Wiz: Exceptional User Experience and Enhanced Efficiency
What do you like best about the product?
Wiz is a truly impressive tool. The user experience stands out, as it allows access to the platform through an interface adapted to each user's role. Additionally, Wiz's ability to prioritize critical aspects significantly contributes to improving work efficiency.
What do you dislike about the product?
The truth is that I don't find any negative aspect in Wiz, as for the use we give it, it turns out to be an excellent tool.
What problems is the product solving and how is that benefiting you?
Wiz provides us with centralized visibility of our multicloud environment, covering both the configuration of different clouds (CSPM) and the protection of workloads and applications (CNAPP). Having all findings visible and prioritized in one place allows us to organize and tackle the work much more efficiently.
Effortless Adoption and Prioritization Across Teams
What do you like best about the product?
I appreciate the ease of use, the ability to prioritize tasks, and the clear communication regarding issues. Additionally, I have noticed how quickly it has been adopted by various teams.
What do you dislike about the product?
The only aspect that left me disappointed was the transition from the previous "all in" licensing model to a pricing structure based more on specific features or workloads.
What problems is the product solving and how is that benefiting you?
Wiz helped us take enormous amounts of data about our systems, and turn it into actionable insights. Acting on those insights has generated tangible improvements in our security and responsiveness as new risks emerge.
Effortless Setup, Powerful Insights, and Outstanding Support
What do you like best about the product?
Easy to setup, great insights and awesome quality of findings.
Every feature is useful in real world scenario and closes the loop of vulnerability management. I'm really able to focus on the real issues.
Customer support is top level, and the platformization allows to save money on other solutions. Also the threat intel team is great.
What do you dislike about the product?
Sometimes the UI has too many funtions (but hey, the product has a ton of features!).
Some lack of visiblity on the log ingestion capability (not highlighted in the connect panel)
What problems is the product solving and how is that benefiting you?
Validate cloud configurations, identify vulnerabilities and attack paths and detect realtime issues.
Also, discover shadow IT and have a complete cloud asset inventory
Easy Setup and Great Support, But Requires Process Changes
What do you like best about the product?
Easy to install, easy to use. Very good technical support
What do you dislike about the product?
As for any new tool, need to implement associated process.
What problems is the product solving and how is that benefiting you?
Better understanding of our cloud environement. Identify most critical risks and facilitate remediation actions
Wiz Has Become an Essential Pillar of Our Security Strategy
What do you like best about the product?
The platform offers clear and actionable prioritization, enabling us to concentrate on the vulnerabilities that are most important. It provides comprehensive visibility into all our cloud assets, and does so without introducing unnecessary operational noise. The support team stands out for being consistently proactive, knowledgeable, and focused on finding solutions. Additionally, the product evolves rapidly, demonstrating that the team truly listens to customer feedback and needs.
What do you dislike about the product?
We uncovered some security issues we weren't previously aware of, but to be fair, that's precisely what we wanted Wiz to help us with! 😄
What problems is the product solving and how is that benefiting you?
Since implementing Wiz throughout our cloud environment, our approach to security has changed dramatically. The platform has made our proactive workflows more efficient, enhanced our visibility across the entire risk landscape, and, most importantly, improved how we prioritize vulnerabilities.
A key advantage is Wiz’s capability to automatically correlate signals from various sources, which significantly cuts down on noise and enables us to concentrate on the issues that truly matter. This has streamlined our remediation efforts and bolstered our overall security posture.
In addition to the product itself, the Wiz team has shown exceptional professionalism and genuine support. Their advice is always practical, reliable, and grounded in deep expertise. Whether we’re exploring best practices, adjusting configurations, or resolving complex challenges, they consistently show a strong dedication to our success. Their responsiveness and collaborative approach have played a crucial role in our smooth onboarding and ongoing growth with the platform.
Overall, Wiz has become a foundational part of our security strategy, thanks to both the value of the solution and the remarkable team behind it. Our experience has been extremely positive.
Cloud risk posture has improved and custom dashboards and graph views provide deeper insights
What is our primary use case?
My experience with Wiz varies on a case-by-case basis because I don't work on it daily; I engage with it when we need to research something that isn't fully implemented in the organization. Some elements are implemented, but they were done on a POC basis. I have hands-on experience where I've explored the environment extensively, checked vulnerabilities, and shared different findings with team members. So while I've worked with all that, I wouldn't classify it as part of my everyday BAU work, but I've been introduced to it in the last one or two years, max.
We have multiple subscriptions linked to Wiz, and we monitor various aspects including cloud security posture management findings. Compliance is another area we've focused on, where we've created our own compliance framework within Wiz. One feature I particularly appreciate about Wiz is that, similar to other cloud-native security tools like Microsoft's Defender for Cloud, it allows you to define policies as code and deploy them through a version control system with a continuous deployment pipeline. This functionality is also present in Wiz, where their Terraform provider enables complete documentation on controlling aspects directly in the Wiz environment. The major things we've worked on include deploying policies based on CSPM findings detected in Wiz, setting up our own framework and rules within those categories, and we've also worked with inventory management, as Wiz provides an AI-driven inventory that gives visibility into all cloud deployments. Wiz also helps manage vulnerabilities in various environments, such as Kubernetes clusters or Azure container apps.
In different organizational contexts, whether product-based or service-based, the customization of dashboards is highly beneficial. For instance, if I'm a startup or a large company using Wiz for multiple applications, custom dashboards allow me to categorize data from various feeds. Dashboarding becomes effective after managing categorization; I can define a project and add relevant resources or subscriptions under that project. Moving forward in the dashboarding section, I can set up custom widgets to view high-severity CSPM findings or risks, thus visualizing data based on specific filters and categories.
What is most valuable?
One feature I appreciate about Wiz is the graph controls, which allow for the correlation of multiple findings. For example, if a virtual machine has a critical CVE and is exposed to the internet, this links multiple vulnerabilities such as initial access types. Wiz attempts to categorize these different types of findings, such as CWPP and CSPM, and offers customization through graph controls where we can create our own contextual risk assessments in the cloud environment. Additionally, Wiz allows you to deploy aspects in the tool similarly to the GitHub model, which I appreciate. Its UI is also very smooth and categorized, making it easy to navigate and search through resources efficiently. You can create custom reports and dashboards in your own way, which are some of the major aspects I value in Wiz.
What needs improvement?
There is definitely room for improvement with Wiz. Given the scope of CNAP technology, which covers the entire SDLC from deployment to monitoring and APIs, it would be beneficial to enhance data integration capabilities. Wiz could partner with leaders in the market, such as Checkmarx, for example; while it currently supports Checkmarx in preview, there still needs to be significant enhancement in contextually mapping risks from pre-deployment scans, such as SAS, SCA, and DAST scanning results. Including these results would elevate contextual risk assessments to a higher level.
Wiz does encounter some glitches similar to other tools in the market. I remember facing certain challenges, such as problems scanning encrypted disks or discrepancies in the findings from already remediated vulnerabilities not reflecting accurately in the tool. These issues are not indicative of an overarching systemic failure but are worth noting as areas that could be improved upon.
Currently, Wiz doesn't consolidate tools effectively. Though it is starting to move in that direction with Checkmarx integration in preview, it lacks the maturity to fully replace other mature open-source tools. Wiz does offer some capability in SCA via CLI, but it falls short compared to its market counterparts and would benefit from further development in tool consolidation and correlation.
For how long have I used the solution?
I started using Wiz around two years ago.
What do I think about the stability of the solution?
During the POC, there were indeed a lot of alerts generated by Wiz. It's important to note that alerts vary in type; there are different classifications for vulnerability alerts, CSPM alerts, and contextual risk alerts. Each category has its own significance, meaning that while there may be a high volume of alerts, they can be beneficial and informative based on the context.
Wiz does encounter some glitches similar to other tools in the market. I remember facing certain challenges, such as problems scanning encrypted disks or discrepancies in the findings from already remediated vulnerabilities not reflecting accurately in the tool. These issues are not indicative of an overarching systemic failure but are worth noting as areas that could be improved upon.
What do I think about the scalability of the solution?
I rate Wiz's scalability a perfect 10 out of 10. During our POC, we successfully linked many subscriptions and could manage them effectively without encountering any scalability issues.
How are customer service and support?
I would rate the vendor's technical support as a nine out of ten. They respond swiftly and provide support when needed; for instance, when we experienced some initial trouble figuring out how to configure CCRs and validate results, the vendor was readily available to assist us over calls, clarifying both technical aspects and theoretical insights.
How would you rate customer service and support?
How was the initial setup?
I didn't handle the initial installation of Wiz directly; that task fell to the operations team responsible for deploying security tools. However, from what I gather, integrating Wiz into the environment is not complex. It primarily requires the creation of a service account with sufficient permissions for Wiz to access necessary resources, making the overall integration process straightforward. Challenges might arise from organizational dynamics when persuading stakeholders, but technically, the setup doesn't appear to be cumbersome.
What about the implementation team?
Many people participated in the POC phase with Wiz, involving different teams such as the operational team for deployment and others handling various security dimensions. Many teams contributed during the POC phase., focusing primarily on the security specialists without including end users.
What was our ROI?
I would have appreciated providing a more specific return on investment metric for Wiz, but since my experience with it is based on a POC without full implementation, I cannot precisely track its impact on time or resource savings. It hasn't been operationalized fully yet in our organization.
What other advice do I have?
My understanding of Wiz's pricing suggests it's not cheap. While I may not have direct involvement in pricing discussions due to different teams managing purchasing decisions, feedback indicates that Wiz is among the most expensive tools available. Though there's likely room for adjustment in pricing, it should be noted that, compared to tools such as Microsoft Defender for Cloud, which scales according to subscriptions, Wiz's pricing can be significantly higher when supporting multiple products within larger organizations.
Wiz was implemented as a POC, and while there were many subscriptions linked, I can share examples of its usage. For instance, when Log4j vulnerabilities emerged several years ago, we managed to quickly create a report through the Wiz dashboard, enabling us to identify all workloads impacted by a critical CVE. With resource tagging for ownership, this helped us reach out to the relevant individuals responsible. Although Wiz offers an option for service integrations such as Jira for issue creation if implemented fully, our approach was manual report generation, where we exported findings and alerted personnel to maintain a zero-issues status.
I would rate this review a 9 out of 10 overall.
Unified cloud visibility has transformed our risk prioritization and reduced alert fatigue while improving collaboration across security and DevSecOps teams
What is our primary use case?
My main use case for
Wiz includes utilizing
Wiz Code,
Wiz Defend, and
Wiz Cloud Security Posture Management.
A quick specific example of how I use Wiz Cloud Security Posture Management in my day-to-day work is analyzing all the issues we see within the cloud and infrastructure as a code over our SOC team and security engineering.
I have been using Wiz during these years and think it is a great product; I can review in depth when the need is being requested, and I have been doing POCs of other vendors out there compared with Wiz.
I did create a custom dashboard in Wiz, and my experience with it is that it works well, has a flexible widget system, good query-based customization, and easy cloning for multi-team environments, but it could work better with limited visualization types.
Wiz runtime sensor has helped in identifying active threats more effectively compared to previous solutions by providing increased visibility and accuracy, especially when correlating runtime behavior with cloud posture; it offers better context around runtime activity, faster detection of critical threats, improved detection accuracy, increased visibility across assets we previously missed, and stronger support for incident response, with the overall impact rated 10 out of 10.
Before adopting Wiz, we relied on multiple disconnected tools for CSPM, vulnerability scanning, and infrastructure as a code review, which each provided partial visibility; Wiz replaced most of these functions with one unified security graph that brings together configuration, risk, identity, workload vulnerability, data sensitivity, and exposure path in one way.
What is most valuable?
The standout features of Wiz that make it valuable for me include good multi-cloud environment support, data governance, shadow IT detection,
DevSecOps governance, automation, level reporting, threat detection, and good infrastructure detection.
Wiz has positively impacted my organization by implementing zero trust authorization, providing good reporting that shows the top attack path, critical assets, overall risk posture, and demonstrating AI and ML workload capabilities towards my team, as well as good infrastructure detection and vulnerability detection accuracy with security posture management at massive scale and identity exposure. There is a massive reduction in risk exposure, immediate visibility across the entire cloud estate, reduced noise and better prioritization, stronger
DevSecOps collaboration, continuous compliance instead of ad hoc panic, faster incident response with real context, significant cost savings through tool consolidation, and stronger AI and data governance.
What needs improvement?
Wiz can be improved with better maturity in code scanning and developer workflows, expanding secret detection to full lifecycle management, stronger
IAM across multi-account environments, more transparent attack path scoring and risk modeling, improved AI and ML security scanning, reduced false positives in runtime threat detection, more fine-grained access control and tenant separation, and better integration for serverless workloads.
For how long have I used the solution?
I have been using Wiz for around two years.
What do I think about the stability of the solution?
In my experience, Wiz is very stable.
What do I think about the scalability of the solution?
Wiz is very scalable.
How are customer service and support?
I do use Wiz's post-sale support services, and I am improving every quarter the performance of the tool with their assistance.
The customer support for Wiz is very good.
How would you rate customer service and support?
Which solution did I use previously and why did I switch?
I have evaluated multiple solutions before Wiz, including Palo Alto Prisma Cloud,
Orca Security,
Lacework, Check Point, Qualys cloud solution,
Snyk, Checkmarx, and other DevSecOps platforms.
What was our ROI?
I have seen a return on investment with Wiz by reducing our budget spent on other tools, saving time, and needing fewer employees.
Wiz has reduced alert fatigue in my organization by around 90% over a given time period.
What's my experience with pricing, setup cost, and licensing?
My experience with pricing, setup cost, and licensing for Wiz was through an RFP where they offered us a good price, and the licensing was a flexible solution based on our business.
What other advice do I have?
My advice for others looking into using Wiz is to try it not just as another security tool, but as a foundational visibility and risk prioritization platform for your entire cloud environment; to get the full value, you need to think strategically about adoption, ownership, and cross-team alignment. I would rate this review as a 9 out of 10.
Which deployment model are you using for this solution?
Hybrid Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Comprehensive Multi-Cloud Analysis and Posture Management
What do you like best about the product?
Clean, clear interface, and thorough context aware analysis of our multi-cloud environment. Risk analysis of our environment, and trusted / verified identification of vulnerabilities.
What do you dislike about the product?
It is pretty expensive, but we have been able to decommission other services, as these are adequately covered by Wiz.
What problems is the product solving and how is that benefiting you?
Getting a clear and concise understanding of the risk posture and vulnerabilities in our multi cloud configurations. Identifying vulnerabilities, and configuration issues that we trust and rely upon. Clear dashboarding and reporting capabilities.
Unified Multi-Cloud Security with AI-Driven Features
What do you like best about the product?
The platform offers a multi-cloud strategy, providing unified visibility across Azure, OCI, and Kubernetes environments. Its risk-based prioritization ensures that remediation efforts are directed toward the most critical attack paths, rather than addressing isolated issues. Additionally, it is designed with future-ready security in mind, featuring AI-driven security posture management and integration with ServiceNow to enable automated workflows.
What do you dislike about the product?
The alert noise generated at scale can be overwhelming for smaller teams, making careful fine-tuning necessary. Additionally, the current Wiz connectors lack support for ingesting real-time threats into SIEM tools, which can be a limitation. There is also a learning curve involved in mastering the platform's extensive features. Furthermore, the pricing is quite high, especially for access to the advanced feature set.
What problems is the product solving and how is that benefiting you?
Unified visibility into our cloud workloads, along with risk-based prioritization, helps us address any misconfigurations effectively.
Unmatched Cloud Visibility and Seamless Jira Integration
What do you like best about the product?
What I like best about Wiz is the insight visibility and overview of issues and vulnerabilities within a cloud environment. Being able to not only track the primary resource of each individual issue but to also be able to view that in a security graph at a very high level. This type of insight capabilities helps users like me understand the full history of the issue as well as the different access points. Also being able to integrate these issues/vulnerabilities directly into Jira for direct progress tracking improves the workflow of solving them within a timely manner.
What do you dislike about the product?
The only downside I have for Wiz is that it can give a ton of information and telemetry on your environment all at once. Which can seem kinda overwhelming when first onboarding Wiz because a user may not know exactly what areas to search for in Wiz, and as a result it can take some time to understand.
What problems is the product solving and how is that benefiting you?
Wiz is solving the gaps of public exposure and vulnerabilities that our cloud environment has had in the past. That directly benefits me by giving my team more visibility into our cloud environments security posture overall, and knowing that I'm taking the correct steps into making our cloud environment as secure as possible.
