I lead and manage our vulnerability management and threat intelligence program so relying on having quick visibility, coverage, comprehensiveness, and depth is an absolute benefit; Wiz agentless deployment and scaling give us that quick use CVE-based vulnerability scanning, detection, continuous monitoring, threat intelligence, and risk prioritization with little to no downtime or impact to availability. Lastly, the CSPM, threat-intelligence, and dashboard capability within Wiz gives leadership quick and efficient reporting on our overall risk in the cloud.
Sr. Manager AVP - Vuln Management and Threat Intelligence at a computer software company with 201-500 employees
Cloud security posture management, visibility, comprehensiveness, depth, and agentless connectivity without any impact to your environment is an absolute no brainer when it comes to reducing risk.
Pros and Cons
- "The solution is very user-friendly."
- "The remediation workflow within the Wiz could be improved."
What is our primary use case?
How has it helped my organization?
I believe the genius of Wiz is that, as we move towards a more zero-trust approach to cybersecurity, we can avoid using agents, which can be intrusive and difficult to manage. Furthermore, granting an agent full read rights access to our endpoint is not always the most secure, least privileged approach. I appreciate how Wiz can take a snapshot, scan it, and deliver results without affecting our workloads. Working with Wiz is great because it eliminates the need for staging and production environments. When we can't pick a snapshot-like reproduction environment right away, it does not have any impact.
We went from 1,000 to 10,000 employees after merging with a large company and purchasing another. Prior to this, it was like the Wild West. With Wiz, we were able to set up quickly and have visibility into our cloud workloads and environment. This has been incredibly helpful in reducing our attack surface and allowing us to prioritize risks. Wiz significantly lowered our risk and caused little to no disruption which is quite amazing.
It is extremely important for our organization to have visibility into our risk detection with a contextual view for prioritizing potential critical risks. When companies try to approach this single pane of glass from a risk perspective, it is essential to be able to share this information with stakeholders and non-technical people, such as the president, CFO, or other C-level personnel. I believe it is possible to share our cloud posture and risk overall within a five-minute presentation.
With the deep coverage and visibility that Wiz provides, we need more resources. It's clear that we have a lot of issues to address and we need to be careful and strategic in how we roll out solutions so that we don't overwhelm the business. Wiz has been helpful in determining our needs and getting us the resources and people we need.
Remediation is currently a manual process. Because the automation workflow within the tool is lacking, we have a remediation webinar to help. I still recommend and suggest that Wiz build it within the tool itself and not depend on manual processes. I have created an SOP to review and share findings, but it is a tedious process and can take up a lot of time. We are not yet in an optimized automated state and the tool and procedure are not there yet. However, Wiz does help and I have set up projects to help with organization and remediation workflow. The security personnel I work with have been pleased with the results, as I can provide a link to the issue and we can review it together. I usually have biweekly remediation calls and internal SLAs to track the ticket creation of the finding to when it is remediated. I find it useful to use that feature within the solution. Wiz allows us to go into the issue and assign a due date, which is very helpful. It would be great to have our own remediation board within Wiz, more like a dashboard.
What is most valuable?
There are many different features within Wiz that are valuable in their own right. I believe the best features are cloud security posture management, threat intelligence, and risk prioritization. This combination is my favorite aspect of Wiz. There are very few false positives. Wiz does an excellent job of leveraging their threat intelligence and distinguishing issues from findings to prioritize their risk. Having threat intelligence as part of our overall cloud posture management, cloud configurations, CVEs, and CWEs helps to prioritize our inherent and residual risk to the business. Wiz does not try to make actions overly complex, so even a non-technical person can take a webinar and understand the basics of how it works. The solution is very user-friendly.
I like the security graph feature, and being able to start with a dashboard. I am a fan of drilling into the dashboard, and I love how the solution handles different technologies. If we go to Wiz's inventory, they have their work, visibility, and coverage of technologies, as well as how they prioritize external exposures, cloud entitlements, containers, overall vulnerabilities, malware findings, and so on.
I really appreciate the visibility and the way the security graph lays out the risks. When we join the security graph, we can get very detailed and granular information. I like how I can drill into an issue, for example, if I want to look at a critical finding. I can look up fields in my query for all the hits and interact with the security graph and those expressions easily. It's a very digital footprint, root cause analysis type of interaction. I like that element of the security graph. We can get very specific, elaborate, and add to it. Whether we just want to look at the security graph level or drill into the issue specifically, it gives us a detailed footprint of the attack. It's pretty cool.
What needs improvement?
Wiz is trying to get into File Integrity Monitoring and it would be nice to set up what they call 'alert profiles' in their dashboard. For instance, if they had a threshold of a hundred images or files within a Docker container, image, or files within a particular workload that has been deleted within one minute, this could be an Indicator of a compromise of ransomware or something else. We typically don't think of this in the cloud, but the same rules apply as they would on-premise. It would be beneficial for Wiz to expand into this space and set up alert profiles for thresholds that indicate areas of compromise.
The remediation workflow within Wiz could be improved. For example, Rapid7 has done this well with InsightVM, which they call goals, SLAs, and projects in their remediation workflow. It would be beneficial to have a remediation tab that focuses on the visibility and coverage of findings, as well as an automated remediation workflow. This would save time, as it would not require creating tickets in Jira or going to another place. If these two can be done, it will be very helpful for the user, the person administering the tool, and the developers who need to fix the findings and issues.
Buyer's Guide
Wiz
October 2024
Learn what your peers think about Wiz. Get advice and tips from experienced pros sharing their opinions. Updated: October 2024.
814,763 professionals have used our research since 2012.
For how long have I used the solution?
I have been using Wiz for almost one year. Six months of that was proof of concept, and now in my current role, four to five months.
What do I think about the stability of the solution?
We have not encountered any issues with Wiz since I have been here, and it remained stable with no downtime or changes required. I give the stability a ten out of ten.
What do I think about the scalability of the solution?
I am a great admirer of scalability. Wiz scales very well. The only potential obstacle to perfect scalability is probably in the remediation workflow space. The product's availability is excellent. The scalability is almost there. However, by focusing on the remediation automation workflow, goals, SLAs, and projects, we can get Wiz to scale quite well. I give the scalability a nine out of ten.
How are customer service and support?
The technical support is good. The only improvement I would suggest is that Wiz should make their information more publicly accessible, rather than requiring users to have a console account in order to access the portal. This can be an extra step for SREs who do not need to use the tool but still need to access the documentation. It would be helpful to have public documentation that can be accessed by anyone associated with the domain.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
At my previous company, I used Aquasec and Prisma. When I joined my current organization, they were using Wiz.
How was the initial setup?
The initial setup could not be more straightforward.
We saw the value of Wiz right away. We had onboarded a company we had purchased within three weeks and set up Terraform, AWS, Kubernetes connectors, and BS connectors. We also created a staging environment and a production environment. I was working with SRE to manage posture and address CV-based vulnerabilities that we were seeing. Thankfully, Wiz had a great zero-trust approach and the solution was really good.
The deployment was completed by myself, an SRE engineer, and an SME from Wiz.
We have three different business units. Within those three business units, we have 341 containerized application endpoints. Our next step is to get these onboarded into Wiz, which will be a big project due to the number of applications and workloads. For Prism, the resources we have for both Azure and AWS for our core applications and Namely are all set and ready to go.
What about the implementation team?
The implementation was completed in-house.
What was our ROI?
Now, with any organization, security is a cost center. However, with the model I suggested, we turn our global cybersecurity team into a service model. This is one of the service offerings we have for our cloud environments. The return on investment is not just a cost to the business, but rather, we provide visibility and coverage of the risk and its potential impact. If this particular issue became a security incident, it would have an operational and financial impact. Ultimately, who is the cost center? By providing a cybersecurity service internally to our customers, we can show them the return on investment. This is not just a cost, but a way to improve our overall security posture. We often say in security, "It's not if, it's when a breach happens." Therefore, it is important to be proactive rather than reactive, which will bring a return on the investment.
What's my experience with pricing, setup cost, and licensing?
I wish the pricing was more transparent. We are in the discovery phase of onboarding other business units and looking at what our pricing looks like. Wiz is agentless and goes based on our projects and resources, so it is good in terms of pricing compared to others. There is room for improvement on our pricing models, so it would be nice if Wiz could share the price beforehand rather than onboarding and then having pricing based on utilization. Despite this, the pricing is fair given the capabilities and features that Wiz offers, as competitors are not doing this at the same level yet.
Which other solutions did I evaluate?
We evaluated Prisma Cloud by Palo Alto Networks and Aqua Cloud Security Posture Management. In an effort to achieve a single pane of glass, Wiz is the closest to doing that, which is a difficult task. Wiz does this through their security portfolio. Cisco also accomplished this with Cisco SecureX, a unified dashboard and single pane of glass.
Wiz has done a great job of being transparent about their roadmap and capabilities. They are not over-promising on delivery, which is important. In contrast, Aqua had a single pane of glass, but they moved on from one feature or module that wasn't perfected before moving on to something else, resulting in issues. Wiz does a good job of balancing the need to make money in the market and keep up with the times. Wiz is taking a slow and steady approach to winning the race. This is a major difference compared to other solutions. Additionally, Wiz's risk prioritization and user-friendly interface are impressive. From a design perspective, Wiz is trying to keep things as simple and organized as possible, which is very much appreciated by someone managing and running the tool for a vulnerability management program.
What other advice do I have?
I give Wiz a nine out of ten. If Wiz can figure out the remediation workflow, I would put the solution close to a ten out of ten.
Although we are not able to consolidate tools with Wiz yet, the solution is getting there. It is on Wiz's roadmap. We will deprecate our SaaS and SCA offerings once Wiz rolls that ability out by the end of the year.
Very rarely do people truly conduct a thorough proof of concept. Analysts from Gartner or Forrester may not fully understand individual environments, as each one is unique. To get a better understanding, we need to compare side-by-side, setting up Prisma, Aqua, and Wiz. It will become clear how Wiz is a leader in the space, both from a technical standpoint and from a high-level view. Additionally, other solutions often lack up-to-date documentation, whereas Wiz takes documentation seriously and has excellent documents and revisions. Furthermore, Wiz's portal is user-friendly and prioritizes risk, making it stand out from its competitors.
With any solution, we want to conduct a health check. We schedule health checks with Wiz every six months to ensure the solution is well maintained.
Which deployment model are you using for this solution?
Public Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Senior Security Architect at Deliveroo
Great vulnerability management with security data at all levels and excellent technical support
Pros and Cons
- "The product supports out-of-the-box reporting with context about the asset and allows us to perform complex custom queries on UI."
- "We would like to see improvements to executive-level reporting and data reporting in general, which we understand is being rolled out to the platform."
What is our primary use case?
Per my company’s guidelines – I am not allowed to share any information about our environment or detailed use cases. What I am sharing is at a very high level.
Overall I can share that we are using Wiz for AWS cloud discovery, identification, and remediation of misconfigurations as well as vulnerabilities.
We are considering more use cases and scenarios (as well as expanding to more teams in the org) in time. For now, these are the primary use cases that we are currently using Wiz for.
How has it helped my organization?
The solution has made a difference in the organization via:
Technical capability. It covers all our languages, frameworks, and assets on AWS with the ability to do side scanning, which reduces compute needs and agent deployment/maintenance.
Natural query language. The product supports out-of-the-box reporting with context about the asset and allows us to perform complex custom queries on UI.
Security data at all levels. Wiz supports Basic and Advanced modes, meaning Engineering and Business users can leverage the platform without being complicated or too dumbed down.
A fresh approach to Vulnerability Management. Legacy methods did not work effectively in the cloud, risk-based context-driven vulnerability identification drives real results.
The ‘Graph’ has uses beyond security. Leveraging centralized cloud asset information enables teams to query in one place their architecture for operational success.
What is most valuable?
The Security Graph is the power of Wiz. This, teamed with continually developed cloud configuration rules, makes Wiz a powerhouse of an application. We use this information to pull all levels of security-relevant data and also for use cases outside of security. Leveraging this technology saves us not only precious engineering time but also money developing and investing in other overlapping solutions.
We find Wiz's native integrations to be extremely useful and paramount to the operational success of the platform; from day one, we have worked on integrating Wiz into as many internal platforms as possible.
What needs improvement?
Wiz is fully aware of its areas of improvement. We are seeing huge platform releases over the next couple of quarters, which they promise and deliver on. Wiz is the first vendor I've worked with that has turnaround feature requests in less than a month.
We would like to see improvements to executive-level reporting and data reporting in general, which we understand is being rolled out to the platform. Improvements around the IaC scanning dashboards and flexibility would be nice however, this does not detract from the current usability of the tool at all.
For how long have I used the solution?
I've used the solution for more than six months.
How are customer service and support?
Technical support is excellent. It is some of the best post-sales support ever received. CSMs know the product and share the same level of passion for the solution.
How would you rate customer service and support?
Positive
How was the initial setup?
By far, the easiest part of the solution is the setup. It took all of one hour to complete, and that's with a custom Terraform.
What about the implementation team?
We handled the setup in-house
Which other solutions did I evaluate?
We evaluated six other solutions from larger and smaller vendors.
What other advice do I have?
If possible, a company needs to do a demo and a PoC. That way, they will see the value right away.
Which deployment model are you using for this solution?
Public Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Amazon Web Services (AWS)
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
Wiz
October 2024
Learn what your peers think about Wiz. Get advice and tips from experienced pros sharing their opinions. Updated: October 2024.
814,763 professionals have used our research since 2012.
Director Information Security at a computer software company with 501-1,000 employees
Provides complete visibility, scans every layer of our cloud environment without agents, and has agentless implementation
Pros and Cons
- "The vulnerability management modules and the discovery and inventory are the most valuable features. Before using Wiz, it was a very manual process for both. After implementing it, we're able to get all of the analytics into a single platform that gives us visibility across all the systems in our cloud. We're able to correspond and understand what the vulnerability landscape looks like a lot faster."
- "The only small pain point has been around some of the logging integrations. Some of the complexities of the script integrations aren't supported with some of the more automated infrastructure components. So, it's not as universal. For example, they have great support for cloud formation and other services, but if you're using another type of management utility or governance language for your infrastructure-as-code automation components, it becomes a little bit trickier to navigate that."
What is our primary use case?
Our adoption has primarily been centered around understanding vulnerabilities in the environment and the configuration landscape in terms of creating hardening rules, policies, and other components like that. We're also able to see what the true risk landscape looks like by vulnerability tracking.
How has it helped my organization?
It simplified our ability to respond to new issues that are happening in the environment. Previously, in a scenario where a vulnerability could be a problem, or where there was a high-profile vulnerability and we needed to look at the overall impact, it was normally spread across multiple teams doing the analysis for that. We had to coordinate with all of the teams that manage their own infrastructure. Now, my team is able to provide that analysis upfront without having to take cycles away from development and other discovery components. We're able to have that single view into the entire organization.
It scans every layer of our cloud environment without agents. One of the primary reasons we looked at the platform was its agentless integration. When we look at the deployment models and have to go through an agent-based model, we have to write the components, and there's still that touchpoint on all of the cloud assets. We have to stand up infrastructure, and there's a lot of deployment overhead, whereas agentless implementations are very quick. Because it's doing the site scanning, after we have it integrated into the organization, within 24 hours of the new account being integrated, we have analytics on it.
It helped to reduce blind spots in our risk detection capabilities. It has added a lot of visibility into areas that we otherwise have been lacking. One of the aspects that are cool about it's that it looks at things in terms of inheritance, which I call "shadows." There might be a permission set or a network path that might be inheriting something that you wouldn't know by looking at it from a model, but they show that in their platform. It has simplified the areas around analyzing our permissions and analyzing the exposure points on systems. We're not having to comb through every security group and every security policy to see what exposure points are. We can see that it's inheriting something that we didn't realize in one of the other security groups or other permission sets.
It has simplified the remediation components and how we're performing analysis on the security pieces. It hasn't reduced the number of people, but it has reduced cycles. We're now able to consolidate the cycles, which were necessary but were spread across all of the different areas of the organization, into my team to be able to perform a lot of the analytics and functions that were taking those cycles away. So, engineering is more able to focus on being engineering and not having security go, "Hey, can you look into and investigate this item for me?"
What is most valuable?
The vulnerability management modules and the discovery and inventory are the most valuable features. Before using Wiz, it was a very manual process for both. After implementing it, we're able to get all of the analytics into a single platform that gives us visibility across all the systems in our cloud. We're able to correspond and understand what the vulnerability landscape looks like a lot faster.
Wiz Security Graph is awesome because it tells us exactly what the exposure looks like and how to be able to get to it. So, we know what areas along the way we may need to look at for external exposures and other things that we may not have been aware of.
What needs improvement?
The only small pain point has been around some of the logging integrations. Some of the complexities of the script integrations aren't supported with some of the more automated infrastructure components. So, it's not as universal. For example, they have great support for cloud formation and other services, but if you're using another type of management utility or governance language for your infrastructure-as-code automation components, it becomes a little bit trickier to navigate that.
For how long have I used the solution?
We implemented it in September.
What do I think about the stability of the solution?
From a stability standpoint, we've not seen any issues.
What do I think about the scalability of the solution?
We have a cloud environment. One of the key components and a huge decision-maker in going with the platform was that we're able to scale into it. So, if we add cloud assets, it's very easy for the system to scale with us.
How are customer service and support?
We haven't had any experience directly with them. Most of everything that we've been working through has been with the implementation team, and that has been great.
Which solution did I use previously and why did I switch?
We didn't use any other solution in this company, but I have used Orca Security and Prisma Cloud in previous companies.
In terms of consolidation of tools, it didn't allow us to consolidate tools because we were in a net-new component, but it was one of the first tools that we started putting in within our security program for visibility just because of the necessity around that.
How was the initial setup?
I oversaw the deployment. My team was the one that did most of the work.
The initial setup was very straightforward. It was just working within our enterprise cloud account and then everything populated underneath that, and off we went.
After the deployment, we were seeing value in the first week. We were able to look at some of the analytics and other components and put some of that data together. It helped us to understand the inventory landscape and to be able to comb through that. I've written a lot of manual tools to do that. They go through and do the scanning of the environment and other things, but it ends up getting pretty gnarly and complex. To be able to plug a system in and then see all of my cloud assets and any issues that were associated with them right off the bat was huge.
What about the implementation team?
We did not use an integrator, reseller, or consultant. We have just been working with the Wiz account team's implementation services.
For the phase one implementation, we had one engineer on security and probably one part-time engineer on the infrastructure side helping to troubleshoot. From my team, I had one FTE assigned to the project, and we were able to implement it.
What was our ROI?
The biggest return is the fact that a lot of the things that were decentralized while doing investigations and analysis can now be pulled into a single individual running some report queries to determine the impact and gauge that. We're now able to do that in real-time versus a multi-day turnaround across all of the different engineering groups.
What's my experience with pricing, setup cost, and licensing?
The pricing is fair. Some of the more advanced features and functionalities and how the tiers are split can be somewhat confusing.
What other advice do I have?
The biggest thing is understanding the hows of where your integration points are going to be.
To someone who is looking at buying Wiz but is concerned that they already have a bunch of products that give them a lot of alerts, I would say that from an alert perspective, we haven't had a whole lot of issues related to alert fatigue from the system. We were very calculated in the implementation in terms of the things that we're seeing just for that reason. One of the things is that there could be areas where there might be overlaps in alerting. So, you can look at potentially consolidating those systems down into this single platform. Depending upon how you're doing some of the logging, alerts, and change detections in the environments, you can consolidate things like your vulnerability scanning.
I would rate it an eight out of ten.
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Business Line Manager at S2E
Useful for security assessment and maintaining correct security posture
Pros and Cons
- "The tool's most valuable feature is its attack path analysis."
- "Not having an on-prem version can be an obstacle for customers who have a large workload in an on-prem environment."
What is our primary use case?
I use the solution for test and demo environments, and then we deploy the platform's last version for our customers. We use the advanced license type, so we have all the features in the platform.
The tool is used for security assessment and maintaining our customers' correct security posture. We have different types of customers, so there are different types of use cases. But in general, the main need is for the maintenance of cloud security posture.
What is most valuable?
The tool's most valuable feature is its attack path analysis. The feature of the tool for inspecting running containers and the new feature of intelligent artificial intelligence security posture is good. With the attack path analysis, I can see the perfect path of a possible attack, I can see the exposure of different types of resources, and I can stop the attack with the remediation or suggestion of the platform. Regarding the container runtime security, I can see how the container runs and what type of action the container takes during execution. I can take some action to modify the running of the container. For the artificial intelligence security posture, I can see the misconfiguration problem with the security permission that customers give to the platform, like Bedrock or OpenAI, and so on. We can help the customer resolve this problem of data security exposure and so on. All such features are effective in identifying vulnerabilities. The platform allows users to collect information without the need for an install agent. So it's totally agentless, and it is a great feature. I don't need to install an agent, so onboarding the platform is very easy and very speedy.
What needs improvement?
The tool keeps improving on a weekly basis. Wiz enters into a lot of partnerships with other technologies. I don't have any idea about the improvements needed in the tool at the moment.
For me, Wiz is a very complete product, but it is not the perfect one. Other technologies are better for our customers' specific use cases. A possible way to grow the tool is by introducing new functionality or features.
In the future, the tool can introduce an on-prem infrastructure or platform. Not having an on-prem version can be an obstacle for customers who have a large workload in an on-prem environment.
The onboarding can be done in five minutes or five to ten minutes. Then, there is the configuration, and it depends on the type of the use case of the customer. There is a customer that has simple use cases for whom the onboarding can be done in four to eight hours a day. If there are some customers with a lot of use cases and a lot of different cloud providers, more time is needed. In general, we don't need more than five days to deploy the tool, even in the case of a very complex architecture and hybrid cloud environment.
To deploy the tool, we need to have access to the account of the customer, and Wiz is a stuff that we need to make with the customer. We do the onboarding together. The customer creates the correct authorization in the cloud platform and gives us the key to connect to the platform, and then the platform connector starts and begins to collect information.
For how long have I used the solution?
I have been using Wiz since 2023. My company is a service integrator and a partner of Wiz. I use the solution's latest version.
What do I think about the stability of the solution?
It is a stable solution. Stability-wise, I rate the solution an eight to nine out of ten.
What do I think about the scalability of the solution?
Scalability-wise, I rate the solution a ten out of ten.
I don't know the exact number of users because every customer can create a user autonomously on the platform. So, I don't have availability at the moment for the total number of users. We have five customers at the moment, and we have done a lot of PoC during the last two years. I suppose that we will have around 22 different customers. If you need a number, a minimum of 60 users use the tool.
My customers are medium and large enterprises.
How are customer service and support?
The solution's technical support was excellent. We have had excellent communication and availability for any of our needs or questions. They answer quickly, and we have had a great experience with the technical support. I rate the technical support a nine out of ten.
How would you rate customer service and support?
Positive
How was the initial setup?
If one is difficult and ten is easy to set up, I rate the product's initial setup phase a nine out of ten.
The solution is deployed on the cloud. In the future, the tool can introduce an on-prem infrastructure or on-prem platform, but at the moment, it is only cloud.
What's my experience with pricing, setup cost, and licensing?
If one is cheap and ten is expensive, I rate the tool's price as a five out of ten. The pricing depends on the customer and the dimension of the environment, whether the customer is strategic or not. I suppose that it is available at a middle price. In some cases, it has a very aggressive price, so very cheap, in order it's expensive. In particular, if the workload is poor, they can't make grid cells, so the price is high, and it is not in terms of real value but in terms of the budget of the customer.
What other advice do I have?
The tool can be used for all customers who don't have a security structure or security team inside because the platform is very easy to use. It is a very useful tool for developer teams that can use the platform without having security knowledge, and the platform helps the developer of code applications. The tool adapts to a use case in which there is a SOC team because of the rich data that the SOC can correlate and manage.
I recommend the tool to companies that use cloud products. Wiz can be integrated with other customer platforms because it enriches information and makes inaction very valuable in terms of security.
I rate the tool as an eight out of ten.
Disclosure: My company has a business relationship with this vendor other than being a customer: partner
Last updated: Sep 16, 2024
Flag as inappropriateInfoSec Engineer at Cotiviti
It's easy to do queries to find out how many servers we have and the applications installed on each
Pros and Cons
- "I like Wiz's reporting, and it's easy to do queries. For example, it's pretty simple to find out how many servers we have and the applications installed on each. I like Wiz's security graph because you can use it to see the whole organization even if you have multiple accounts."
- "Given the level of visibility into all the cloud environments Wiz provides, it would be nice if they could integrate some kind of mechanism to better manage tenants on multiple platforms. For example, let's say that some servers don't have an application they need, such as an antivirus. Wiz could include an API or something to push those applications out to the servers. It would be great if you could remedy these issues directly from the Wiz platform."
What is our primary use case?
I have worked in security for a while, but I'm new to the cloud security world, and Wiz helps me understand how to secure cloud environments like AWS and Azure on the backend. We have about 50 Wiz users, including four admins and the SOC team. About 10 members of the CloudOps team have access.
How has it helped my organization?
Wiz's biggest benefit is visibility. My organization acquired a few other companies, and we didn't know what we had. With Wiz, we only needed to create a service account and add new accounts to gain visibility into how they are configured, what security holes they have, and how to fix their vulnerabilities.
Visibility into critical risks is essential to our security team's job. You need to know what's out there to protect the environment. Wiz helps us reduce blind spots in our remediation, and we're constantly working on that. Our cloud security team is relatively small, so we're still seeing several servers with vulnerabilities.
We're still refining our remediation process. Now, when we see a vulnerability, we open a ticket with CloudOps to remedy it. However, the company recently made some acquisitions, and the other organizations we bought have their own processes.
We've been able to consolidate a few tools. For example, we had another product that we were using to pull reports from AMIs, but we recently started doing that in Wiz, so we don't need it anymore. It's easier to use one tool with a single pane of glass instead of logging into multiple tools to get some information, you can do it from the Wiz platform.
What is most valuable?
I like Wiz's reporting, and it's easy to do queries. For example, it's pretty simple to find out how many servers we have and the applications installed on each. I like Wiz's Security Graph because you can use it to see the whole organization even if you have multiple accounts. We can sort it by a specific account or see them all in one place. I can't imagine logging in to each AWS account every time I need to see something with it. It's making things much easier.
What needs improvement?
Given the level of visibility into all the cloud environments Wiz provides, it would be nice if they could integrate some kind of mechanism to better manage tenants on multiple platforms. For example, let's say that some servers don't have an application they need, such as an antivirus. Wiz could include an API or something to push those applications out to the servers. It would be great if you could remedy these issues directly from the Wiz platform.
For how long have I used the solution?
I have used Wiz for about a year.
What do I think about the stability of the solution?
I'm impressed with the stability. We've only had downtime from maintenance and updates, and they notify us in advance, so we aren't impacted.
What do I think about the scalability of the solution?
We haven't needed to scale anything. It's a SaaS solution, so everything happens in the background. I haven't noticed any issues.
How are customer service and support?
I've never contacted tech support directly, but I meet with our account managers weekly, and they help me when I have issues. They open the case for me and provide a solution. At the next meeting, they follow up with me, and it's usually resolved pretty fast.
What was our ROI?
We realized value immediately after implementing Wiz.
What other advice do I have?
I rate Wiz nine out of 10. Before implementing Wiz, you should have all the information about your cloud environment in hand. It's straightforward once you get started. The challenge is getting connected to the environment. It will be difficult if you don't have the keys to the environment. Make sure you have a list of all your tenants for AWS, Azure, GCP, etc., so you don't miss anything.
You're always going to have a lot of alerts in this business, but Wiz has the flexibility to tailor your controls to your company's specific needs. That will reduce the amount of alerts.
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Data and AI Expert at iLink Digital
Easy to use and helps businesses save time
Pros and Cons
- "The tool is very powerful in nature."
- "As the tool is a good fit for small and medium-sized businesses, the solution should focus on making the product suitable for large-scale businesses."
What is our primary use case?
My organization operates as a service provider for some small companies, so we started working with Wiz. I am not fully confident in discussing how work is going on with Wiz. I am having a training session on how to use the tool.
What needs improvement?
There are no major complaints associated with the tool.
As the tool is a good fit for small and medium-sized businesses, the solution should focus on making the product suitable for large-scale businesses.
For how long have I used the solution?
I have been using Wiz for six to seven months.
What do I think about the stability of the solution?
It is a stable solution.
What do I think about the scalability of the solution?
I provide the solution for small companies. The tool suits small and medium-sized businesses.
My company did not get to use the product for an enterprise-sized business, but we may try it for large companies if we get an opportunity.
How are customer service and support?
I have not contacted technical support for the solution.
Which solution did I use previously and why did I switch?
I have not worked with any other tools.
How was the initial setup?
One of our company's team members already completed the product's initial setup phase. I just started exploring the tool after that.
What was our ROI?
The tool helps our company save time.
Which other solutions did I evaluate?
Over the other tools in the market, my company started to use Wiz after our clients started to use it based on our recommendation. One of our team managers proposed Wiz, and then we started working on it.
What other advice do I have?
My company has not integrated the product with any other tools. We have just started exploring the product, which we mainly use for Azure-based tools and for detecting vulnerabilities. Actually, one of my other teams in my company has good experience with the tool. I am in the first stage of exploring Wiz.
The tool is very powerful in nature.
It is easy to use the tool.
I recommend the tool to others since it is a user-friendly product.
I have started using the product for any AI-based projects. I am trying to switch over from exchange to security platforms.
I will recommend the tool to other people. It is good to use. I can recommend the tool to anyone.
I have not yet started using the AI features in the tool.
I rate the tool an eight out of ten.
Disclosure: My company has a business relationship with this vendor other than being a customer: partner
Last updated: Aug 19, 2024
Flag as inappropriateCISO at a retailer with 11-50 employees
Helps us consolidate and manage information and risks, dividing them between VPCs and business units
Pros and Cons
- "The most valuable feature of Wiz is that it keeps information up to date without needing to perform scans or schedule maintenance windows. It provides a fresh snapshot of our vulnerability metrics."
- "The reporting should be improved because until a few months ago, the reports were only in CSV format, which made it difficult to clean up. Wiz tried to improve the reporting process, but it's not as valuable as Tenable."
What is our primary use case?
We use Wiz in our cloud security management by connecting it to our main cloud environment and other multi-cloud solutions. It helps us consolidate and manage information and risks, dividing them between VPCs and business units. Wiz keeps all information up-to-date and helps us identify any toxic connections within our cloud implementations.
What is most valuable?
The most valuable feature of Wiz is that it keeps information up to date without needing to perform scans or schedule maintenance windows. It provides a fresh snapshot of our vulnerability metrics. It also helps us make decisions on improvements, maintenance, or updates for our systems. Regarding compliance and governance, Wiz streamlines our vulnerability management to meet specific needs effectively.
What needs improvement?
The reporting should be improved because until a few months ago, the reports were only in CSV format, which made it difficult to clean up. Wiz tried to improve the reporting process, but it's not as valuable as Tenable.
For how long have I used the solution?
I have experience of using Wiz for more than a year.
What do I think about the scalability of the solution?
Wiz was quite scalable and easy to manage initially. However, as the solution became more costly with our growth, it posed some challenges. We had to work on managing costs and scaling according to our needs, which required some effort, but we were able to find a balance in terms of pricing and performance.
How are customer service and support?
It is difficult to get in touch with them initially. We had to get in touch every for our queries related to AWS and GCP marketplaces. However, once you need to discuss numbers, they are very responsive.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
I have worked with Tenable and Qualys. Wiz stands out in deployment ease and resource consumption compared to Qualys or Tenable. Its simplified processes and snapshot features make it a preferred choice.
How was the initial setup?
The initial setup was easy. We need to key details, therefore setting up Wiz very easily. It’s easier than Tenable, which requires deploying infrastructure and handling the associated costs. Deploying Wiz took about one month due to our multi-cloud services, but the main cloud service took less than a week.
Wiz requires no maintenance since it is a SaaS, but if we need to deploy a new service or have any issues, the technical support is really helpful without additional costs. Once integrated, it is very easy to maintain.
What about the implementation team?
We took help from an external account manager and a technical account manager from Wiz. Our team consisted of three people: a DevOps engineer, a TechOps engineer, and the person responsible for the implementation.
What was our ROI?
Using Wiz has significantly reduced our costs compared to having three separate solutions. We estimate a cost reduction of around 35% to 50%, or even more, due to consolidating our security management into one platform. This operational impact has been one of the most significant benefits we've experienced with Wiz.
What's my experience with pricing, setup cost, and licensing?
Regarding pricing, it’s more than $100k because we have a very big infrastructure. Our environment supports around three thousand people, and we offer business-to-client financial services to around one million clients, so we rely heavily on Wiz.
What other advice do I have?
I'd recommend Wiz, especially if reporting improvements are made. I rate Wiz an episode ght out of ten primarily due to reporting challenges.
Disclosure: My company has a business relationship with this vendor other than being a customer:
Last updated: Jun 24, 2024
Flag as inappropriateCloud Security Lead at a computer software company with 5,001-10,000 employees
Produces highly confidential alerts leading to minimal false positives
Pros and Cons
- "The product's most valuable feature combines different contexts and attributes to produce highly confident alerts."
- "They could improve the product's visibility in the internal network topology."
What is our primary use case?
Our primary use case for this solution is within our security team for monitoring purposes. We have integrated the solution with our cloud environments to establish notifications for security misconfigurations. These notifications create tickets for relevant teams to address the issues, and our security team ensures the tool works properly, assisting product teams with remediation and consulting on resolving the generated tickets.
What is most valuable?
The product's most valuable feature combines different contexts and attributes to produce highly confident alerts. It can detect issues based on factors like public exposure, network vulnerabilities, and privilege assignments, leading to minimal false positives and a low volume of alerts, which is highly valuable for our operations.
What needs improvement?
They could improve the product's visibility in the internal network topology. It focuses mainly on external risks, and additional visibility into internal network communication and cross-cloud or cloud-to-on-prem connectivity would be beneficial.
For how long have I used the solution?
We have been using Wiz for almost three years.
What do I think about the stability of the solution?
The solution is generally stable. I would rate its stability as eight or nine out of ten.
What do I think about the scalability of the solution?
The solution is highly scalable.
How are customer service and support?
Our experience with customer service and support has been positive. While initial replies are fast, the resolution time can vary depending on the issue.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
We previously used a different solution from Check Point. We decided to switch due to the additional features, capabilities, and support offered by Wiz.
How was the initial setup?
The initial setup was straightforward and can be completed in a few hours with the necessary permissions.
I rate the process an eight.
What's my experience with pricing, setup cost, and licensing?
Based on the features and capabilities, the product pricing seems reasonable.
What other advice do I have?
I rate Wiz a nine out of ten.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Last updated: Jul 11, 2024
Flag as inappropriateBuyer's Guide
Download our free Wiz Report and get advice and tips from experienced pros
sharing their opinions.
Updated: October 2024
Product Categories
Cloud-Native Application Protection Platforms (CNAPP) Vulnerability Management Container Security Cloud Workload Protection Platforms (CWPP) Cloud Security Posture Management (CSPM) Data Security Posture Management (DSPM) Compliance ManagementPopular Comparisons
Cloudflare
Datadog
Veracode
Prisma Cloud by Palo Alto Networks
Microsoft Defender for Cloud
Darktrace
Snyk
Qualys VMDR
Tenable Nessus
Zscaler Zero Trust Exchange Platform
Tenable Security Center
Tanium
SentinelOne Singularity Cloud Security
Rapid7 InsightVM
Tenable Vulnerability Management
Buyer's Guide
Download our free Wiz Report and get advice and tips from experienced pros
sharing their opinions.
Quick Links
Learn More: Questions:
- How would you compare Wiz vs Lacework?
- AWS Cloud Security Posture tool - has anyone used either Wiz or Ermetic cloud security products and can compare them to AWS Security Hub?
- Which tool is best for CNAPP: Wiz or Orca?
- How to minimize false positives for PII and PCI around different data systems across the globe?
- When evaluating Cloud-Native Application Protection Platforms (CNAPP), what aspect do you think is the most important to look for?
- Why is a CNAPP (Cloud-Native Application Protection Platform) important?
- What CNAPP solution do you recommend for a hybrid cloud?
- Why are Cloud-Native Application Protection Platforms (CNAPP) tools important for companies?
- When evaluating Cloud-Native Application Protection Platforms (CNAPP) solutions, what aspect do you think is the most important to look for?
- Why is Cloud-Native Application Protection Platforms (CNAPP) important for companies?