Wiz is an agentless cloud assets vulnerability scanner. You don't need to install anything to use any of the machines. It takes snapshots and then scans it. It is interesting because all other scanners need to install some agent.
External reviews
764 reviews
from
and
External reviews are not included in the AWS star rating for the product.
The perfect auditor to acquire a better Azure security posture
What do you like best about the product?
The intuitive nature of the tool and its easy use. Due to its powerful engine, it allows you to have a real-time snapshot of the main risks in the Azure environment and, above all, it clearly indicates how to correct them.
What do you dislike about the product?
Due to its great functionality, it is necessary to spend many hours becoming familiar with the tool to exploit its full potential. They have dedicated a lot to publishing small videos as a guide but it still takes time to know it in detail.
What problems is the product solving and how is that benefiting you?
The migration of the On-prem environment is increasingly necessary and Azure does not offer the visibility that WIZ offers us. The systems and integration area moves much faster than the security area and therefore it takes us longer to identify vulnerabilities and risks that need to be corrected. In this sense, WIZ offers us an immediate position on our environment in terms of security.
Wiz will take you to your next security level
What do you like best about the product?
I like Wiz because it elevates my security to the next level. Its advanced features and user-friendly interface provide comprehensive protection and ensure that my data and systems are always secure. With Wiz, I have peace of mind knowing that my security measures are robust and reliable.
The deployment of the product is very easy and in the organization level so you can be sure you won't have any blindspots.
We are using Wiz on a daily based as part of our oncall shifts, a lot around the threat center and critical issues.
Also we are using the API of Wiz for external automation and process to enrich our data with more cloud data.
The deployment of the product is very easy and in the organization level so you can be sure you won't have any blindspots.
We are using Wiz on a daily based as part of our oncall shifts, a lot around the threat center and critical issues.
Also we are using the API of Wiz for external automation and process to enrich our data with more cloud data.
What do you dislike about the product?
If I don;t like something we give them feedback and they fix it :)
What problems is the product solving and how is that benefiting you?
Identify what you don't know you didn't know.
Help with remediation steps to quickly & independently solve the issue by the DevOps team.
Identify the scope of the issues.
Help with remediation steps to quickly & independently solve the issue by the DevOps team.
Identify the scope of the issues.
Wiz gives us confidence and peace of mind.
What do you like best about the product?
Wiz has proven to be an invaluable asset in our cybersecurity toolkit. One of the best features for us is the dashboard overview that presents actionable insights that have a direct, measurable impact on our overall security posture using their "Toxic Three" formula. Not only does it tell you what is wrong, but it also explains why it is an issue and proposes a solution including relevant instructions. This approach allows our team to prioritize the real important and critical issues without getting bogged down by a noisy alert system. It is really easy to create a dashboard of widgets that you deem most important and use that to display on a dedicated monitor.
We especially appreciate the rapid anomaly detection capabilities. It consistently identifies unusual patterns or behaviors in our environment with remarkable speed and accuracy, enabling us to respond swiftly to potential threats.
An other feature that has proven valuable is the compliance posture reporting. As we pursue SOC 2 certification, and want to maintain several already achived cerifications, these reports have been instrumental in guiding our compliance efforts. They provide a clear, comprehensive view of our current compliance status, highlighting areas that need attention and offering specific recommendations for improvement. This has streamlined our certification process considerably.
We where pleasantly surprised by how easy it was to implement and intigrate Wiz into our environment. Together with a dedicated customer support agent we've had our whole enviroment monitored in a couple of hours.
We especially appreciate the rapid anomaly detection capabilities. It consistently identifies unusual patterns or behaviors in our environment with remarkable speed and accuracy, enabling us to respond swiftly to potential threats.
An other feature that has proven valuable is the compliance posture reporting. As we pursue SOC 2 certification, and want to maintain several already achived cerifications, these reports have been instrumental in guiding our compliance efforts. They provide a clear, comprehensive view of our current compliance status, highlighting areas that need attention and offering specific recommendations for improvement. This has streamlined our certification process considerably.
We where pleasantly surprised by how easy it was to implement and intigrate Wiz into our environment. Together with a dedicated customer support agent we've had our whole enviroment monitored in a couple of hours.
What do you dislike about the product?
While the "Toxic Three" feature helps prioritize critical issues, the general vulnerability findings page can still be quite noisy. This is somewhat inherent to the nature of comprehensive vulnerability scanning, but further refinement in this area would be appreciated.
The ability to mark findings or rules for future ignoring is useful, but the process isn't always consistent. Sometimes it prompts for a reason (which is helpful for audits), while other times it simply ignores the rule without explanation.
The same goes for marking findings as resolved. Most often you can mark a finding as resolved and allowing you to connect a (Jira) ticket and add some additional information. Other times it can only be resolved by making sure the scanner does not detect the issue anymore, effectifly solving the issue, which is beneficial but not always possible.
The ability to mark findings or rules for future ignoring is useful, but the process isn't always consistent. Sometimes it prompts for a reason (which is helpful for audits), while other times it simply ignores the rule without explanation.
The same goes for marking findings as resolved. Most often you can mark a finding as resolved and allowing you to connect a (Jira) ticket and add some additional information. Other times it can only be resolved by making sure the scanner does not detect the issue anymore, effectifly solving the issue, which is beneficial but not always possible.
What problems is the product solving and how is that benefiting you?
Wiz helps us manage our cloud security more effectively by focusing on key issues. It filters out less important alerts and highlights the most critical problems, allowing us to respond quickly to potential threats. Because of the (cloud) misconfiguration detection and the always updated best practice rules from Wiz, we are confident in our current setup and environment, which gives us peace of mind.
It has also been very helpful with our compliance efforts, especially for SOC 2 certification, by providing clear reports on our compliance status and pointing us to areas that where in need of attention or implementation.
It has also been very helpful with our compliance efforts, especially for SOC 2 certification, by providing clear reports on our compliance status and pointing us to areas that where in need of attention or implementation.
Game Changer for Cloud Asset; Cloud Application & Cloud Workload Protection
What do you like best about the product?
Relatively easy to deploy; smart user - friendly interface; scales easily across mutlicloud environments and agently deployment makes it ideal for easy rollout across any environment.
What do you dislike about the product?
Bundled pricing can be trickly to estimate and forecast especially in high growth infrastructure environments.
What problems is the product solving and how is that benefiting you?
Wiz gives us visibility into our cloud assets (applications, workloads) across multiple environments - primarily AWS and GCP in our case. We are able to quickly identity risks, vulnerabilities, etc. to understand our security posture, however the real sweet spot for Wiz is its ability to bring context into the decision making process. It considers what vulnerabilities, configurations or issues make up 'toxic combinations' i.e., areas of most importance and adverse impact.
Being able to provide vulnerability & configuration management based on priority saves time end effort.
The automated remediation process & system integrations (integration into our CICD process) are the most exciting feature about Wiz providing real time insights as applications are progressed from development to production environments.
Being able to provide vulnerability & configuration management based on priority saves time end effort.
The automated remediation process & system integrations (integration into our CICD process) are the most exciting feature about Wiz providing real time insights as applications are progressed from development to production environments.
Very good
What do you like best about the product?
The amount of scope/integrations and the ease of implementation as well
What do you dislike about the product?
This amount of integrations also creates an initial struggle on how to navigate inside the tool
What problems is the product solving and how is that benefiting you?
External perimeter management for cloud was the main gap
Visibility into your cloud env
What do you like best about the product?
The intuitive and user-friendly, making navigation and use straightforward.
The customer support is amazing! They are always available for urgent situations, with representatives ready to assist and jump on calls as needed.
Security graph allows you proactive threat hunting by utilizing Wiz capabilities effectively.
The customer support is amazing! They are always available for urgent situations, with representatives ready to assist and jump on calls as needed.
Security graph allows you proactive threat hunting by utilizing Wiz capabilities effectively.
What do you dislike about the product?
In complex scenarios, sometimes, it is difficult to determine why an alert is high or critical. There are many factors that determine the severity, and sometimes it is not clear what is the root cause.
What problems is the product solving and how is that benefiting you?
Wiz has helped us gain a unique and comprehensive view of our company's security posture. Integrating AWS, GCP, and Azure into a single dashboard has been incredible.
The Best Cloud Security Platform
What do you like best about the product?
Very easy to use user-interface
Easy to get access to customer support
The constant release of new features to add to an already broad feature set
The attack path mapping creates a contextual view beyond that of cloud native security services such as AWS Inspector/Security hub.
Easy to get access to customer support
The constant release of new features to add to an already broad feature set
The attack path mapping creates a contextual view beyond that of cloud native security services such as AWS Inspector/Security hub.
What do you dislike about the product?
Due to the scope of the product offering, the users of Wiz and Administrators, developers or SOC analysts, need to have a clear understanding of cloud service providers to make maximum use of it.
What problems is the product solving and how is that benefiting you?
Understanding cloud misconfigurations
Assisting us in cloud vulnerability management
Demonstrating compliance to CIS/PCI DSS to our regulators
Assisting us in cloud vulnerability management
Demonstrating compliance to CIS/PCI DSS to our regulators
Wiz helped us solve multiple challenges and has identified multiple ongoing risks in our cloud
What do you like best about the product?
Ability to detect vulnerabilities without network scanning. How it portrays our cloud network environment and shows the exposure points.
What do you dislike about the product?
I wish it did a better job at network threat detection. It mostly focuses on workload threat detection.
What problems is the product solving and how is that benefiting you?
Wiz helped us solve the problem of detecting vulnerabilities in a poorly architected cloud environment with overlapping subnets and inconsistent network reachability.
An agentless cloud assets vulnerability scanner which akes snapshots and then scans
What is our primary use case?
How has it helped my organization?
This solution is designed to be agentless. This approach saves bandwidth and other resources. Nobody needs to report anything or send packages to the backend. Everything operates as a SaaS solution. They perform snapshots and alerting, converting the data into metadata, which they then analyze and return. Thus, the SaaS solution handles the entire process without requiring additional effort from us.
What is most valuable?
Wiz is a very powerful and easy-to-use tool. It's highly customizable, allowing us to manage many custom features effectively.
What needs improvement?
You need to enter numbers manually. Now, everyone has to press to proceed. Wiz still requires managing all the numbers on the web page. Wiz could enhance API integration with ServiceNow and Jira.
For how long have I used the solution?
I have been using Wiz for six months.
Which solution did I use previously and why did I switch?
How was the initial setup?
The initial setup is straightforward and takes two to three weeks to complete.
What's my experience with pricing, setup cost, and licensing?
Wiz is quite expensive. However, having a comprehensive view of your cloud environment is essential. On-premises systems are much easier to track, but managing numerous instances in the cloud requires enhanced visibility.
We are paying 250k per year.
For our business case, we needed Wiz to meet regulatory requirements and quickly identify public exposure vulnerabilities, such as publicly accessible instances or resources. This information immediately helps prevent vulnerabilities within your business environment, providing a cybersecurity advantage. While this doesn't translate to direct financial benefits, it helps prevent potential breaches and escalations, which is invaluable. Like other security tools, Wiz incurs a cost, but its value lies in enhanced security rather than financial gain.
What other advice do I have?
Wiz's scanning and detection capabilities can identify vulnerabilities potentially affecting the cloud or exposure. It's not solely focused on database issues. It performs various tasks effectively. The categorization is excellent, the dashboards are informative, and the reporting features are robust. Additionally, you can create highly customizable reports.
Everything works using a CI/CD pipeline, which is very good because every DevOps engineer can manage it by simply creating some code around the message request. Wiz works fine and is fully compliant with CI/CD. The workflow and the tasks align with industry standards.
We can configure any compliance framework for checking with Wiz. For example, you can select frameworks such as GDPR, AWS Fundamentals, and CI/CD. You can configure the tool based on the recommendations provided by these frameworks. If your company has specific requirements, like allowing an 8-character password while the state requires 12 characters, you can customize the settings accordingly. Wiz will then assess compliance based on these customized parameters, and if everything meets the set criteria, it will confirm that you are compliant.
You have everything in one dashboard. The dashboard and reports are quite literally perfect. Since everything is in one dashboard, you can customize the reports to show only the columns you want to see. For example, you can exclude low-risk items so you don't get notifications about low-risk issues that do not impact your compliance status.
Wiz has some AI features for consolidation, but it's not customizable. What VMware offers is similar, but there's not much to choose between. You either have a batch compliance agreement, or you don't. Wiz's framework complies with requirements, or it doesn't. It's a vulnerability management tool similar to Kangaroo but with better AI documentation features. You can ask questions about how to do something, and the AI will provide the relevant information. This feature is built into the system.
Overall, I rate the solution a ten out of ten.
Best CSPM I’ve used plus much more
What do you like best about the product?
We looked at Wiz to replace our previous CSPM and it did a great job at that. However, we found that it's also awesome at dependency management and showing context around alerts.
What do you dislike about the product?
The automation capabilities aren't as strong as other competitors, and what was once a single-SKU, everything-you-need platform has become more fragmented as they acquire other companies and add features. I like the new features, but the pricing is becoming less friendly.
What problems is the product solving and how is that benefiting you?
Wiz takes care of pretty much our entire cloud security stack and DevSecOps efforts. We've licensed Wiz Code for CI/CD scans and will use their SAST product as soon as it launches.
showing 91 - 100