External reviews
715 reviews
from
and
External reviews are not included in the AWS star rating for the product.
Wiz is great solution for cloud security.
What do you like best about the product?
The simple interface and the good insights about the security posture of our cloud.
What do you dislike about the product?
I can't think of any at the moment.
Great product
Great product
What problems is the product solving and how is that benefiting you?
Security issues in the cloud. It gives me the ability to know exactly where I am vulnerable in my cloud environment and explains the gaps so I can fully understand them.
It is good product but missing some features that I am expecting from CNAPP
What do you like best about the product?
I liked the vulnerabilities that WIZ is able to provide in the environment and the update on new CVEs that impact our environment.
WIZ having a good dashboard in one location I can see the status of our environment.
WIZ having a good dashboard in one location I can see the status of our environment.
What do you dislike about the product?
There is no option to run a query on the JSON format of the environment
it is more query that builds by WIZ but we cannot adjust it
I would like to have the ability to build a custom query on some field that you don't take into consideration
protection on the network level such as analyzing the flow logs
scan for every 24 hours - I would like to have a scan for half an hour related to CSPM if someone changes the S3 to be public I would like to know immediately and not after 24 hours.
JIRA BI-directional - Jira Ticket can only open but not close the ticket in Jira.\
it is more query that builds by WIZ but we cannot adjust it
I would like to have the ability to build a custom query on some field that you don't take into consideration
protection on the network level such as analyzing the flow logs
scan for every 24 hours - I would like to have a scan for half an hour related to CSPM if someone changes the S3 to be public I would like to know immediately and not after 24 hours.
JIRA BI-directional - Jira Ticket can only open but not close the ticket in Jira.\
What problems is the product solving and how is that benefiting you?
provide a visiblity on the cloud environment from a exposure and vulnerabilites.
it is good in one location we can see all the connectivty but some time it is take time to understand where is the issue.
it is good in one location we can see all the connectivty but some time it is take time to understand where is the issue.
Wiz platform is a great way to be secure and get knowledge about your environment.
What do you like best about the product?
The most helpful is that you can collect data, the "Threat Center" for example is such a useful tab!
The qualities I appreciate are that I can see if we are exposed to attack.
Actually, I didn’t have a chance to use another platform.
The qualities I appreciate are that I can see if we are exposed to attack.
Actually, I didn’t have a chance to use another platform.
What do you dislike about the product?
I think that the downside is that, at first, it can seem a bit complicated platform.
What problems is the product solving and how is that benefiting you?
So wiz is constantly scanning our cloud so we can be protected and be aware of malicious activity, that is the main issue that wiz solving for me and my security team.
Cloud Security Made Easy
What do you like best about the product?
Wiz has one of the best onboarding experiences I've used in a cloud security product. Onboarding AWS accounts can be done in minutes and does not require the installation or management of any infrastructure agents.
What do you dislike about the product?
We've had some issues getting the Jira integration to work how we want it with labeling issues dynamically based on the controls in place. That being said our account managers have been very helpful in getting it figured it ou.
What problems is the product solving and how is that benefiting you?
AWS cloud security oversight, we had multiple accounts and no security team to start with so we were stretched thin. Wiz replaced the need to hire a full time engineer purely for building and running tooling for providing ongoing security observability on our AWS infrastructure.
Wiz, as a solution and from a customer support experience, has exceeded our expectations.
What do you like best about the product?
Ease of deployment is the first thing that comes to mind. Second, the information produced by Wiz quickly turns into actionable data.
What do you dislike about the product?
So far, there is no significant downside to Wiz.
What problems is the product solving and how is that benefiting you?
Visibility into our Cloud environment and ability to ascertain 'real' security risks that coincide with the native security services from our CSP.
Great, multi cloud CSPM. Compliments and enriches our vulnerability visibility.
What do you like best about the product?
The interface is really nice and integrates with our other systems (Kenna, SIEM, etc)
Love that we can deploy this across AWS, as well as GCP and Azure.
Any SaaS company that doesn't have SSO is doomed to fail. Like that we can put it behind our Okta.
Love that we can deploy this across AWS, as well as GCP and Azure.
Any SaaS company that doesn't have SSO is doomed to fail. Like that we can put it behind our Okta.
What do you dislike about the product?
We recently that a few critical CVE/CVSS vulnerabilities and we had to enable some things that weren't turned on out-of-the-box. We didn't know that these were turned off until we scanned systems we knew had it and had to dig through docs to see why.
UPDATE: We recently discovered when Log4J was released that Wiz DOES NOT SCAN CRITICAL DIRECTORIES. What do I mean by this?
It will not scan key directories like /etc /bin /opt /lib /var.
When we were responding to the incident and scanning our infrastructure for Log4j, it came back negative, but we knew we had several Java applets and servers running it. Turns out, Wiz wasn't scanning linux directories where Log4j OR MOST MALWARE would run from.
We've experienced mostly good reviews, but once we identified these exclusions, we had slower responses and reporting from our various systems.
UPDATE: We recently discovered when Log4J was released that Wiz DOES NOT SCAN CRITICAL DIRECTORIES. What do I mean by this?
It will not scan key directories like /etc /bin /opt /lib /var.
When we were responding to the incident and scanning our infrastructure for Log4j, it came back negative, but we knew we had several Java applets and servers running it. Turns out, Wiz wasn't scanning linux directories where Log4j OR MOST MALWARE would run from.
We've experienced mostly good reviews, but once we identified these exclusions, we had slower responses and reporting from our various systems.
What problems is the product solving and how is that benefiting you?
Biggest problem Wiz is solving for us as getting consistent configuration management and vulnerability data across hundreds of AWS accounts as well as some GCP accounts from merger and acquisitions.
Completely redefining 'Cloud Security Posture Management'
What do you like best about the product?
Wiz is a game changer for security teams looking to accelerate their mean time to response for virtually any issue in the cloud. Utilizing mulitple criteria in prioritizing alerts (such as critical vulnerability AND public exposure), highlighting things like plaintext keys, identifying overly permissive roles and service accounts - all potentially in the same set of alerts - was not something we found in any other CSPM we demo'd. Likewise, other tools we used had some visualization capability, but not anything to the extent of Wiz's Security Graph. I think something that isn't talked about enough with the strength of Wiz's visualization is how much easier it makes investigations for analysts of all experience levels. We had several new analysts join our team this year and they were able to feel like they could make a near immediate impact in our cloud environment due to how easy Wiz made it for them to digest and understand the data. I'm not talking about the alert itself, but the context around the alert: the compromise paths, routes out to the greater internet, etc. Visualization is such a huge learning aid and makes it so easy to react almost instantaneously to findings.
What do you dislike about the product?
Not necessarily a downside, but I believe this is an opportunity for Wiz to market its ability to fill an additional gap.
Vulnerability management, at least in AWS, is a bit cumbersome. Before Wiz, we believed we had two options: a third-party vuln scanning platform or an AWS Inspector. Extending our on-prem scanning platform would be way too labor intensive to deploy and administrate. It would require a VM within each AWS OU with authentication privileges to the EC2s in the environment and would not even give us visibility into ECS or EKS. Using AWS Inspector would require the deployment of the systems manager agent across all EC2s. Because Wiz requires no insalled or deployed hardware, I think Wiz could make an excellent vulnerability management tool on top of everything else it does. Unfortunately, we do not use it today because there isn't a way to carve out vulnerabilities at a more granular level or prioritize them beyond Wiz's out-of-the-box rankings. There are plenty of companies, like ours, who are transitioning from on-prem to cloud and with that our development teams are still maturing their practices to align with AWS best practices, like regularly updating the images, checking for updates and calling the newest version of an image during a deployment. And while this maturation is happening it would be great to have Wiz to use for vuln management over deploying an archaic vulnerability scanner tool or being forced to use AWS Inspector.
Vulnerability management, at least in AWS, is a bit cumbersome. Before Wiz, we believed we had two options: a third-party vuln scanning platform or an AWS Inspector. Extending our on-prem scanning platform would be way too labor intensive to deploy and administrate. It would require a VM within each AWS OU with authentication privileges to the EC2s in the environment and would not even give us visibility into ECS or EKS. Using AWS Inspector would require the deployment of the systems manager agent across all EC2s. Because Wiz requires no insalled or deployed hardware, I think Wiz could make an excellent vulnerability management tool on top of everything else it does. Unfortunately, we do not use it today because there isn't a way to carve out vulnerabilities at a more granular level or prioritize them beyond Wiz's out-of-the-box rankings. There are plenty of companies, like ours, who are transitioning from on-prem to cloud and with that our development teams are still maturing their practices to align with AWS best practices, like regularly updating the images, checking for updates and calling the newest version of an image during a deployment. And while this maturation is happening it would be great to have Wiz to use for vuln management over deploying an archaic vulnerability scanner tool or being forced to use AWS Inspector.
What problems is the product solving and how is that benefiting you?
The bigger question is what problem does Wiz not solve? It allows us a greater visibility into our resource configurations, vulnerability posture, network configurations, identities and roles, all without having to deploy a single thing. I manage the security operations team, but Wiz makes it easy for our compliance team to check IAM roles, look up compliance against different standards like ISO and CIS. Our AppSec team uses it too to see ingress paths. We even have our architecture teams with access so that they can perform searches using the Security Graph.
Best Security Tool I ever evaluated
What do you like best about the product?
The User Interface is VERY intuitive and includes a dark mode! The daily alerts feed is also VERY useful.
What do you dislike about the product?
I would like to see a more robust mechanism for dispatching and tracking remediation efforts.
What problems is the product solving and how is that benefiting you?
Wiz provides excellent visibility with minimal to zero impact due to their agentless (full API) approach.
Everything that you could ever desire in a CNAPP
What do you like best about the product?
The implementation of Wiz into an environment could not be any easier. We successfully implemented Wiz into all of our AWS accounts very quickly and easily. Wiz automatically picks up new accounts that are added to our AWS organization. This allows Wiz to begin swiftly discovering vulnerabilities, and misconfigurations, including those with unintended public exposure and much more. Wiz easily integrates into your CI/CD pipeline, allowing developers to identify and fix issues before they are pushed to production. The frequency that Wiz scans your cloud environments provides visibility into problems quickly. Once remediated, Wiz resolves issues automatically in the platform without interaction on behalf of the developers or InfoSec teams. Integration with an identity provider could not be easier using the documentation that Wiz has available to customers. All documentation is extensive, and Wiz support quickly assists with any questions. Wiz employees from our initial onboarding until now have been nothing short of stellar. I truly am amazed at what Wiz has accomplished in the past year since we have been a customer. Evidence mapping of findings by Wiz detailing the path of exposure is also quite impressive. The quick work by the Wiz team to release new controls when a high-priority vulnerability is released is outstanding. I could go on and on, but the best advice I can give is to try Wiz for yourself. You will not be disappointed!
What do you dislike about the product?
I have nothing negative to say about a company that hasn't yet turned three years old. The capabilities of the Wiz are outstanding. The user interface is everything I would want it to be and more. Any issues I have/would like to be fixed were either already identified or quickly prioritized to make me happy as a customer.
What problems is the product solving and how is that benefiting you?
Wiz is a one-stop shop for identifying any problems within our cloud environments. The dashboards provided out of the box by Wiz are nothing short of amazing. Do you want to know what assets are accessible from the Internet via ssh or RDP? Wiz has a panel on the dashboard for that. Want to know about sensitive data exposure? Wiz can do that too. External exposure, vulnerability management, malware detection, container security, key management, and so much more is at your fingertips with Wiz. The visibility that it provides cannot be expressed enough. This visibility has and will continue to help improve our security posture in the cloud. Wiz truly is a game changer in the world of cloud security.
Wiz makes us look like wizards!
What do you like best about the product?
Wiz provides comprehensive security monitoring for multiple cloud environments, giving you a single pane of glass from which to assess and address risk.
What do you dislike about the product?
Wiz can be expensive if you have large cloud workloads.
What problems is the product solving and how is that benefiting you?
Wiz allows consolidation of risk to promote appropriate and timely prioritization in response.
showing 521 - 530