There are no major complaints associated with the tool. As the tool is a good fit for small and medium-sized businesses, the solution should focus on making the product suitable for large-scale businesses.
The tool keeps improving on a weekly basis. Wiz enters into a lot of partnerships with other technologies. I don't have any idea about the improvements needed in the tool at the moment. For me, Wiz is a very complete product, but it is not the perfect one. Other technologies are better for our customers' specific use cases. A possible way to grow the tool is by introducing new functionality or features. In the future, the tool can introduce an on-prem infrastructure or platform. Not having an on-prem version can be an obstacle for customers who have a large workload in an on-prem environment. The onboarding can be done in five minutes or five to ten minutes. Then, there is the configuration, and it depends on the type of the use case of the customer. There is a customer that has simple use cases for whom the onboarding can be done in four to eight hours a day. If there are some customers with a lot of use cases and a lot of different cloud providers, more time is needed. In general, we don't need more than five days to deploy the tool, even in the case of a very complex architecture and hybrid cloud environment. To deploy the tool, we need to have access to the account of the customer, and Wiz is a stuff that we need to make with the customer. We do the onboarding together. The customer creates the correct authorization in the cloud platform and gives us the key to connect to the platform, and then the platform connector starts and begins to collect information.
The reporting should be improved because until a few months ago, the reports were only in CSV format, which made it difficult to clean up. Wiz tried to improve the reporting process, but it's not as valuable as Tenable.
You need to enter numbers manually. Now, everyone has to press to proceed. Wiz still requires managing all the numbers on the web page. Wiz could enhance API integration with ServiceNow and Jira.
AWS Cloud Security Engineer at a tech services company with 51-200 employees
Real User
Top 20
2024-04-15T14:10:00Z
Apr 15, 2024
The APIs are currently quite limited and not very mature, which makes integration with Splunk difficult. As a result, we often have to use Wiz instead of our mainframe to handle tasks related to Splunk. We regularly meet with the Wiz team, who then consult their product team to find solutions and alternative methods for these tasks.
SOC Manager at a real estate/law firm with 1,001-5,000 employees
Real User
Top 10
2024-02-21T08:44:36Z
Feb 21, 2024
The solution's container security could be improved. We have to install an agent. We need an agent that can be installed, or that can overview all the containers and Kubernetes so that it can detect malicious activities that are happening in them. If it happens, we need to have an option to take a remote from one console, like we do in EDR, and remediate all those activities.
Given the level of visibility into all the cloud environments Wiz provides, it would be nice if they could integrate some kind of mechanism to better manage tenants on multiple platforms. For example, let's say that some servers don't have an application they need, such as an antivirus. Wiz could include an API or something to push those applications out to the servers. It would be great if you could remedy these issues directly from the Wiz platform.
Sr. Manager AVP - Vuln Management and Threat Intelligence at a computer software company with 201-500 employees
Real User
Top 20
2023-03-17T00:04:00Z
Mar 17, 2023
Wiz is trying to get into File Integrity Monitoring and it would be nice to set up what they call 'alert profiles' in their dashboard. For instance, if they had a threshold of a hundred images or files within a Docker container, image, or files within a particular workload that has been deleted within one minute, this could be an Indicator of a compromise of ransomware or something else. We typically don't think of this in the cloud, but the same rules apply as they would on-premise. It would be beneficial for Wiz to expand into this space and set up alert profiles for thresholds that indicate areas of compromise. The remediation workflow within Wiz could be improved. For example, Rapid7 has done this well with InsightVM, which they call goals, SLAs, and projects in their remediation workflow. It would be beneficial to have a remediation tab that focuses on the visibility and coverage of findings, as well as an automated remediation workflow. This would save time, as it would not require creating tickets in Jira or going to another place. If these two can be done, it will be very helpful for the user, the person administering the tool, and the developers who need to fix the findings and issues.
Senior Information Security Engineer at a financial services firm with 1,001-5,000 employees
Real User
Top 20
2023-03-15T20:04:00Z
Mar 15, 2023
The reporting isn't that great. They have executive summaries, but it's only a compliance report that maps all current issues to specific controls. Whether you look at one subscription or project, regardless of the size, you will get a multipage report on how the issues in that account map to that control. Our CSO isn't going to read through that. He won't filter that out or show that to his leadership and say, "Here's what we're doing." It isn't a helpful report. They're working on it, but it's a poor executive summary. All the other reports look great when you try to create them. I can pull a report of issues for a specific project, but it's a CSV file with findings, which isn't helpful. I expect a slick visual summary that looks like what they have on the dashboard. They spend a lot of time making the dashboard easy to understand, but you can't get that information into a report for our executive leadership. We want to show them the trends and what we're doing. It's critical for our team to demonstrate the tool's value. At the end of the year, we have to go to a meeting and show management the progress we made this year. I can only do that by going into open issues, putting them all in notepad, and taking a couple of screenshots. I would also like the dashboards to be customizable. They have excellent dashboards, but you can't create or customize them. At the same time, Wiz seems open to that feedback, and I think they're relatively new. They're growing fast and implementing new features quickly, so I hope this will be added soon. A third issue is that we can't provide email notifications on connector status. Everything comes into Wiz through a connector. Our AWS environment is added as a connector, and there's no way to notify anyone if an issue is detected. We could wake up the next morning and not have any data from our AWS cloud environment because there was an issue with the connector, but no one would've known about it. I think that's something that needs to be fixed. Wiz has room for improvement in terms of risk assessment. It has a severity meter with five levels: critical, high, medium, low, or informational. If I click on the highs, it sorts the issues by the control with the most total issues. They're all high, but it doesn't prioritize based on anything other than the number of issues that are impacted by that control. It's not a priority. It tells you you'll get the most bang for your buck if you fix this one. There's no risk score or anything like that. For example, if a public-facing device has a significant vulnerability, it will consider that business context and label it "critical," but that's all it does. All the severity levels have the same weight. Wiz prioritizes well in terms of sorting the issues into broad categories. However, it doesn't prioritize those. I'm looking at all the highs right now, and I don't know if one of these is more impactful to fix than the other. It helps to have an overview showing that 103 resources will be impacted if we fix this control. We can fix the control at the global level, put guardrails around it, and prevent the issue from happening in the future. You can start thinking that way, but it doesn't tell you this is more severe than other issues in the same severity category.
Chief Information Security Officer (CISO) at a outsourcing company with 501-1,000 employees
Real User
Top 20
2023-02-23T23:36:00Z
Feb 23, 2023
Wiz's reporting capabilities could be refined a bit. They are making headway on that, but more executive-style dashboards would be nice. They just implemented a community aspect where you can share documents and feedback. This was something users had been requesting for a while. They are listening to customer feedback and making changes. They could add more security functionality and visibility into EKS and Kubernetes in general. I believe that is on their roadmap. Wiz should just keep pace with the changes in the cloud and new features customers are requesting.
Director Information Security at a computer software company with 501-1,000 employees
Real User
Top 10
2022-12-22T21:05:00Z
Dec 22, 2022
The only small pain point has been around some of the logging integrations. Some of the complexities of the script integrations aren't supported with some of the more automated infrastructure components. So, it's not as universal. For example, they have great support for cloud formation and other services, but if you're using another type of management utility or governance language for your infrastructure-as-code automation components, it becomes a little bit trickier to navigate that.
CyberSecurity Sr Manager at a retailer with 10,001+ employees
Real User
2022-12-01T21:56:00Z
Dec 1, 2022
Something that we're starting to look into is identifying vulnerabilities for which we potentially need to delay the remediation. We wish there were a way, beyond providing visibility and automated remediation, to wait on a given remediation, due to a critical aspect, such as the cost associated with a particular upgrade. We don't have remediation prevention capabilities available through Wiz. We would like to see preventive controls that can be applied through Wiz to protect against vulnerabilities that we're not going to be able to remediate immediately.
Wiz is a highly efficient solution for data security posture management (DSPM), with a 100% API-based approach that provides quick connectivity and comprehensive scans of platform configurations and workloads. The solution allows companies to automatically correlate sensitive data with relevant cloud context, such as public exposure, user identities, entitlements, and vulnerabilities.This integration enables them to understand data accessibility, configuration, usage, and movement within...
I have not measured certain abilities on a scale yet. The ultimate value depends on the requirements of your organization.
There are no major complaints associated with the tool. As the tool is a good fit for small and medium-sized businesses, the solution should focus on making the product suitable for large-scale businesses.
The tool keeps improving on a weekly basis. Wiz enters into a lot of partnerships with other technologies. I don't have any idea about the improvements needed in the tool at the moment. For me, Wiz is a very complete product, but it is not the perfect one. Other technologies are better for our customers' specific use cases. A possible way to grow the tool is by introducing new functionality or features. In the future, the tool can introduce an on-prem infrastructure or platform. Not having an on-prem version can be an obstacle for customers who have a large workload in an on-prem environment. The onboarding can be done in five minutes or five to ten minutes. Then, there is the configuration, and it depends on the type of the use case of the customer. There is a customer that has simple use cases for whom the onboarding can be done in four to eight hours a day. If there are some customers with a lot of use cases and a lot of different cloud providers, more time is needed. In general, we don't need more than five days to deploy the tool, even in the case of a very complex architecture and hybrid cloud environment. To deploy the tool, we need to have access to the account of the customer, and Wiz is a stuff that we need to make with the customer. We do the onboarding together. The customer creates the correct authorization in the cloud platform and gives us the key to connect to the platform, and then the platform connector starts and begins to collect information.
The reporting should be improved because until a few months ago, the reports were only in CSV format, which made it difficult to clean up. Wiz tried to improve the reporting process, but it's not as valuable as Tenable.
You need to enter numbers manually. Now, everyone has to press to proceed. Wiz still requires managing all the numbers on the web page. Wiz could enhance API integration with ServiceNow and Jira.
The APIs are currently quite limited and not very mature, which makes integration with Splunk difficult. As a result, we often have to use Wiz instead of our mainframe to handle tasks related to Splunk. We regularly meet with the Wiz team, who then consult their product team to find solutions and alternative methods for these tasks.
The solution's container security could be improved. We have to install an agent. We need an agent that can be installed, or that can overview all the containers and Kubernetes so that it can detect malicious activities that are happening in them. If it happens, we need to have an option to take a remote from one console, like we do in EDR, and remediate all those activities.
Given the level of visibility into all the cloud environments Wiz provides, it would be nice if they could integrate some kind of mechanism to better manage tenants on multiple platforms. For example, let's say that some servers don't have an application they need, such as an antivirus. Wiz could include an API or something to push those applications out to the servers. It would be great if you could remedy these issues directly from the Wiz platform.
Wiz is trying to get into File Integrity Monitoring and it would be nice to set up what they call 'alert profiles' in their dashboard. For instance, if they had a threshold of a hundred images or files within a Docker container, image, or files within a particular workload that has been deleted within one minute, this could be an Indicator of a compromise of ransomware or something else. We typically don't think of this in the cloud, but the same rules apply as they would on-premise. It would be beneficial for Wiz to expand into this space and set up alert profiles for thresholds that indicate areas of compromise. The remediation workflow within Wiz could be improved. For example, Rapid7 has done this well with InsightVM, which they call goals, SLAs, and projects in their remediation workflow. It would be beneficial to have a remediation tab that focuses on the visibility and coverage of findings, as well as an automated remediation workflow. This would save time, as it would not require creating tickets in Jira or going to another place. If these two can be done, it will be very helpful for the user, the person administering the tool, and the developers who need to fix the findings and issues.
The reporting isn't that great. They have executive summaries, but it's only a compliance report that maps all current issues to specific controls. Whether you look at one subscription or project, regardless of the size, you will get a multipage report on how the issues in that account map to that control. Our CSO isn't going to read through that. He won't filter that out or show that to his leadership and say, "Here's what we're doing." It isn't a helpful report. They're working on it, but it's a poor executive summary. All the other reports look great when you try to create them. I can pull a report of issues for a specific project, but it's a CSV file with findings, which isn't helpful. I expect a slick visual summary that looks like what they have on the dashboard. They spend a lot of time making the dashboard easy to understand, but you can't get that information into a report for our executive leadership. We want to show them the trends and what we're doing. It's critical for our team to demonstrate the tool's value. At the end of the year, we have to go to a meeting and show management the progress we made this year. I can only do that by going into open issues, putting them all in notepad, and taking a couple of screenshots. I would also like the dashboards to be customizable. They have excellent dashboards, but you can't create or customize them. At the same time, Wiz seems open to that feedback, and I think they're relatively new. They're growing fast and implementing new features quickly, so I hope this will be added soon. A third issue is that we can't provide email notifications on connector status. Everything comes into Wiz through a connector. Our AWS environment is added as a connector, and there's no way to notify anyone if an issue is detected. We could wake up the next morning and not have any data from our AWS cloud environment because there was an issue with the connector, but no one would've known about it. I think that's something that needs to be fixed. Wiz has room for improvement in terms of risk assessment. It has a severity meter with five levels: critical, high, medium, low, or informational. If I click on the highs, it sorts the issues by the control with the most total issues. They're all high, but it doesn't prioritize based on anything other than the number of issues that are impacted by that control. It's not a priority. It tells you you'll get the most bang for your buck if you fix this one. There's no risk score or anything like that. For example, if a public-facing device has a significant vulnerability, it will consider that business context and label it "critical," but that's all it does. All the severity levels have the same weight. Wiz prioritizes well in terms of sorting the issues into broad categories. However, it doesn't prioritize those. I'm looking at all the highs right now, and I don't know if one of these is more impactful to fix than the other. It helps to have an overview showing that 103 resources will be impacted if we fix this control. We can fix the control at the global level, put guardrails around it, and prevent the issue from happening in the future. You can start thinking that way, but it doesn't tell you this is more severe than other issues in the same severity category.
Wiz's reporting capabilities could be refined a bit. They are making headway on that, but more executive-style dashboards would be nice. They just implemented a community aspect where you can share documents and feedback. This was something users had been requesting for a while. They are listening to customer feedback and making changes. They could add more security functionality and visibility into EKS and Kubernetes in general. I believe that is on their roadmap. Wiz should just keep pace with the changes in the cloud and new features customers are requesting.
The only small pain point has been around some of the logging integrations. Some of the complexities of the script integrations aren't supported with some of the more automated infrastructure components. So, it's not as universal. For example, they have great support for cloud formation and other services, but if you're using another type of management utility or governance language for your infrastructure-as-code automation components, it becomes a little bit trickier to navigate that.
Something that we're starting to look into is identifying vulnerabilities for which we potentially need to delay the remediation. We wish there were a way, beyond providing visibility and automated remediation, to wait on a given remediation, due to a critical aspect, such as the cost associated with a particular upgrade. We don't have remediation prevention capabilities available through Wiz. We would like to see preventive controls that can be applied through Wiz to protect against vulnerabilities that we're not going to be able to remediate immediately.