We use Wiz in our cloud security management by connecting it to our main cloud environment and other multi-cloud solutions. It helps us consolidate and manage information and risks, dividing them between VPCs and business units. Wiz keeps all information up-to-date and helps us identify any toxic connections within our cloud implementations.
External reviews
External reviews are not included in the AWS star rating for the product.
The Best Cloud Security Platform
Easy to get access to customer support
The constant release of new features to add to an already broad feature set
The attack path mapping creates a contextual view beyond that of cloud native security services such as AWS Inspector/Security hub.
Assisting us in cloud vulnerability management
Demonstrating compliance to CIS/PCI DSS to our regulators
Wiz helped us solve multiple challenges and has identified multiple ongoing risks in our cloud
The best cloud security tool so far
Wiz Review - Nearly 1 Year In
Helps us consolidate and manage information and risks, dividing them between VPCs and business units
What is our primary use case?
What is most valuable?
The most valuable feature of Wiz is that it keeps information up to date without needing to perform scans or schedule maintenance windows. It provides a fresh snapshot of our vulnerability metrics. It also helps us make decisions on improvements, maintenance, or updates for our systems. Regarding compliance and governance, Wiz streamlines our vulnerability management to meet specific needs effectively.
What needs improvement?
The reporting should be improved because until a few months ago, the reports were only in CSV format, which made it difficult to clean up. Wiz tried to improve the reporting process, but it's not as valuable as Tenable.
For how long have I used the solution?
I have experience of using Wiz for more than a year.
What do I think about the scalability of the solution?
Wiz was quite scalable and easy to manage initially. However, as the solution became more costly with our growth, it posed some challenges. We had to work on managing costs and scaling according to our needs, which required some effort, but we were able to find a balance in terms of pricing and performance.
How are customer service and support?
It is difficult to get in touch with them initially. We had to get in touch every for our queries related to AWS and GCP marketplaces. However, once you need to discuss numbers, they are very responsive.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
I have worked with Tenable and Qualys. Wiz stands out in deployment ease and resource consumption compared to Qualys or Tenable. Its simplified processes and snapshot features make it a preferred choice.
How was the initial setup?
The initial setup was easy. We need to key details, therefore setting up Wiz very easily. It’s easier than Tenable, which requires deploying infrastructure and handling the associated costs. Deploying Wiz took about one month due to our multi-cloud services, but the main cloud service took less than a week.
Wiz requires no maintenance since it is a SaaS, but if we need to deploy a new service or have any issues, the technical support is really helpful without additional costs. Once integrated, it is very easy to maintain.
What about the implementation team?
We took help from an external account manager and a technical account manager from Wiz. Our team consisted of three people: a DevOps engineer, a TechOps engineer, and the person responsible for the implementation.
What was our ROI?
Using Wiz has significantly reduced our costs compared to having three separate solutions. We estimate a cost reduction of around 35% to 50%, or even more, due to consolidating our security management into one platform. This operational impact has been one of the most significant benefits we've experienced with Wiz.
What's my experience with pricing, setup cost, and licensing?
Regarding pricing, it’s more than $100k because we have a very big infrastructure. Our environment supports around three thousand people, and we offer business-to-client financial services to around one million clients, so we rely heavily on Wiz.
What other advice do I have?
An agentless cloud assets vulnerability scanner which akes snapshots and then scans
What is our primary use case?
Wiz is an agentless cloud assets vulnerability scanner. You don't need to install anything to use any of the machines. It takes snapshots and then scans it. It is interesting because all other scanners need to install some agent.
How has it helped my organization?
This solution is designed to be agentless. This approach saves bandwidth and other resources. Nobody needs to report anything or send packages to the backend. Everything operates as a SaaS solution. They perform snapshots and alerting, converting the data into metadata, which they then analyze and return. Thus, the SaaS solution handles the entire process without requiring additional effort from us.
What is most valuable?
Wiz is a very powerful and easy-to-use tool. It's highly customizable, allowing us to manage many custom features effectively.
What needs improvement?
You need to enter numbers manually. Now, everyone has to press to proceed. Wiz still requires managing all the numbers on the web page. Wiz could enhance API integration with ServiceNow and Jira.
For how long have I used the solution?
I have been using Wiz for six months.
Which solution did I use previously and why did I switch?
How was the initial setup?
The initial setup is straightforward and takes two to three weeks to complete.
What's my experience with pricing, setup cost, and licensing?
Wiz is quite expensive. However, having a comprehensive view of your cloud environment is essential. On-premises systems are much easier to track, but managing numerous instances in the cloud requires enhanced visibility.
We are paying 250k per year.
For our business case, we needed Wiz to meet regulatory requirements and quickly identify public exposure vulnerabilities, such as publicly accessible instances or resources. This information immediately helps prevent vulnerabilities within your business environment, providing a cybersecurity advantage. While this doesn't translate to direct financial benefits, it helps prevent potential breaches and escalations, which is invaluable. Like other security tools, Wiz incurs a cost, but its value lies in enhanced security rather than financial gain.
What other advice do I have?
Wiz's scanning and detection capabilities can identify vulnerabilities potentially affecting the cloud or exposure. It's not solely focused on database issues. It performs various tasks effectively. The categorization is excellent, the dashboards are informative, and the reporting features are robust. Additionally, you can create highly customizable reports.
Everything works using a CI/CD pipeline, which is very good because every DevOps engineer can manage it by simply creating some code around the message request. Wiz works fine and is fully compliant with CI/CD. The workflow and the tasks align with industry standards.
We can configure any compliance framework for checking with Wiz. For example, you can select frameworks such as GDPR, AWS Fundamentals, and CI/CD. You can configure the tool based on the recommendations provided by these frameworks. If your company has specific requirements, like allowing an 8-character password while the state requires 12 characters, you can customize the settings accordingly. Wiz will then assess compliance based on these customized parameters, and if everything meets the set criteria, it will confirm that you are compliant.
You have everything in one dashboard. The dashboard and reports are quite literally perfect. Since everything is in one dashboard, you can customize the reports to show only the columns you want to see. For example, you can exclude low-risk items so you don't get notifications about low-risk issues that do not impact your compliance status.
Wiz has some AI features for consolidation, but it's not customizable. What VMware offers is similar, but there's not much to choose between. You either have a batch compliance agreement, or you don't. Wiz's framework complies with requirements, or it doesn't. It's a vulnerability management tool similar to Kangaroo but with better AI documentation features. You can ask questions about how to do something, and the AI will provide the relevant information. This feature is built into the system.
Overall, I rate the solution a ten out of ten.
Which deployment model are you using for this solution?
Best CSPM I’ve used plus much more
Great CSPM tool for getting an handle on cloud workloads
CI/CD Scans Vulnerabiity rankings do not align with findings within the system's "toxic combinations"
Great Insights, Prioritization, and Interface
Provides simplicity, comprehensive findings, and impressive security graph
What is our primary use case?
We currently use Wiz for cloud security management to identify and address vulnerabilities in our AWS platforms. Wiz is also integrated with our EKS clusters, allowing us to monitor and manage cluster security. We deploy sensors across our infrastructure, from the base level to more advanced setups, to gather comprehensive vulnerability data. Additionally, Wiz helps us manage our inventory and images. We have integrated Wiz with our ECR to monitor and secure container images through the ECR connector.
How has it helped my organization?
Our main goal is to use Wiz as our secondary product. We aim to gather all logs and vulnerabilities and integrate them into our main tool, Splunk. Wiz helps us identify issues, but Splunk remains our primary solution. We forward all logs from Wiz to Splunk. The client, Vericore, uses Splunk as their main tool to gather data from third-party CSPM tools like Prisma and others, including DDoS detection. This integration allows us to generate reports and distribute them to other departments to address the identified vulnerabilities.
What is most valuable?
Wiz offers greater visibility and more in-depth findings in terms of configuration, misconfiguration, and vulnerabilities.
What needs improvement?
The APIs are currently quite limited and not very mature, which makes integration with Splunk difficult. As a result, we often have to use Wiz instead of our mainframe to handle tasks related to Splunk. We regularly meet with the Wiz team, who then consult their product team to find solutions and alternative methods for these tasks.
For how long have I used the solution?
I have been using Wiz for six months.
What do I think about the stability of the solution?
It is stable.
What do I think about the scalability of the solution?
We don't have any issues with the scalability. 45-50 users are using this solution.
We have multiple departments, including product security and sales. We have development teams and other departments as well. For each senior and director in these departments, we have created users and provided them with access to Wiz. This allows them to gather reports from Wiz. Additionally, if they cannot get the reports from Wiz, they can use Splunk, with which we have integrated Wiz.
We have deployed Wiz in three organizations on AWS, each with approximately 70 to 80 accounts, totaling more than 120 accounts. We have also deployed Wiz in Microsoft environments, ensuring we can gather data from every platform.
How are customer service and support?
Support has been great. We have a dedicated channel with Wiz and are always in communication with them.
How would you rate customer service and support?
Neutral
How was the initial setup?
The initial setup was very straightforward. We used the deployment connectors in Wiz. We deployed three connectors for our AWS environment, and each connector requires specific roles: Wiz rules and read-only roles. The deployment was done using the CloudFormation template through our management account, and we deployed the template to all the accounts in the organization.
The deployment took no more than 48 hours because it was done easily. However, the setup to get all the data from AWS into Wiz took about 24-48 hours.
Which other solutions did I evaluate?
We use Splunk for DDoS detection and the AWS Security Data Lake for micro detections. We use Wiz for cloud platform configuration. For threat detection, we rely on the AWS Security Data Lake and Splunk.
What other advice do I have?
We use Wiz to enhance our cloud security, and as a result, the number of vulnerabilities has gone down. We have integrated Jira authentication with Wiz to create tickets. We have set up rules in Wiz that generate tickets for misconfigurations. These tickets are sent to the respective departments that own the accounts with the identified vulnerabilities and misconfigurations. Our security team pushes these tickets to the relevant teams, enhancing security.
Integration and deployment are relatively easy. However, we have encountered some incidents with Wiz in the past. As Wiz mentioned, some policies included in the connectors were flagging our production EBS in AWS.
Maintenance is very easy.
I recommend Wiz for its simplicity, comprehensive findings, and impressive security graph. It provides excellent visibility, threat detection, and data classification rules. Additionally, Wiz offers more control compared to Prisma and other third-party tools.
Overall, I rate the solution at eight-point five out of ten.