Wiz serves as our enterprise tool for securing our cloud platform. We use AWS as our cloud platform and have Wiz integrated across multiple accounts for IT, engineering, and other departments. Within IT itself, we have different environments including development, production, and stage accounts. In every account, we have Wiz integrated and use policies based on the environment. For example, the dev environment has a less secure policy while production has a high-security policy. Technically, we use Wiz for securing our cloud platform.
External reviews
762 reviews
from
and
External reviews are not included in the AWS star rating for the product.
Cloud security Swiss army knife
What do you like best about the product?
In-depth cloud asset configuration visibility, code-to-cloud capabilities, vulnerability management, ITSM tool integration, trends and reporting dashboards.
What do you dislike about the product?
Menus are sometimes cluttered, findings can get overwhelming and you would need good prioritization procedures, naming conventions are a bit difficult to explain to security auditors looking for overall vulnerabilities in a system (between findings and issues)
What problems is the product solving and how is that benefiting you?
Cloud vulnerability management
Wiz: A Comprehensive Cloud Security Visibility Platform
What do you like best about the product?
A clear map of all interconnected resources, illustrating how an attack could propagate. This capability is missing in AWS Security Hub and is a key strength of Wiz
What do you dislike about the product?
One drawback is that the platform has a learning curve. It takes some time to fully understand the interface and make the most of all the features
What problems is the product solving and how is that benefiting you?
Wiz centralizes our AWS configuration data, enabling rapid identification of misconfigurations such as overly permissive security groups and outdated Lambda runtimes. Its dashboards save significant time by providing a clear view of priorities and risk levels.
Clear Results and Tailored Guidance with Effortless Configuration
What do you like best about the product?
The results are clear, accurate, and prioritized. The remediation guidance is clear, concise, and can be tailored to the specific resource. And the configuration/setup as well as integration points, was simple and broad without being overly permissive. The company vision is ambitious and they deliver. The support team is extremely available and has not seen the usual turnover.
What do you dislike about the product?
The interface is not always intuitive, and updates are pushed very frequently often breaking documentation links and changing processes with little to no notice.
What problems is the product solving and how is that benefiting you?
Wiz is giving us a clear picture of what we have in our environments and how secure our applications are. When we need to assure compliance, either for clients or for certification, its findings are reliable and present without additional effort. And when cloud/app events and incidents inevitably happen, we can swarm and resolve the underlying risks much quicker than before.
Outstanding Cloud Visibility Platform
What do you like best about the product?
It is a really great SAAS paltform giving complete visibility of your cloud environment
What do you dislike about the product?
can be a bit complex to understand in the beginning
What problems is the product solving and how is that benefiting you?
It provides us with comprehensive visibility into our cloud environment.
Democratizing Security Through Attack Path Visualization
What do you like best about the product?
The attack path visualization feature allows engineers to grasp and prioritize genuine risks, rather than relying solely on abstract CVSS scores. The platform provides clear explanations of risks, which helps secure engineer buy-in and encourages independent remediation. This has led to real security democratization, easing the burden on security leadership and reducing bottlenecks.
What do you dislike about the product?
The input validation for connector credentials is weak, which creates unnecessary friction when first integrating with the cloud. Additionally, the user experience is clearly designed with enterprises in mind, resulting in a steep learning curve that can be challenging for smaller teams.
What problems is the product solving and how is that benefiting you?
Benefits of Implementing Wiz
Background
In our company, I was the sole person with specialized security expertise. As the business expanded and our product offerings grew, the attack surface increased, and security audits began to take up a significant portion of my time. This made it difficult for me to concentrate on my primary responsibilities as CTO.
Previous Challenges
To tackle this, I aimed to make security a shared responsibility throughout the organization. However, with tools from other vendors, although we could track security issues as inventory items, we were unable to give our engineers the autonomy to proactively resolve these issues themselves.
Results from Wiz Implementation
Wiz stands out by offering thorough attack path visualization with Wiz Security Graph, clear explanations of the risks associated with each issue, and practical remediation guidance.
Thanks to these features, our engineering teams are now able to independently resolve most security issues. Consequently, we have improved our overall security posture and greatly reduced the amount of time I personally need to dedicate to security operations.
Background
In our company, I was the sole person with specialized security expertise. As the business expanded and our product offerings grew, the attack surface increased, and security audits began to take up a significant portion of my time. This made it difficult for me to concentrate on my primary responsibilities as CTO.
Previous Challenges
To tackle this, I aimed to make security a shared responsibility throughout the organization. However, with tools from other vendors, although we could track security issues as inventory items, we were unable to give our engineers the autonomy to proactively resolve these issues themselves.
Results from Wiz Implementation
Wiz stands out by offering thorough attack path visualization with Wiz Security Graph, clear explanations of the risks associated with each issue, and practical remediation guidance.
Thanks to these features, our engineering teams are now able to independently resolve most security issues. Consequently, we have improved our overall security posture and greatly reduced the amount of time I personally need to dedicate to security operations.
Effortless Remediation Steps Make It a Standout
What do you like best about the product?
The remediation steps are actually actionable - not just 'fix this' but showing you exactly how. Also, the multi-cloud coverage means I'm not juggling different tools for our various portfolio companies' infrastructure.
What do you dislike about the product?
Takes a bit to learn their UX language, but once you get it, it makes sense. Sometimes the alert noise can be high until you tune it properly.
What problems is the product solving and how is that benefiting you?
We're dealing with patient health data, so any cloud misconfiguration could mean a HIPAA breach. Wiz catches stuff like exposed S3 buckets or overly permissive access before it becomes a problem. The continuous monitoring means I'm not constantly manually checking if PHI is actually protected. Also makes compliance audits way easier - I can actually show what controls we have in place instead of just saying 'trust me, it's secure.
Cloud security has improved and detects vulnerabilities across multi-account environments
What is our primary use case?
What is most valuable?
The best feature of Wiz is the ability to detect any security violations across multi-cloud platforms and the ability to integrate for creating security incidents and vulnerability incidents. It works very well for scanning the environment, detecting vulnerabilities, and reporting them based on our requirements. It can generate reports via email or create ServiceNow incidents. It has helped me identify threats more easily. When it comes to the Kubernetes cluster, we do not have any other option for detecting vulnerabilities. This is the only way we observe our Kubernetes clusters to determine whether they are secured or not. Regarding speed, I cannot compare it with other solutions, but so far, we are happy with the way it works.
Wiz has improved our business in many ways. While I do not know in numbers how it has helped the business gain more profit, as a technical expert and part of our IT architect team, I would say Wiz has helped tremendously to secure our cloud platform. There were many security vulnerabilities existing before we implemented this solution that were not at all in our attention because there was nothing to scan and report what was wrong. After implementing Wiz, it has helped significantly. There was a program for implementing high-security measures in our environment, and Wiz has contributed substantially to that program.
What needs improvement?
I feel there is a delay in detection, though I am uncertain whether this is due to our implementation disadvantage. Wiz can detect all the issues, threats, and security vulnerabilities, but the delay may be due to the time taken for running a scan because we have a 24-hour scan cycle. When I checked with the team, there was no on-demand scanning possibility. We still see improvement scopes in this area. It does the work, but we are not seeing the changes very fast. Once you get a threat and fix it, to see that fix reflected in Wiz, you have to wait 24 hours. That is something I am not happy with.
One improvement that I am looking for in Wiz is the capability for on-demand scanning. That should be available. Second, we should be able to see the fixes faster. Once a threat is detected and we apply the fix, we want to see that result updated in the dashboard or portal as soon as possible. If Wiz can detect it faster and update it in the portal, that would be beneficial.
For how long have I used the solution?
I have been using Wiz for more than two years, approximately two years and four months.
What do I think about the stability of the solution?
Regarding stability, it is stable. I would rate it nine out of ten.
What do I think about the scalability of the solution?
Regarding scalability, I would also rate it nine out of ten.
How are customer service and support?
I would rate the technical support of Wiz eight out of ten on a scale from one to ten, with ten being the best.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
When comparing Wiz with other software, I did not use any other software similar to Wiz for the same purpose. A similar tool was Qualys, but we used Qualys for a different use case. We used it for vulnerability scanning of our servers, not end-user devices. For securing or detecting threats from cloud accounts, I do not have any other tool that I am aware of. Qualys is another vulnerability management tool, but the use cases are different, so I do not have the expertise to compare.
How was the initial setup?
Deployment took approximately three months.
What about the implementation team?
From one to ten, with one being cheap and ten being expensive, I would rate the implementation cost a seven.
What was our ROI?
Wiz does require some maintenance.
What's my experience with pricing, setup cost, and licensing?
Wiz does require some maintenance.
Which other solutions did I evaluate?
My thoughts on the pricing of Wiz are that it is not cheap, but it is cost-efficient. From one to ten, with one being cheap and ten being expensive, I would rate it a seven.
What other advice do I have?
I would recommend Wiz to anyone. If anyone wants to secure their infrastructure, cloud environment, or Kubernetes cluster, I would strongly recommend Wiz as a tool because it is easy to use and user-friendly. It has tight integration with many tools out-of-the-box for sending alerts, creating emails, and creating incidents.
My advice to others looking to implement Wiz is that when you implement Wiz, if your hybrid environment is not managed properly, it will be difficult to implement. It is better to make some cleanup and ensure that the environment you are going to implement meets Wiz standards. If you do not take care of that and simply implement Wiz, you will encounter many issues being reported by the system. It is better to follow the prerequisite standards of your cloud account and then implement the solution. Otherwise, you will see many issues being reported.
Regarding whether Wiz has helped reduce alert fatigue, I do not have a definitive answer because we do not see that much decrease in the alerts. Initially, when we implemented Wiz, since we were not using any tool like that before, there were too many alerts. Because it was the first implementation, it started sending too many alerts. Later on, the alerts decreased, but this decrease was not because of Wiz itself. Rather, it was because we implemented security fixes wherever Wiz reported threats or vulnerabilities. That is how the number of alerts got reduced. I feel we can also customize the Wiz policy to reduce the number of alerts, but I am not at that level here, so I do not have that expertise.
My overall rating for this solution is eight out of ten.
Outstanding Experience
What do you like best about the product?
As a tech lead security engineer, what I appreciate most about Wiz is its ability to prioritize what truly matters. The toxic-combination engine is exceptionally effective at surfacing real, exploitable risks rather than overwhelming the team with noise. This also empowers our engineering teams to use Wiz autonomously daily, i.e. they can quickly understand what needs to be fixed first, without relying on security for constant supervision. That independence has been a major productivity boost and reduces friction, while the security team still maintains oversight for high-risk scenarios the tool might not fully capture.
On top of that, the CNAPP platform is comprehensive, and require only a few amount of time to set up and integrate everything in our ecosystem. We leverage Wiz across our cloud infrastructure, workloads, and runtime using the Wiz Sensor, which performs reliably with minimal overhead. The security graph makes exploration intuitive and gives us the context we need to understand issues end-to-end.
The customer success team is also one of the best I’ve worked with, which is highly appreciated.
On top of that, the CNAPP platform is comprehensive, and require only a few amount of time to set up and integrate everything in our ecosystem. We leverage Wiz across our cloud infrastructure, workloads, and runtime using the Wiz Sensor, which performs reliably with minimal overhead. The security graph makes exploration intuitive and gives us the context we need to understand issues end-to-end.
The customer success team is also one of the best I’ve worked with, which is highly appreciated.
What do you dislike about the product?
Overall, the platform work very well, and there are no big drawbacks. However, there is one challenge around KPIs, metrics, and vulnerability tracking in autoscaling environments. Because resources scale in and out frequently, we often lose track of what was actually fixed by engineering versus what simply disappeared due to autoscaling events. Vulnerabilities may appear “closed” when the underlying resource is terminated, only to reappear when a new instance is spun up. But overall, you still can follow the big picture of your vulnerabilities.
What problems is the product solving and how is that benefiting you?
Wiz brings us clarity to the complexity of managing cloud security at scale. It consolidates visibility across cloud resources, workloads, and runtime into a single, coherent platform. The prioritization model ensures that both security and engineering teams stay focused on the risks that matter most, rather than sifting through thousands of low-impact findings.
It also enables engineering teams to take meaningful action independently, which greatly accelerates remediation and reduces operational overhead for the security team. At the same time, it doesn’t replace the need for dedicated security expertise, we still rely on our team to investigate nuanced, high-risk cases and validate critical exposures. But Wiz provides a rich layer of insight with almost no additional effort required from engineers, making the entire organization more efficient and more secure.
It also enables engineering teams to take meaningful action independently, which greatly accelerates remediation and reduces operational overhead for the security team. At the same time, it doesn’t replace the need for dedicated security expertise, we still rely on our team to investigate nuanced, high-risk cases and validate critical exposures. But Wiz provides a rich layer of insight with almost no additional effort required from engineers, making the entire organization more efficient and more secure.
Wiz: Exceptional User Experience and Enhanced Efficiency
What do you like best about the product?
Wiz is a truly impressive tool. The user experience stands out, as it allows access to the platform through an interface adapted to each user's role. Additionally, Wiz's ability to prioritize critical aspects significantly contributes to improving work efficiency.
What do you dislike about the product?
The truth is that I don't find any negative aspect in Wiz, as for the use we give it, it turns out to be an excellent tool.
What problems is the product solving and how is that benefiting you?
Wiz provides us with centralized visibility of our multicloud environment, covering both the configuration of different clouds (CSPM) and the protection of workloads and applications (CNAPP). Having all findings visible and prioritized in one place allows us to organize and tackle the work much more efficiently.
Effortless Adoption and Prioritization Across Teams
What do you like best about the product?
I appreciate the ease of use, the ability to prioritize tasks, and the clear communication regarding issues. Additionally, I have noticed how quickly it has been adopted by various teams.
What do you dislike about the product?
The only aspect that left me disappointed was the transition from the previous "all in" licensing model to a pricing structure based more on specific features or workloads.
What problems is the product solving and how is that benefiting you?
Wiz helped us take enormous amounts of data about our systems, and turn it into actionable insights. Acting on those insights has generated tangible improvements in our security and responsiveness as new risks emerge.
showing 1 - 10