Wiz Reviews

My organization operates as a service provider for some small companies, so we started working with Wiz. I am not fully confident in discussing how work is going on with Wiz. I am having a training session on how to use the tool.

There are no major complaints associated with the tool.

As the tool is a good fit for small and medium-sized businesses, the solution should focus on making the product suitable for large-scale businesses.

I have been using Wiz for six to seven months.

It is a stable solution.

I provide the solution for small companies. The tool suits small and medium-sized businesses.

My company did not get to use the product for an enterprise-sized business, but we may try it for large companies if we get an opportunity.

I have not contacted technical support for the solution.

I have not worked with any other tools.

One of our company's team members already completed the product's initial setup phase. I just started exploring the tool after that.

The tool helps our company save time.

Over the other tools in the market, my company started to use Wiz after our clients started to use it based on our recommendation. One of our team managers proposed Wiz, and then we started working on it.

My company has not integrated the product with any other tools. We have just started exploring the product, which we mainly use for Azure-based tools and for detecting vulnerabilities. Actually, one of my other teams in my company has good experience with the tool. I am in the first stage of exploring Wiz.

The tool is very powerful in nature.

It is easy to use the tool.

I recommend the tool to others since it is a user-friendly product.

I have started using the product for any AI-based projects. I am trying to switch over from exchange to security platforms.

I will recommend the tool to other people. It is good to use. I can recommend the tool to anyone.

I have not yet started using the AI features in the tool.

I rate the tool an eight out of ten.

We use the solution for security from external attacks and vulnerabilities and for container security.

With Wiz, we get timely alerts for leaked data or any vulnerabilities already existing in our environment.

The solution's container security could be improved. We have to install an agent. We need an agent that can be installed, or that can overview all the containers and Kubernetes so that it can detect malicious activities that are happening in them. If it happens, we need to have an option to take a remote from one console, like we do in EDR, and remediate all those activities.

I have been using Wiz for one year.

Wiz is a stable solution, and we haven't faced any breakdowns.

Around 10 to 15 users are using the solution in our organization. The solution is not in a place to take up scalability requests.

The solution's technical support was timely.

The solution's initial setup was easy, and the onboarding was very simple.

The solution is deployed pretty fast. We deployed the solution last year, and it was on boarded and in production in less than a week.

Wiz is a moderately priced solution, where it is neither cheap nor costly.

Before choosing Wiz, we evaluated and did a POC with Prisma Cloud And Tenable. We chose Wiz because Prisma Cloud was costly and out of our budget, and Tenable did not satisfy most of our requirements.

You can choose to use Wiz if you're not looking for a container deduction and response or Kubernetes security. The solution is deployed on AWS Azure and a private cloud in our organization. The solution's compliance reporting capabilities increased the score of our security scorecard.

Overall, I rate the solution an eight out of ten.

We use Wiz for cloud security posture management and related services, such as visibility, inventory, risk management, patch management, and framework maturity.

We saw benefits from day one. Wiz gives us greater visibility into S3 buckets and sensitive data that may be exposed or compromised. For example, it might show us buckets that are public but should not be or immediate areas where patching should be applied.

Wiz enabled us to consolidate tools into a single pane of glass. That sped up our meantime to respond. The single pane of glass helps our security teams identify zero-day threats and vulnerabilities to tackle first. Wiz has been a game-changer for us.

It's one of our core security tools for preventing breaches in our organization. Since we're a 100 percent cloud environment, Wiz is critical to our security toolset. 

Wiz helped to reduce blind spots in our risk detection capabilities. Their dashboard has pre-populated queries for zero-day threats that take the guesswork out of building a query. Everything's simple, understandable, and pre-populated for you to customize. It offers visibility into the vulnerability and what you must do to resolve it. 

I could take care of threats immediately and confirm to the executives that zero-day threats are prevalent in the industry for other organizations. It handles the security operations, governance, and risk compliance aspects of the cloud in a single solution.

Wiz also helped us avoid building a large team. We can use the team we have and scale the tool as needed because it provides visibility to multiple teams. Fewer people are needed to operate Wiz. 

The CSPM module has been the most effective. It was easy to deploy and covered all our accounts through APIs, requiring no agents. Wiz provides instant visibility into high-level risks that we need to address.

It's the best tool in its class. I have used many different tools in previous environments, and this was the easiest to use. It provides the most visibility from the dashboard and highlights areas that must be addressed immediately.

Wiz can seamlessly scan every layer of our cloud environment without agents. The documentation was thorough, with screenshots and examples of what to do next.

Wiz's reporting capabilities could be refined a bit. They are making headway on that, but more executive-style dashboards would be nice. They just implemented a community aspect where you can share documents and feedback. This was something users had been requesting for a while. They are listening to customer feedback and making changes. 

They could add more security functionality and visibility into EKS and Kubernetes in general. I believe that is on their roadmap. Wiz should just keep pace with the changes in the cloud and new features customers are requesting. 

I have used Wiz for two and a half years.

We've never had any issues or outages.

I rate Wiz a ten out of ten for scalability.

I rate Wiz support a ten out of ten. Their support is excellent. We can always reach our account representative when we have a problem or need to speak with technical staff to clarify things. It's easy to get help when needed.

Positive

Setting up Wiz was straightforward. We only had two engineers on our side working on the deployment. One was responsible for documentation, and the other handled the hands-on aspects. Realistically, you only needed one person to deploy it.

Wiz is deployed in a public cloud environment. We have seven or eight different accounts, and the rollout was seamless. There were no issues. We aren't multi-regional. It's currently one region, but we are looking at expanding. The solution currently gives us the coverage we need for those environments. Wiz requires no maintenance. It runs on its own. 

We deployed Wiz using API integration through a VAR service. It was a streamlined process from a VAR perspective. Both sides understood the problems, and we made adjustments to the size of the setup we needed to meet our demands. That was a good aspect of the VAR relationship.

The pricing is fair and comparable to their competitors. The cost seems to be going up, which is a concern. There are potential savings from consolidating tools, but we're uncertain how Wiz's pricing will change over time. 

It might follow a trajectory similar to Splunk. Early adopters got an excellent deal, but it became pricey when they became the market leader. Many CISOs are concerned about the longevity of Wiz's pricing model. It's becoming a go-to product that lots of folks are shifting toward. 

I can't talk about the other tools, but we looked at the best in the industry, and Wiz outshined all of them.

I rate Wiz a ten out of ten. Take a look at competitors and make your opinion. At the same time, most people choose Wiz because of its ease of use, support, and return on investment. Those are the main reasons we selected and stayed with them.

Our adoption has primarily been centered around understanding vulnerabilities in the environment and the configuration landscape in terms of creating hardening rules, policies, and other components like that. We're also able to see what the true risk landscape looks like by vulnerability tracking.

It simplified our ability to respond to new issues that are happening in the environment. Previously, in a scenario where a vulnerability could be a problem, or where there was a high-profile vulnerability and we needed to look at the overall impact, it was normally spread across multiple teams doing the analysis for that. We had to coordinate with all of the teams that manage their own infrastructure. Now, my team is able to provide that analysis upfront without having to take cycles away from development and other discovery components. We're able to have that single view into the entire organization.

It scans every layer of our cloud environment without agents. One of the primary reasons we looked at the platform was its agentless integration. When we look at the deployment models and have to go through an agent-based model, we have to write the components, and there's still that touchpoint on all of the cloud assets. We have to stand up infrastructure, and there's a lot of deployment overhead, whereas agentless implementations are very quick. Because it's doing the site scanning, after we have it integrated into the organization, within 24 hours of the new account being integrated, we have analytics on it.

It helped to reduce blind spots in our risk detection capabilities. It has added a lot of visibility into areas that we otherwise have been lacking. One of the aspects that are cool about it's that it looks at things in terms of inheritance, which I call "shadows." There might be a permission set or a network path that might be inheriting something that you wouldn't know by looking at it from a model, but they show that in their platform. It has simplified the areas around analyzing our permissions and analyzing the exposure points on systems. We're not having to comb through every security group and every security policy to see what exposure points are. We can see that it's inheriting something that we didn't realize in one of the other security groups or other permission sets.

It has simplified the remediation components and how we're performing analysis on the security pieces. It hasn't reduced the number of people, but it has reduced cycles. We're now able to consolidate the cycles, which were necessary but were spread across all of the different areas of the organization, into my team to be able to perform a lot of the analytics and functions that were taking those cycles away. So, engineering is more able to focus on being engineering and not having security go, "Hey, can you look into and investigate this item for me?"

The vulnerability management modules and the discovery and inventory are the most valuable features. Before using Wiz, it was a very manual process for both. After implementing it, we're able to get all of the analytics into a single platform that gives us visibility across all the systems in our cloud. We're able to correspond and understand what the vulnerability landscape looks like a lot faster.

Wiz Security Graph is awesome because it tells us exactly what the exposure looks like and how to be able to get to it. So, we know what areas along the way we may need to look at for external exposures and other things that we may not have been aware of.

The only small pain point has been around some of the logging integrations. Some of the complexities of the script integrations aren't supported with some of the more automated infrastructure components. So, it's not as universal. For example, they have great support for cloud formation and other services, but if you're using another type of management utility or governance language for your infrastructure-as-code automation components, it becomes a little bit trickier to navigate that.

We implemented it in September.

From a stability standpoint, we've not seen any issues.

We have a cloud environment. One of the key components and a huge decision-maker in going with the platform was that we're able to scale into it. So, if we add cloud assets, it's very easy for the system to scale with us.

We haven't had any experience directly with them. Most of everything that we've been working through has been with the implementation team, and that has been great.

We didn't use any other solution in this company, but I have used Orca Security and Prisma Cloud in previous companies.

In terms of consolidation of tools, it didn't allow us to consolidate tools because we were in a net-new component, but it was one of the first tools that we started putting in within our security program for visibility just because of the necessity around that.

I oversaw the deployment. My team was the one that did most of the work. 

The initial setup was very straightforward. It was just working within our enterprise cloud account and then everything populated underneath that, and off we went.

After the deployment, we were seeing value in the first week. We were able to look at some of the analytics and other components and put some of that data together. It helped us to understand the inventory landscape and to be able to comb through that. I've written a lot of manual tools to do that. They go through and do the scanning of the environment and other things, but it ends up getting pretty gnarly and complex. To be able to plug a system in and then see all of my cloud assets and any issues that were associated with them right off the bat was huge.

We did not use an integrator, reseller, or consultant. We have just been working with the Wiz account team's implementation services.

For the phase one implementation, we had one engineer on security and probably one part-time engineer on the infrastructure side helping to troubleshoot. From my team, I had one FTE assigned to the project, and we were able to implement it.

The biggest return is the fact that a lot of the things that were decentralized while doing investigations and analysis can now be pulled into a single individual running some report queries to determine the impact and gauge that. We're now able to do that in real-time versus a multi-day turnaround across all of the different engineering groups.

The pricing is fair. Some of the more advanced features and functionalities and how the tiers are split can be somewhat confusing.

The biggest thing is understanding the hows of where your integration points are going to be.

To someone who is looking at buying Wiz but is concerned that they already have a bunch of products that give them a lot of alerts, I would say that from an alert perspective, we haven't had a whole lot of issues related to alert fatigue from the system. We were very calculated in the implementation in terms of the things that we're seeing just for that reason. One of the things is that there could be areas where there might be overlaps in alerting. So, you can look at potentially consolidating those systems down into this single platform. Depending upon how you're doing some of the logging, alerts, and change detections in the environments, you can consolidate things like your vulnerability scanning.

I would rate it an eight out of ten.

Per my company’s guidelines – I am not allowed to share any information about our environment or detailed use cases. What I am sharing is at a very high level.

Overall I can share that we are using Wiz for AWS cloud discovery, identification, and remediation of misconfigurations as well as vulnerabilities.

We are considering more use cases and scenarios (as well as expanding to more teams in the org) in time. For now, these are the primary use cases that we are currently using Wiz for.

The solution has made a difference in the organization via: 

Technical capability. It covers all our languages, frameworks, and assets on AWS with the ability to do side scanning, which reduces compute needs and agent deployment/maintenance.

Natural query language. The product supports out-of-the-box reporting with context about the asset and allows us to perform complex custom queries on UI.

Security data at all levels. Wiz supports Basic and Advanced modes, meaning Engineering and Business users can leverage the platform without being complicated or too dumbed down.

A fresh approach to Vulnerability Management. Legacy methods did not work effectively in the cloud, risk-based context-driven vulnerability identification drives real results.

The ‘Graph’ has uses beyond security. Leveraging centralized cloud asset information enables teams to query in one place their architecture for operational success.

The Security Graph is the power of Wiz. This, teamed with continually developed cloud configuration rules, makes Wiz a powerhouse of an application. We use this information to pull all levels of security-relevant data and also for use cases outside of security. Leveraging this technology saves us not only precious engineering time but also money developing and investing in other overlapping solutions.

We find Wiz's native integrations to be extremely useful and paramount to the operational success of the platform; from day one, we have worked on integrating Wiz into as many internal platforms as possible.

Wiz is fully aware of its areas of improvement. We are seeing huge platform releases over the next couple of quarters, which they promise and deliver on. Wiz is the first vendor I've worked with that has turnaround feature requests in less than a month. 

We would like to see improvements to executive-level reporting and data reporting in general, which we understand is being rolled out to the platform. Improvements around the IaC scanning dashboards and flexibility would be nice however, this does not detract from the current usability of the tool at all. 

I've used the solution for more than six months.

Technical support is excellent. It is some of the best post-sales support ever received. CSMs know the product and share the same level of passion for the solution.

Positive

By far, the easiest part of the solution is the setup. It took all of one hour to complete, and that's with a custom Terraform.

We handled the setup in-house

We evaluated six other solutions from larger and smaller vendors.

If possible, a company needs to do a demo and a PoC. That way, they will see the value right away.

We are evaluating security configuration and compliance. We also use it to scan for security vulnerabilities in our pipelines.

The security baseline and vulnerability assessments are a very valuable feature. 

We're looking at some of the data compliance stuff that they've got on offer. I know they're looking at container security, which we gonna be looking at next. 

I have been using Wiz for four months. 

The stability is a nine out of ten. 

Five users are using the solution. The scalability is a ten out of ten. 

The initial setup is straightforward. The deployment takes five hours. So scanning storage accounts, storage account compliance, public endpoint scanning, you know, all of the usual things that we would be looking at as part of deployment.

Overall, I rate the solution a ten out of ten.