WIZ Cloud Infrastructure Security Platform

What do you like best about the product?

What I like best about Wiz is its ability to provide risk-based visibility across our cloud environment in a way that is actionable for both security and engineering teams.

The most valuable aspect is the contextual risk prioritization. Rather than managing large volumes of findings, Wiz helps us focus on the exposures that matter most and drive remediation where it has the greatest impact.

The platform is intuitive, scales well, and provides strong executive-level visibility into cloud risk. We've also found the AI capabilities helpful in accelerating investigations and understanding complex attack paths and security findings.

What do you dislike about the product?

As with any mature security platform, there is a significant breadth of functionality, which can create a learning curve for new users. While the platform does a strong job of contextualizing risk, some of the more advanced capabilities and reporting options could be simplified further to accelerate adoption across broader technical teams.

As our cloud environment continues to evolve, I would also welcome continued investment in AI-driven recommendations and automation to further reduce investigation and remediation effort. These are relatively minor considerations, however, compared to the overall value the platform delivers.

What problems is the product solving and how is that benefiting you?

Wiz helps us address one of the biggest cloud security challenges: gaining clear visibility into risk across a rapidly evolving cloud environment while enabling teams to move quickly.

Before Wiz, it was more difficult to correlate vulnerabilities, misconfigurations, exposed assets, and identity risks to understand which issues required immediate attention. Wiz provides the context needed to prioritize remediation based on actual risk, improving collaboration between security and engineering teams and allowing us to focus resources where they have the greatest impact.

From a business perspective, this has improved our ability to manage cloud risk at scale, strengthen our security posture, and provide leadership with better visibility into our overall risk landscape. The result is a more efficient and risk-informed approach to cloud security without slowing down innovation.

I basically use it for vulnerability management, so from an admin's perspective, I am using it as an actual user of Wiz . It is for vulnerability management majorly, and to apply or review the compliances of the cloud environment.

Wiz  helps to consolidate our tools. Wiz helps to identify active threats more effectively as it does active scanning on workloads, keeps looking into logs and images of virtual machines, and upon detecting threats, it checks possible connections through events and logs, giving visibility into where the issue started and exactly where it is.

Wiz helps to achieve zero criticals in its issue queues. Wiz reduces alert fatigue overall, but there is a learning curve; out of the box, it may increase noise if there isn't a proper architecture in place.

Wiz makes cloud security visibility clear for stakeholders, allowing them to understand risk posture, and does that really well. It creates a sense of ownership, as risk factors are presented, enabling anyone, including non-security and non-engineering teams, to use the tool if they are interested.

The biggest advantages of Wiz are that we can monitor multiple environments, as it has the capability to monitor multi-cloud models or architectures, providing visibility on a single page or tool. It also has AI integrations, so if you are finding a zero-day issue, you can calculate the risk score of that particular product and utilize that score to prioritize that particular CVE. If you are unsure about the resolution, Wiz also provides solutions and can craft custom PowerShell scripts to resolve a particular issue, all within the same tool, so you do not have to look elsewhere for solutions.

Wiz only provides visibility; if you want to take any actions, Wiz requires your consent to do it, so it does not automatically fix issues until you provide feedback.

We do have Wiz Code , but it is only for visibility, and we have not integrated it into our CI/CD pipelines yet, as it just gives us the library views and reports on DevOps content.

An area of improvement is that there is a lot of data inside Wiz and the naming is confusing, as similar categories for vulnerabilities and issues sometimes duplicate issues across resources, which can be hectic. While it doesn't cost much in terms of workloads, larger environments may incur higher costs based on architecture, and Wiz does not provide pre-configured reports but rather a dashboard requiring access to the tool.

I am using Wiz for the last three years.

Wiz is stable; aside from the mentioned cons, there are no other issues from the tool's perspective, so it is about 99% stable.

There is no issue with scalability; depending on architecture, you can scale Wiz anytime, as it has ready-to-deploy workloads utilizing cloud capabilities.

Technical support is quite good; they help with configuration, cyber advisory, and provide support for any major changes needed.

I have worked with Prisma, which is Palo Alto's CSPM, and Azure  Cloud Security tools.

Deployment for Wiz is not complex; various deployment types exist depending on the desired approach, primarily requiring keys and registrations to connect to environments, though installing workloads can be complicated.

We are not using post-sales support, just the regular support for major configuration-related issues.

Wiz is worth the investment, and if everything is properly configured, it definitely offers value for money. I would say around 80% in ROI benefits. That is in terms of money and time; doing everything manually would take a lot of work and effort, and Wiz reduces both the workload and the need for manual thinking and human feedback.

Wiz is fairly priced compared to competitors and fits well within a low budget. Wiz is less expensive than Microsoft and Palo Alto.

This particular integration of AI Security  Posture Management is kind of new, introduced in one or two years, and for customers who have integrated their own LLMs or opted for special Azure  or AWS  Bedrock services, it is useful as it lets you know about security-related risks and provides visibility around AI-specific resources in the cloud, grouping risk factors, which helps present details in meetings.

The current AI integration makes Wiz good for those not using on-premises or other environments, but proprietary cloud tools like Azure or AWS  excel in features and ease of deployment.

Public Cloud

Amazon Web Services (AWS)

Wiz  is primarily used to identify risks, assert exposed workloads, identify publicly exposed resources, and prioritize vulnerabilities in our cloud environment. The main use case for Wiz  revolves around cloud security posture visibility, risk prioritization, vulnerability exposure management, misconfiguration detection, and identifying toxic combinations of risks in our cloud environments.

Our main use case for Wiz is contextual prioritization. In many environments, there are thousands or millions of vulnerabilities, but not all are equally important. Wiz helps reduce noise by enabling security teams to focus on exploitable and high-impact risks first.

One of the best features of Wiz, in my opinion, is risk prioritization and the context for visibility. Another major strength is its cloud posture visibility across environments, supporting multiple cloud environments. The attack path visualization and ability to correlate vulnerabilities, exposure, identities, and permissions into a single risk view are very helpful for our security teams.

In our day-to-day work, the contextual prioritization feature reduces our investigation effort because analysts do not need to perform manual correlations related to vulnerabilities, exposure, or cloud asset permissions. Instead of reviewing thousands of alerts individually, the team can focus on high-priority risks where exposure and business impact are clearer. Another useful aspect is visibility across multi-cloud environments and the centralized posture management, which helps our team understand risk in one place instead of depending on fragmented visibility.

Wiz helps us by identifying a publicly exposed cloud asset with critical vulnerabilities and permission-related risks. Instead of reviewing findings separately, Wiz provides contextual visibility that shows which issues were internet exposed, whether they had vulnerabilities, and the high risks from a business perspective, which accelerates our prioritization remediation instead of treating every vulnerability equally.

Wiz improves efficiency because remediation teams receive more context about why something matters. Instead of only seeing a vulnerability, teams can understand the exposure, permissions, affected assets, and the business relevance. The biggest impact Wiz has had on our organization is improved visibility and better prioritization, as previously mentioned. The security teams in our environment are able to focus on meaningful cloud risks faster rather than spending too much time manually reviewing low-priority findings.

Wiz allows us to consolidate tools, meaning we can use a single tool for vulnerability management, risk analysis, and threat management, which the SOC team utilizes. It is a flexible tool, enabling every team to use Wiz to detect and defend their organizational posture. On the consolidation aspect, Wiz integrates multiple tools; for example, we have integrated Microsoft Teams  and ServiceNow , allowing us to create tickets directly using a single tool and send notifications via Teams or Slack.

Wiz's runtime sensor provides visibility across multiple cloud environments, including AWS , Azure , GCP , and Oracle. It helps us prioritize vulnerabilities by discovering newly identified assets or vulnerabilities and has different signatures and policies compared to other CSPM tools, which proves to be very helpful.

One important area for improvement in Wiz could be customization and reporting flexibility. Sometimes organizations want deeper tailoring based on their internal workflows and governance requirements. If we can have customization for reports and dashboards, it will be helpful.

Reporting  and dashboard customization can improve further, especially for leadership reporting that can be highly customized to meet specific workflows.

I have been working in cybersecurity, particularly on vulnerability management-related tasks for around six years.

Wiz has been stable for cloud visibility and posture monitoring activities.

Wiz scales well for our enterprise cloud environment and growing workloads because visibility requirements increase significantly in a cloud-first environment.

The customer support experience typically depends on the complexity of the issues. When we raise a ticket with the support team, the deployment is handled well, and the support is generally good.

We have used McAfee MVISION in the past. As we expanded our cloud, we switched to Wiz because it offers more visibility for our fragmented security approach.

We see a return on investment primarily from improved prioritization and reduced investigation effort. Instead of spending time on thousands of findings, teams can focus on the highest risk exposures, which improves remediation efficiency.

We compared Wiz with other CNAPP  and CSPM solutions based on visibility, prioritization, cloud integration, and operational simplicity.

My advice for others looking to use Wiz is to first understand their cloud visibility gaps. If an organization struggles with prioritization, cloud posture visibility, or encounters too many findings with little context, Wiz can provide strong value in addressing those issues. I rate this product 9 out of 10.

Public Cloud

Amazon Web Services  (AWS)

What do you like best about the product?

Wiz is an incredible company. Their solutions have hit the right mark between visual representation of data, and actual technical insights. I've been incredibly impressed by it's balance of usability and powerful information. I've used a few different providers in the cloud security space, and Wiz is definately the leader for me.

What do you dislike about the product?

It can sometimes be hard to understand what new features I should be exploring. They incrementally improve the products at a fast rate, and it can be hard to keep up.

What problems is the product solving and how is that benefiting you?

Full cloud security coverage across our multiple cloud platforms.

What do you like best about the product?

Wiz has made a big difference in how we approach cloud security. What I like most is how easy it is to get a complete, unified view of everything across our cloud environment without needing to deploy agents everywhere. The platform does a great job of connecting the dots between vulnerabilities, misconfigurations, and exposures, so instead of chasing a flood of alerts, we can focus on the issues that actually pose real risk. That context has really helped us prioritize and move faster when it comes to remediation.

What do you dislike about the product?

The platform can feel a bit overwhelming at first, and there’s a learning curve to fully understand the depth of features and data.

Pricing can be on the higher side to similar tools.

What problems is the product solving and how is that benefiting you?

Wiz is helping us solve the challenge of getting clear, end-to-end visibility across our cloud environment. Instead of dealing with multiple tools and a high volume of disconnected alerts, Wiz brings everything into a single platform.

The biggest benefit is speed and efficiency. Our team spends less time chasing noise and more time focusing on meaningful remediation. It’s also improved collaboration across security and engineering teams since everyone is working from the same data and insights, which helps us address issues faster and more effectively.