My organization operates as a service provider for some small companies, so we started working with Wiz. I am not fully confident in discussing how work is going on with Wiz. I am having a training session on how to use the tool.

There are no major complaints associated with the tool.

As the tool is a good fit for small and medium-sized businesses, the solution should focus on making the product suitable for large-scale businesses.

I have been using Wiz for six to seven months.

It is a stable solution.

I provide the solution for small companies. The tool suits small and medium-sized businesses.

My company did not get to use the product for an enterprise-sized business, but we may try it for large companies if we get an opportunity.

I have not contacted technical support for the solution.

I have not worked with any other tools.

One of our company's team members already completed the product's initial setup phase. I just started exploring the tool after that.

The tool helps our company save time.

Over the other tools in the market, my company started to use Wiz after our clients started to use it based on our recommendation. One of our team managers proposed Wiz, and then we started working on it.

My company has not integrated the product with any other tools. We have just started exploring the product, which we mainly use for Azure-based tools and for detecting vulnerabilities. Actually, one of my other teams in my company has good experience with the tool. I am in the first stage of exploring Wiz.

The tool is very powerful in nature.

It is easy to use the tool.

I recommend the tool to others since it is a user-friendly product.

I have started using the product for any AI-based projects. I am trying to switch over from exchange to security platforms.

I will recommend the tool to other people. It is good to use. I can recommend the tool to anyone.

I have not yet started using the AI features in the tool.

I rate the tool an eight out of ten.

I use the solution for test and demo environments, and then we deploy the platform's last version for our customers. We use the advanced license type, so we have all the features in the platform.

The tool is used for security assessment and maintaining our customers' correct security posture. We have different types of customers, so there are different types of use cases. But in general, the main need is for the maintenance of cloud security posture.

The tool's most valuable feature is its attack path analysis. The feature of the tool for inspecting running containers and the new feature of intelligent artificial intelligence security posture is good. With the attack path analysis, I can see the perfect path of a possible attack, I can see the exposure of different types of resources, and I can stop the attack with the remediation or suggestion of the platform. Regarding the container runtime security, I can see how the container runs and what type of action the container takes during execution. I can take some action to modify the running of the container. For the artificial intelligence security posture, I can see the misconfiguration problem with the security permission that customers give to the platform, like Bedrock or OpenAI, and so on. We can help the customer resolve this problem of data security exposure and so on. All such features are effective in identifying vulnerabilities. The platform allows users to collect information without the need for an install agent. So it's totally agentless, and it is a great feature. I don't need to install an agent, so onboarding the platform is very easy and very speedy.

The tool keeps improving on a weekly basis. Wiz enters into a lot of partnerships with other technologies. I don't have any idea about the improvements needed in the tool at the moment.

For me, Wiz is a very complete product, but it is not the perfect one. Other technologies are better for our customers' specific use cases. A possible way to grow the tool is by introducing new functionality or features.

In the future, the tool can introduce an on-prem infrastructure or platform. Not having an on-prem version can be an obstacle for customers who have a large workload in an on-prem environment.

The onboarding can be done in five minutes or five to ten minutes. Then, there is the configuration, and it depends on the type of the use case of the customer. There is a customer that has simple use cases for whom the onboarding can be done in four to eight hours a day. If there are some customers with a lot of use cases and a lot of different cloud providers, more time is needed. In general, we don't need more than five days to deploy the tool, even in the case of a very complex architecture and hybrid cloud environment.

To deploy the tool, we need to have access to the account of the customer, and Wiz is a stuff that we need to make with the customer. We do the onboarding together. The customer creates the correct authorization in the cloud platform and gives us the key to connect to the platform, and then the platform connector starts and begins to collect information.

I have been using Wiz since 2023. My company is a service integrator and a partner of Wiz. I use the solution's latest version.

It is a stable solution. Stability-wise, I rate the solution an eight to nine out of ten.

Scalability-wise, I rate the solution a ten out of ten.

I don't know the exact number of users because every customer can create a user autonomously on the platform. So, I don't have availability at the moment for the total number of users. We have five customers at the moment, and we have done a lot of PoC during the last two years. I suppose that we will have around 22 different customers. If you need a number, a minimum of 60 users use the tool.

My customers are medium and large enterprises.

The solution's technical support was excellent. We have had excellent communication and availability for any of our needs or questions. They answer quickly, and we have had a great experience with the technical support. I rate the technical support a nine out of ten.

Positive

If one is difficult and ten is easy to set up, I rate the product's initial setup phase a nine out of ten.

The solution is deployed on the cloud. In the future, the tool can introduce an on-prem infrastructure or on-prem platform, but at the moment, it is only cloud.

If one is cheap and ten is expensive, I rate the tool's price as a five out of ten. The pricing depends on the customer and the dimension of the environment, whether the customer is strategic or not. I suppose that it is available at a middle price. In some cases, it has a very aggressive price, so very cheap, in order it's expensive. In particular, if the workload is poor, they can't make grid cells, so the price is high, and it is not in terms of real value but in terms of the budget of the customer.

The tool can be used for all customers who don't have a security structure or security team inside because the platform is very easy to use. It is a very useful tool for developer teams that can use the platform without having security knowledge, and the platform helps the developer of code applications. The tool adapts to a use case in which there is a SOC team because of the rich data that the SOC can correlate and manage.

I recommend the tool to companies that use cloud products. Wiz can be integrated with other customer platforms because it enriches information and makes inaction very valuable in terms of security.

I rate the tool as an eight out of ten.

We use Wiz in our cloud security management by connecting it to our main cloud environment and other multi-cloud solutions. It helps us consolidate and manage information and risks, dividing them between VPCs and business units. Wiz keeps all information up-to-date and helps us identify any toxic connections within our cloud implementations.

The most valuable feature of Wiz is that it keeps information up to date without needing to perform scans or schedule maintenance windows. It provides a fresh snapshot of our vulnerability metrics. It also helps us make decisions on improvements, maintenance, or updates for our systems. Regarding compliance and governance, Wiz streamlines our vulnerability management to meet specific needs effectively.

The reporting should be improved because until a few months ago, the reports were only in CSV format, which made it difficult to clean up. Wiz tried to improve the reporting process, but it's not as valuable as Tenable.

I have experience of using Wiz for more than a year.

Wiz was quite scalable and easy to manage initially. However, as the solution became more costly with our growth, it posed some challenges. We had to work on managing costs and scaling according to our needs, which required some effort, but we were able to find a balance in terms of pricing and performance.

It is difficult to get in touch with them initially. We had to get in touch every for our queries related to AWS and GCP marketplaces. However, once you need to discuss numbers, they are very responsive. 

Positive

I have worked with Tenable and Qualys. Wiz stands out in deployment ease and resource consumption compared to Qualys or Tenable. Its simplified processes and snapshot features make it a preferred choice.

The initial setup was easy. We need to key details, therefore setting up Wiz very easily. It’s easier than Tenable, which requires deploying infrastructure and handling the associated costs. Deploying Wiz took about one month due to our multi-cloud services, but the main cloud service took less than a week.

Wiz requires no maintenance since it is a SaaS, but if we need to deploy a new service or have any issues, the technical support is really helpful without additional costs. Once integrated, it is very easy to maintain.

We took help from an external account manager and a technical account manager from Wiz. Our team consisted of three people: a DevOps engineer, a TechOps engineer, and the person responsible for the implementation.

Using Wiz has significantly reduced our costs compared to having three separate solutions. We estimate a cost reduction of around 35% to 50%, or even more, due to consolidating our security management into one platform. This operational impact has been one of the most significant benefits we've experienced with Wiz.

Regarding pricing, it’s more than $100k because we have a very big infrastructure. Our environment supports around three thousand people, and we offer business-to-client financial services to around one million clients, so we rely heavily on Wiz.

We currently use Wiz for cloud security management to identify and address vulnerabilities in our AWS platforms. Wiz is also integrated with our EKS clusters, allowing us to monitor and manage cluster security. We deploy sensors across our infrastructure, from the base level to more advanced setups, to gather comprehensive vulnerability data. Additionally, Wiz helps us manage our inventory and images. We have integrated Wiz with our ECR to monitor and secure container images through the ECR connector.

Our main goal is to use Wiz as our secondary product. We aim to gather all logs and vulnerabilities and integrate them into our main tool, Splunk. Wiz helps us identify issues, but Splunk remains our primary solution. We forward all logs from Wiz to Splunk. The client, Vericore, uses Splunk as their main tool to gather data from third-party CSPM tools like Prisma and others, including DDoS detection. This integration allows us to generate reports and distribute them to other departments to address the identified vulnerabilities.

Wiz offers greater visibility and more in-depth findings in terms of configuration, misconfiguration, and vulnerabilities.

The APIs are currently quite limited and not very mature, which makes integration with Splunk difficult. As a result, we often have to use Wiz instead of our mainframe to handle tasks related to Splunk. We regularly meet with the Wiz team, who then consult their product team to find solutions and alternative methods for these tasks.

I have been using Wiz for six months.

It is stable.

We don't have any issues with the scalability. 45-50 users are using this solution.

We have multiple departments, including product security and sales. We have development teams and other departments as well. For each senior and director in these departments, we have created users and provided them with access to Wiz. This allows them to gather reports from Wiz. Additionally, if they cannot get the reports from Wiz, they can use Splunk, with which we have integrated Wiz.

We have deployed Wiz in three organizations on AWS, each with approximately 70 to 80 accounts, totaling more than 120 accounts. We have also deployed Wiz in Microsoft environments, ensuring we can gather data from every platform.

Support has been great. We have a dedicated channel with Wiz and are always in communication with them.

Neutral

The initial setup was very straightforward. We used the deployment connectors in Wiz. We deployed three connectors for our AWS environment, and each connector requires specific roles: Wiz rules and read-only roles. The deployment was done using the CloudFormation template through our management account, and we deployed the template to all the accounts in the organization.

The deployment took no more than 48 hours because it was done easily. However, the setup to get all the data from AWS into Wiz took about 24-48 hours.

We use Splunk for DDoS detection and the AWS Security Data Lake for micro detections. We use Wiz for cloud platform configuration. For threat detection, we rely on the AWS Security Data Lake and Splunk.

We use Wiz to enhance our cloud security, and as a result, the number of vulnerabilities has gone down. We have integrated Jira authentication with Wiz to create tickets. We have set up rules in Wiz that generate tickets for misconfigurations. These tickets are sent to the respective departments that own the accounts with the identified vulnerabilities and misconfigurations. Our security team pushes these tickets to the relevant teams, enhancing security. 

Integration and deployment are relatively easy. However, we have encountered some incidents with Wiz in the past. As Wiz mentioned, some policies included in the connectors were flagging our production EBS in AWS. 

Maintenance is very easy.

I recommend Wiz for its simplicity, comprehensive findings, and impressive security graph. It provides excellent visibility, threat detection, and data classification rules. Additionally, Wiz offers more control compared to Prisma and other third-party tools.

Overall, I rate the solution at eight-point five out of ten.