technical capability. It covers all our languages, frameworks, and assets on AWS with the ability to do side scanning, which reduces compute needs and agent deployment/maintenance.

Natural query language. The product supports out-of-the-box reporting with context about the asset and allows us to perform complex custom queries on UI.

Security data at all levels. Wiz supports Basic and Advanced modes, meaning Engineering and Business users can leverage the platform without being complicated or too dumbed down.

A fresh approach to Vulnerability Management. Legacy methods did not work effectively in the cloud, risk-based context-driven vulnerability identification drives real results.

The ‘Graph’ has uses beyond security. Leveraging centralized cloud asset information enables teams to query in one place their architecture for operational success.

The Security Graph is the power of Wiz. This, teamed with continually developed cloud configuration rules, makes Wiz a powerhouse of an application. We use this information to pull all levels of security-relevant data and also for use cases outside of security. Leveraging this technology saves us not only precious engineering time but also money developing and investing in other overlapping solutions.

We find Wiz's native integrations to be extremely useful and paramount to the operational success of the platform; from day one, we have worked on integrating Wiz into as many internal platforms as possible.

Wiz is fully aware of its areas of improvement. We are seeing huge platform releases over the next couple of quarters, which they promise and deliver on. Wiz is the first vendor I've worked with that has turnaround feature requests in less than a month. 

We would like to see improvements to executive-level reporting and data reporting in general, which we understand is being rolled out to the platform. Improvements around the IaC scanning dashboards and flexibility would be nice however, this does not detract from the current usability of the tool at all. 

I've used the solution for more than six months.

Technical support is excellent. It is some of the best post-sales support ever received. CSMs know the product and share the same level of passion for the solution.

Positive

By far, the easiest part of the solution is the setup. It took all of one hour to complete, and that's with a custom Terraform.

We handled the setup in-house

We evaluated six other solutions from larger and smaller vendors.

If possible, a company needs to do a demo and a PoC. That way, they will see the value right away.