Our primary use case for this solution is within our security team for monitoring purposes. We have integrated the solution with our cloud environments to establish notifications for security misconfigurations. These notifications create tickets for relevant teams to address the issues, and our security team ensures the tool works properly, assisting product teams with remediation and consulting on resolving the generated tickets.
Cloud Security Lead at a computer software company with 5,001-10,000 employees
Produces highly confidential alerts leading to minimal false positives
Pros and Cons
- "The product's most valuable feature combines different contexts and attributes to produce highly confident alerts."
- "They could improve the product's visibility in the internal network topology."
What is our primary use case?
What is most valuable?
The product's most valuable feature combines different contexts and attributes to produce highly confident alerts. It can detect issues based on factors like public exposure, network vulnerabilities, and privilege assignments, leading to minimal false positives and a low volume of alerts, which is highly valuable for our operations.
What needs improvement?
They could improve the product's visibility in the internal network topology. It focuses mainly on external risks, and additional visibility into internal network communication and cross-cloud or cloud-to-on-prem connectivity would be beneficial.
For how long have I used the solution?
We have been using Wiz for almost three years.
Buyer's Guide
Wiz
October 2024
Learn what your peers think about Wiz. Get advice and tips from experienced pros sharing their opinions. Updated: October 2024.
824,053 professionals have used our research since 2012.
What do I think about the stability of the solution?
The solution is generally stable. I would rate its stability as eight or nine out of ten.
What do I think about the scalability of the solution?
The solution is highly scalable.
How are customer service and support?
Our experience with customer service and support has been positive. While initial replies are fast, the resolution time can vary depending on the issue.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
We previously used a different solution from Check Point. We decided to switch due to the additional features, capabilities, and support offered by Wiz.
How was the initial setup?
The initial setup was straightforward and can be completed in a few hours with the necessary permissions.
I rate the process an eight.
What's my experience with pricing, setup cost, and licensing?
Based on the features and capabilities, the product pricing seems reasonable.
What other advice do I have?
I rate Wiz a nine out of ten.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Last updated: Jul 11, 2024
Flag as inappropriateDirector at Cloud Dynamix
An unified cloud security platform for cloud security and development teams that includes prevention, active detection and response
Pros and Cons
- "The security baseline and vulnerability assessments is the valuable feature."
- "We're looking at some of the data compliance stuff that they've got Jon offer. I know they're looking at container security, which we gonna be looking at next."
What is our primary use case?
We are evaluating security configuration and compliance. We also use it to scan for security vulnerabilities in our pipelines.
What is most valuable?
The security baseline and vulnerability assessments are a very valuable feature.
What needs improvement?
We're looking at some of the data compliance stuff that they've got on offer. I know they're looking at container security, which we gonna be looking at next.
For how long have I used the solution?
I have been using Wiz for four months.
What do I think about the stability of the solution?
The stability is a nine out of ten.
What do I think about the scalability of the solution?
Five users are using the solution. The scalability is a ten out of ten.
How was the initial setup?
The initial setup is straightforward. The deployment takes five hours. So scanning storage accounts, storage account compliance, public endpoint scanning, you know, all of the usual things that we would be looking at as part of deployment.
What other advice do I have?
Overall, I rate the solution a ten out of ten.
Which deployment model are you using for this solution?
Public Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
Wiz
October 2024
Learn what your peers think about Wiz. Get advice and tips from experienced pros sharing their opinions. Updated: October 2024.
824,053 professionals have used our research since 2012.
Chief Information Security Officer (CISO) at a outsourcing company with 501-1,000 employees
It enabled us to consolidate tools into a single pane of glass, speeding up our mean time to respond
Pros and Cons
- "The CSPM module has been the most effective. It was easy to deploy and covered all our accounts through APIs, requiring no agents. Wiz provides instant visibility into high-level risks that we need to address."
- "Wiz's reporting capabilities could be refined a bit. They are making headway on that, but more executive-style dashboards would be nice. They just implemented a community aspect where you can share documents and feedback. This was something users had been requesting for a while. They are listening to customer feedback and making changes."
What is our primary use case?
We use Wiz for cloud security posture management and related services, such as visibility, inventory, risk management, patch management, and framework maturity.
How has it helped my organization?
We saw benefits from day one. Wiz gives us greater visibility into S3 buckets and sensitive data that may be exposed or compromised. For example, it might show us buckets that are public but should not be or immediate areas where patching should be applied.
Wiz enabled us to consolidate tools into a single pane of glass. That sped up our meantime to respond. The single pane of glass helps our security teams identify zero-day threats and vulnerabilities to tackle first. Wiz has been a game-changer for us.
It's one of our core security tools for preventing breaches in our organization. Since we're a 100 percent cloud environment, Wiz is critical to our security toolset.
Wiz helped to reduce blind spots in our risk detection capabilities. Their dashboard has pre-populated queries for zero-day threats that take the guesswork out of building a query. Everything's simple, understandable, and pre-populated for you to customize. It offers visibility into the vulnerability and what you must do to resolve it.
I could take care of threats immediately and confirm to the executives that zero-day threats are prevalent in the industry for other organizations. It handles the security operations, governance, and risk compliance aspects of the cloud in a single solution.
Wiz also helped us avoid building a large team. We can use the team we have and scale the tool as needed because it provides visibility to multiple teams. Fewer people are needed to operate Wiz.
What is most valuable?
The CSPM module has been the most effective. It was easy to deploy and covered all our accounts through APIs, requiring no agents. Wiz provides instant visibility into high-level risks that we need to address.
It's the best tool in its class. I have used many different tools in previous environments, and this was the easiest to use. It provides the most visibility from the dashboard and highlights areas that must be addressed immediately.
Wiz can seamlessly scan every layer of our cloud environment without agents. The documentation was thorough, with screenshots and examples of what to do next.
What needs improvement?
Wiz's reporting capabilities could be refined a bit. They are making headway on that, but more executive-style dashboards would be nice. They just implemented a community aspect where you can share documents and feedback. This was something users had been requesting for a while. They are listening to customer feedback and making changes.
They could add more security functionality and visibility into EKS and Kubernetes in general. I believe that is on their roadmap. Wiz should just keep pace with the changes in the cloud and new features customers are requesting.
For how long have I used the solution?
I have used Wiz for two and a half years.
What do I think about the stability of the solution?
We've never had any issues or outages.
What do I think about the scalability of the solution?
I rate Wiz a ten out of ten for scalability.
How are customer service and support?
I rate Wiz support a ten out of ten. Their support is excellent. We can always reach our account representative when we have a problem or need to speak with technical staff to clarify things. It's easy to get help when needed.
How would you rate customer service and support?
Positive
How was the initial setup?
Setting up Wiz was straightforward. We only had two engineers on our side working on the deployment. One was responsible for documentation, and the other handled the hands-on aspects. Realistically, you only needed one person to deploy it.
Wiz is deployed in a public cloud environment. We have seven or eight different accounts, and the rollout was seamless. There were no issues. We aren't multi-regional. It's currently one region, but we are looking at expanding. The solution currently gives us the coverage we need for those environments. Wiz requires no maintenance. It runs on its own.
What about the implementation team?
We deployed Wiz using API integration through a VAR service. It was a streamlined process from a VAR perspective. Both sides understood the problems, and we made adjustments to the size of the setup we needed to meet our demands. That was a good aspect of the VAR relationship.
What's my experience with pricing, setup cost, and licensing?
The pricing is fair and comparable to their competitors. The cost seems to be going up, which is a concern. There are potential savings from consolidating tools, but we're uncertain how Wiz's pricing will change over time.
It might follow a trajectory similar to Splunk. Early adopters got an excellent deal, but it became pricey when they became the market leader. Many CISOs are concerned about the longevity of Wiz's pricing model. It's becoming a go-to product that lots of folks are shifting toward.
Which other solutions did I evaluate?
I can't talk about the other tools, but we looked at the best in the industry, and Wiz outshined all of them.
What other advice do I have?
I rate Wiz a ten out of ten. Take a look at competitors and make your opinion. At the same time, most people choose Wiz because of its ease of use, support, and return on investment. Those are the main reasons we selected and stayed with them.
Which deployment model are you using for this solution?
Public Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
AWS Cloud Security Engineer at a tech services company with 51-200 employees
Provides simplicity, comprehensive findings, and impressive security graph
Pros and Cons
- "Wiz offers greater visibility and more in-depth findings in terms of configuration, misconfiguration, and vulnerabilities."
- "The APIs are currently quite limited and not very mature, which makes integration with Splunk difficult."
What is our primary use case?
We currently use Wiz for cloud security management to identify and address vulnerabilities in our AWS platforms. Wiz is also integrated with our EKS clusters, allowing us to monitor and manage cluster security. We deploy sensors across our infrastructure, from the base level to more advanced setups, to gather comprehensive vulnerability data. Additionally, Wiz helps us manage our inventory and images. We have integrated Wiz with our ECR to monitor and secure container images through the ECR connector.
How has it helped my organization?
Our main goal is to use Wiz as our secondary product. We aim to gather all logs and vulnerabilities and integrate them into our main tool, Splunk. Wiz helps us identify issues, but Splunk remains our primary solution. We forward all logs from Wiz to Splunk. The client, Vericore, uses Splunk as their main tool to gather data from third-party CSPM tools like Prisma and others, including DDoS detection. This integration allows us to generate reports and distribute them to other departments to address the identified vulnerabilities.
What is most valuable?
Wiz offers greater visibility and more in-depth findings in terms of configuration, misconfiguration, and vulnerabilities.
What needs improvement?
The APIs are currently quite limited and not very mature, which makes integration with Splunk difficult. As a result, we often have to use Wiz instead of our mainframe to handle tasks related to Splunk. We regularly meet with the Wiz team, who then consult their product team to find solutions and alternative methods for these tasks.
For how long have I used the solution?
I have been using Wiz for six months.
What do I think about the stability of the solution?
It is stable.
What do I think about the scalability of the solution?
We don't have any issues with the scalability. 45-50 users are using this solution.
We have multiple departments, including product security and sales. We have development teams and other departments as well. For each senior and director in these departments, we have created users and provided them with access to Wiz. This allows them to gather reports from Wiz. Additionally, if they cannot get the reports from Wiz, they can use Splunk, with which we have integrated Wiz.
We have deployed Wiz in three organizations on AWS, each with approximately 70 to 80 accounts, totaling more than 120 accounts. We have also deployed Wiz in Microsoft environments, ensuring we can gather data from every platform.
How are customer service and support?
Support has been great. We have a dedicated channel with Wiz and are always in communication with them.
How would you rate customer service and support?
Neutral
How was the initial setup?
The initial setup was very straightforward. We used the deployment connectors in Wiz. We deployed three connectors for our AWS environment, and each connector requires specific roles: Wiz rules and read-only roles. The deployment was done using the CloudFormation template through our management account, and we deployed the template to all the accounts in the organization.
The deployment took no more than 48 hours because it was done easily. However, the setup to get all the data from AWS into Wiz took about 24-48 hours.
Which other solutions did I evaluate?
We use Splunk for DDoS detection and the AWS Security Data Lake for micro detections. We use Wiz for cloud platform configuration. For threat detection, we rely on the AWS Security Data Lake and Splunk.
What other advice do I have?
We use Wiz to enhance our cloud security, and as a result, the number of vulnerabilities has gone down. We have integrated Jira authentication with Wiz to create tickets. We have set up rules in Wiz that generate tickets for misconfigurations. These tickets are sent to the respective departments that own the accounts with the identified vulnerabilities and misconfigurations. Our security team pushes these tickets to the relevant teams, enhancing security.
Integration and deployment are relatively easy. However, we have encountered some incidents with Wiz in the past. As Wiz mentioned, some policies included in the connectors were flagging our production EBS in AWS.
Maintenance is very easy.
I recommend Wiz for its simplicity, comprehensive findings, and impressive security graph. It provides excellent visibility, threat detection, and data classification rules. Additionally, Wiz offers more control compared to Prisma and other third-party tools.
Overall, I rate the solution at eight-point five out of ten.
Which deployment model are you using for this solution?
Public Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Last updated: Jul 30, 2024
Flag as inappropriateBuyer's Guide
Download our free Wiz Report and get advice and tips from experienced pros
sharing their opinions.
Updated: October 2024
Product Categories
Cloud-Native Application Protection Platforms (CNAPP) Vulnerability Management Container Security Cloud Workload Protection Platforms (CWPP) Cloud Security Posture Management (CSPM) Data Security Posture Management (DSPM) Compliance ManagementPopular Comparisons
Prisma Cloud by Palo Alto Networks
Microsoft Defender for Cloud
Darktrace
Zscaler Zero Trust Exchange Platform
SentinelOne Singularity Cloud Security
Orca Security
CrowdStrike Falcon Cloud Security
Aqua Cloud Security Platform
Skyhigh Security
Lacework FortiCNAPP
Check Point CloudGuard CNAPP
Trend Vision One - Cloud Security
Sysdig Secure
Tenable Cloud Security
Rapid7 InsightCloudSec
Buyer's Guide
Download our free Wiz Report and get advice and tips from experienced pros
sharing their opinions.
Quick Links
Learn More: Questions:
- How would you compare Wiz vs Lacework?
- AWS Cloud Security Posture tool - has anyone used either Wiz or Ermetic cloud security products and can compare them to AWS Security Hub?
- Which tool is best for CNAPP: Wiz or Orca?
- How to minimize false positives for PII and PCI around different data systems across the globe?
- When evaluating Cloud-Native Application Protection Platforms (CNAPP), what aspect do you think is the most important to look for?
- Why is a CNAPP (Cloud-Native Application Protection Platform) important?
- What CNAPP solution do you recommend for a hybrid cloud?
- Why are Cloud-Native Application Protection Platforms (CNAPP) tools important for companies?
- When evaluating Cloud-Native Application Protection Platforms (CNAPP) solutions, what aspect do you think is the most important to look for?
- Why is Cloud-Native Application Protection Platforms (CNAPP) important for companies?