Wiz Reviews

My organization operates as a service provider for some small companies, so we started working with Wiz. I am not fully confident in discussing how work is going on with Wiz. I am having a training session on how to use the tool.

There are no major complaints associated with the tool.

As the tool is a good fit for small and medium-sized businesses, the solution should focus on making the product suitable for large-scale businesses.

I have been using Wiz for six to seven months.

It is a stable solution.

I provide the solution for small companies. The tool suits small and medium-sized businesses.

My company did not get to use the product for an enterprise-sized business, but we may try it for large companies if we get an opportunity.

I have not contacted technical support for the solution.

I have not worked with any other tools.

One of our company's team members already completed the product's initial setup phase. I just started exploring the tool after that.

The tool helps our company save time.

Over the other tools in the market, my company started to use Wiz after our clients started to use it based on our recommendation. One of our team managers proposed Wiz, and then we started working on it.

My company has not integrated the product with any other tools. We have just started exploring the product, which we mainly use for Azure-based tools and for detecting vulnerabilities. Actually, one of my other teams in my company has good experience with the tool. I am in the first stage of exploring Wiz.

The tool is very powerful in nature.

It is easy to use the tool.

I recommend the tool to others since it is a user-friendly product.

I have started using the product for any AI-based projects. I am trying to switch over from exchange to security platforms.

I will recommend the tool to other people. It is good to use. I can recommend the tool to anyone.

I have not yet started using the AI features in the tool.

I rate the tool an eight out of ten.

Our adoption has primarily been centered around understanding vulnerabilities in the environment and the configuration landscape in terms of creating hardening rules, policies, and other components like that. We're also able to see what the true risk landscape looks like by vulnerability tracking.

It simplified our ability to respond to new issues that are happening in the environment. Previously, in a scenario where a vulnerability could be a problem, or where there was a high-profile vulnerability and we needed to look at the overall impact, it was normally spread across multiple teams doing the analysis for that. We had to coordinate with all of the teams that manage their own infrastructure. Now, my team is able to provide that analysis upfront without having to take cycles away from development and other discovery components. We're able to have that single view into the entire organization.

It scans every layer of our cloud environment without agents. One of the primary reasons we looked at the platform was its agentless integration. When we look at the deployment models and have to go through an agent-based model, we have to write the components, and there's still that touchpoint on all of the cloud assets. We have to stand up infrastructure, and there's a lot of deployment overhead, whereas agentless implementations are very quick. Because it's doing the site scanning, after we have it integrated into the organization, within 24 hours of the new account being integrated, we have analytics on it.

It helped to reduce blind spots in our risk detection capabilities. It has added a lot of visibility into areas that we otherwise have been lacking. One of the aspects that are cool about it's that it looks at things in terms of inheritance, which I call "shadows." There might be a permission set or a network path that might be inheriting something that you wouldn't know by looking at it from a model, but they show that in their platform. It has simplified the areas around analyzing our permissions and analyzing the exposure points on systems. We're not having to comb through every security group and every security policy to see what exposure points are. We can see that it's inheriting something that we didn't realize in one of the other security groups or other permission sets.

It has simplified the remediation components and how we're performing analysis on the security pieces. It hasn't reduced the number of people, but it has reduced cycles. We're now able to consolidate the cycles, which were necessary but were spread across all of the different areas of the organization, into my team to be able to perform a lot of the analytics and functions that were taking those cycles away. So, engineering is more able to focus on being engineering and not having security go, "Hey, can you look into and investigate this item for me?"

The vulnerability management modules and the discovery and inventory are the most valuable features. Before using Wiz, it was a very manual process for both. After implementing it, we're able to get all of the analytics into a single platform that gives us visibility across all the systems in our cloud. We're able to correspond and understand what the vulnerability landscape looks like a lot faster.

Wiz Security Graph is awesome because it tells us exactly what the exposure looks like and how to be able to get to it. So, we know what areas along the way we may need to look at for external exposures and other things that we may not have been aware of.

The only small pain point has been around some of the logging integrations. Some of the complexities of the script integrations aren't supported with some of the more automated infrastructure components. So, it's not as universal. For example, they have great support for cloud formation and other services, but if you're using another type of management utility or governance language for your infrastructure-as-code automation components, it becomes a little bit trickier to navigate that.

We implemented it in September.

From a stability standpoint, we've not seen any issues.

We have a cloud environment. One of the key components and a huge decision-maker in going with the platform was that we're able to scale into it. So, if we add cloud assets, it's very easy for the system to scale with us.

We haven't had any experience directly with them. Most of everything that we've been working through has been with the implementation team, and that has been great.

We didn't use any other solution in this company, but I have used Orca Security and Prisma Cloud in previous companies.

In terms of consolidation of tools, it didn't allow us to consolidate tools because we were in a net-new component, but it was one of the first tools that we started putting in within our security program for visibility just because of the necessity around that.

I oversaw the deployment. My team was the one that did most of the work. 

The initial setup was very straightforward. It was just working within our enterprise cloud account and then everything populated underneath that, and off we went.

After the deployment, we were seeing value in the first week. We were able to look at some of the analytics and other components and put some of that data together. It helped us to understand the inventory landscape and to be able to comb through that. I've written a lot of manual tools to do that. They go through and do the scanning of the environment and other things, but it ends up getting pretty gnarly and complex. To be able to plug a system in and then see all of my cloud assets and any issues that were associated with them right off the bat was huge.

We did not use an integrator, reseller, or consultant. We have just been working with the Wiz account team's implementation services.

For the phase one implementation, we had one engineer on security and probably one part-time engineer on the infrastructure side helping to troubleshoot. From my team, I had one FTE assigned to the project, and we were able to implement it.

The biggest return is the fact that a lot of the things that were decentralized while doing investigations and analysis can now be pulled into a single individual running some report queries to determine the impact and gauge that. We're now able to do that in real-time versus a multi-day turnaround across all of the different engineering groups.

The pricing is fair. Some of the more advanced features and functionalities and how the tiers are split can be somewhat confusing.

The biggest thing is understanding the hows of where your integration points are going to be.

To someone who is looking at buying Wiz but is concerned that they already have a bunch of products that give them a lot of alerts, I would say that from an alert perspective, we haven't had a whole lot of issues related to alert fatigue from the system. We were very calculated in the implementation in terms of the things that we're seeing just for that reason. One of the things is that there could be areas where there might be overlaps in alerting. So, you can look at potentially consolidating those systems down into this single platform. Depending upon how you're doing some of the logging, alerts, and change detections in the environments, you can consolidate things like your vulnerability scanning.

I would rate it an eight out of ten.

We are evaluating security configuration and compliance. We also use it to scan for security vulnerabilities in our pipelines.

The security baseline and vulnerability assessments are a very valuable feature. 

We're looking at some of the data compliance stuff that they've got on offer. I know they're looking at container security, which we gonna be looking at next. 

I have been using Wiz for four months. 

The stability is a nine out of ten. 

Five users are using the solution. The scalability is a ten out of ten. 

The initial setup is straightforward. The deployment takes five hours. So scanning storage accounts, storage account compliance, public endpoint scanning, you know, all of the usual things that we would be looking at as part of deployment.

Overall, I rate the solution a ten out of ten.