Sold by: Wiz
Deployed on AWS
Free Trial
Vendor Insights
AWS Free Tier
Wiz provides an entirely new approach to cloud security that for the first time identifies the actual risks hidden in your cloud infrastructure.
4.7
Overview
Wiz performs a deep assessment of your entire cloud and then correlates a vast number of security signals to trace the real infiltration vectors that attackers can use to break in. Wiz also gives you the tools to bring your DevOps and development teams into the process to fix these risks, creating a culture of security in your cloud operations that results in a stronger, more secure cloud. For more information visit: https://www.wiz.io
Wiz provides custom pricing for customers via Private Offer. Please contact marketplace@wiz.io for a better understanding of our pricing model and products.
Highlights
- Covers every resource across your full cloud stack, multi-cloud environment using a 100% API approach that deploys in minutes.
- Models overlapping cloud policies, configurations, and compensating controls that interact in ways that are often unpredictable to calculate their end result.
- Maps all of the issues in your cloud together in a single graph database, revealing which of them combined pose the greatest risk.
Details
Sold by
Delivery method
Deployed on AWS
New
Introducing multi-product solutions
You can now purchase comprehensive solutions tailored to use cases and industries.
Features and programs
Trust Center
Access real-time vendor security and compliance information through their Trust Center powered by Drata or Vanta. Review certifications and security standards before purchase.
Buyer guide
Gain valuable insights from real users who purchased this product, powered by PeerSpot.
Financing for AWS Marketplace purchases
AWS Marketplace now accepts line of credit payments through the PNC Vendor Finance program. This program is available to select AWS customers in the US, excluding NV, NC, ND, TN, & VT.
Skip the manual risk assessment. Get verified and regularly updated security info on this product with Vendor Insights.
Security credentials achieved
(7)
SOC2
ISO27001
AWS Security Specialization
GDPR
PCIDSS
FedRAMP
HIPAA
Pricing
Free trial
Try this product free according to the free trial terms set by the vendor.
Pricing is based on the duration and terms of your contract with the vendor. This entitles you to a specified quantity of use for the contract duration. If you choose not to renew or replace your contract before it ends, access to these entitlements will expire.
Additional AWS infrastructure costs may apply. Use the AWS Pricing Calculator to estimate your infrastructure costs.
Dimension | Description | Cost/12 months |
|---|---|---|
Wiz Essential | Protect 100 cloud workloads | $24,000.00 |
Wiz Advanced | Protect 100 cloud workloads | $38,000.00 |
Wiz Sensor | 100 Wiz Sensors. Add-on for Wiz Advanced | $28,000.00 |
Wiz Code | 100 Wiz Code Licenses. Add-on for Wiz Cloud | $58,500.00 |
Wiz Defend | Ingest 300 GBs of logs per month. Add-on for Wiz Advanced | $18,000.00 |
Vendor refund policy
Please contact us at info@wiz.io
Custom pricing options
Request a private offer to receive a custom quote.
Legal
Vendor terms and conditions
Upon subscribing to this product, you must acknowledge and agree to the terms and conditions outlined in the vendor's End User License Agreement (EULA) .
Content disclaimer
Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.
Delivery details
Software as a Service (SaaS)
SaaS delivers cloud-based software applications directly to customers over the internet. You can access these applications through a subscription model. You will pay recurring monthly usage fees through your AWS bill, while AWS handles deployment and infrastructure management, ensuring scalability, reliability, and seamless integration with other AWS services.
Resources
Support
Vendor support
Wiz provides custom pricing for customers via Private Offer. Please contact marketplace@wiz.io for a better understanding of our pricing model and products. tel:+01-240.823.5670
AWS infrastructure support
AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.
Updated weekly
Top
10
In Application Development, Continuous Integration and Continuous Delivery, Security
Top
10
In Vulnerability and Patch Management, Data Governance
Top
25
In Observability, Software Development
Sentiment is AI generated from actual customer reviews on AWS and G2
Functionality
Ease of use
Customer service
Cost effectiveness
Positive reviews
Mixed reviews
Negative reviews
AI generated from product descriptions
Multi-Cloud Resource Coverage
Covers every resource across the full cloud stack in multi-cloud environments using a 100% API approach with deployment in minutes.
Cloud Policy and Configuration Analysis
Models overlapping cloud policies, configurations, and compensating controls to calculate their combined end result.
Risk Correlation and Visualization
Maps all issues in the cloud infrastructure together in a single graph database to identify which combined issues pose the greatest risk.
Security Signal Correlation
Correlates a vast number of security signals to trace real infiltration vectors that attackers can exploit.
DevOps and Development Team Integration
Provides tools to integrate DevOps and development teams into the security risk remediation process.
Attack Surface Management
Aggregates comprehensive attack surface visibility across hybrid environments with external attack surface scans to provide 360-degree view of entire attack surface
Vulnerability Management
Delivers complete visibility across on-premise and remote endpoints to identify, communicate, and remediate vulnerabilities, misconfigurations, and risks
Cloud Security
Provides code-to-cloud protection for cloud-native applications with seamless CI/CD pipeline integration and agentless risk assessment based on reachability, exploitability, and potential impact
Next-Generation SIEM and XDR
Delivers accelerated detection and response with SaaS deployment, intuitive interface, out-of-the-box detections informed by MDR SOC, and built-in automation capabilities
Threat Intelligence
Delivers high-fidelity actionable threat intelligence infused with proprietary threat and vulnerability research from Rapid7 Labs and community-driven tools
Offensive Security Engine
Simulates external exploits to produce Verified Exploit Paths for prioritizing exposures that are reachable by outside attackers and reducing cloud attack surface.
Cloud Security Posture Management
Continuously monitors and manages security of AWS configurations to prevent public exposure and ensure compliance.
Secrets Scanning
Identifies more than 750 types of secrets across public and private repositories.
Cloud Infrastructure Entitlements Management
Detects and manages excessive or unused permissions to mitigate the risk of privilege escalation.
Real-Time Malware Detection
Detects malware including zero-days in milliseconds with scanning performed directly in cloud environment for object storage services like Amazon S3 and file storage services.
Validated by AWS Marketplace
FedRAMP
GDPR
HIPAA
ISO/IEC 27001
PCI DSS
SOC 2 Type 2
No security profile
No security profile
Standard contract
No
No
No
Customer reviews
reviewer2860287
Comprehensive cloud security has improved visibility and enabled precise threat response
Reviewed on Jun 22, 2026
Review from a verified AWS customer
What is our primary use case?
My main use case for Wiz is cloud security, infrastructure as code, threat detection and response, and application security.
For example, if we have a cloud resource that has an Amazon GuardDuty alert, we will use Wiz to ingest the log, and we review it for security reasons and use that information in our alerting pipeline. Wiz is where we ingest all the information and logs.
My main use case is to scan cloud infrastructure for misconfigurations, issues, security threat intelligence, and more.
What is most valuable?
The best features Wiz offers include the scanning, the ability to map vulnerabilities to specific resources, the ability for GraphQL API integration, and their security graph when it comes to querying information, finding specific detections, and responding to them, and much more.
For example, we use many other automation tools that need to integrate with Wiz, and through the graph API or GraphQL API, we are able to call Wiz in a very specific way where if we want to automate anything, it is possible via their API.
There is a variety of features per team, such as cloud security, AI security, security operations center, and more.
Wiz has positively impacted my organization by stopping security incidents, giving us full visibility in our cloud environments, and providing us with the confidence that we can use the tool not just for security but also for operations tooling, DevOps, code scanning, and all of the above.
We have seen specific outcomes and information improve as a result, and we have definitely narrowed down more incidents that we might need to take care of with the tooling, which has given us wider visibility compared to when we did not have it.
Wiz allowed us to consolidate tools, and on the issues it gives us from the top level down—critical to informational—we are able to fully prioritize the things that are most important due to that capability.
What needs improvement?
Wiz's pricing model is very poor.
The pricing is out of control, but when it comes to the actual functionality of the tool, the tool is great.
On a scale of one to ten, I would rate Wiz an eight. I rate it an eight because internally, they have specific people who want to bulldoze you when it comes to signing agreements that are much higher priced than the value that you get. Wiz is great. Some people are great and some are not, so they are a little bit less willing to work with customers on their specific needs regarding things such as pricing versus other tools.
For how long have I used the solution?
I have been using Wiz for over four years.
What do I think about the stability of the solution?
Wiz is stable.
What do I think about the scalability of the solution?
Wiz's scalability is very good, and I have not had any issues yet.
How are customer service and support?
The customer support is fair; they are not great, nor bad.
Which solution did I use previously and why did I switch?
We started to use Wiz since their inception.
How was the initial setup?
Everything is very well set up; the UI is easy to use, and their API is great.
What about the implementation team?
We are just a customer without a business relationship with this vendor other than that.
What was our ROI?
I have definitely saved time, but money saved is still up in the air; there have been things that make us feel that is not the case. We also need fewer employees, partially.
What's my experience with pricing, setup cost, and licensing?
My experience with pricing, setup cost, and licensing has been very poor.
Which other solutions did I evaluate?
What other advice do I have?
The extent to which the Wiz runtime sensor has helped in identifying active threats more effectively compared to previous solutions is pretty minimal.
My impression of the cloud security democratization aspect of the product is that it is one of the best sources of truth we have. It is extremely impactful on the organization, so it is definitely a tool we are going to use if the pricing is right.
We have gone through three technical account managers and have decided not to renew.
My advice to others looking into using Wiz is to make sure that you are working with the right account team, set up all of your integrations correctly, and take your time during your proof of value.
Wiz is a great tool, and we will continue to use it over time. I rate Wiz an eight out of ten overall.
Which deployment model are you using for this solution?
Public Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Telecommunications
Wiz: My Go-To SuperApp for Security
Reviewed on Jun 21, 2026
Review provided by G2
What do you like best about the product?
Wiz has become my go-to SuperApp for security.
What do you dislike about the product?
I can’t keep up with all the new functionalities.
What problems is the product solving and how is that benefiting you?
As cloud infrastructure becomes more complex, small changes are very likely to have a ripple effect. Seeing the impact of these changes on the big picture all in one place makes things easier.
Information Technology and Services
Agentless Visibility and AI Agents That Cut Alert Noise and Save Time
Reviewed on Jun 18, 2026
Review provided by G2
What do you like best about the product?
What I like best about Wiz is its agentless visibility and how it eliminates alert noise. The Wiz AI Agents are also fantastic, they save our team massive amounts of time by autonomously fixing code vulnerabilities and accelerating our threat-hunting workflows.
What do you dislike about the product?
What I dislike most is the inability to manually input or upload a custom list of specific CVEs to test against our environment and generate an immediate findings review. Currently, we have to rely strictly on automated environment-wide scans rather than targeted, ad-hoc CVE queries.
What problems is the product solving and how is that benefiting you?
Wiz eliminates multi-cloud blind spots and stops alert fatigue by mapping how different risks connect into actual attack paths.
Financial Services
Security Graph Makes Cloud Triage and Quantitative Prioritization Easy
Reviewed on Jun 18, 2026
Review provided by G2
What do you like best about the product?
Security Graph are extremely helpful when triaging our cloud environment. Additionally, being able to prioritize issues based on quantitative assessments is highly effective for building consensus across our group companies.
What do you dislike about the product?
For services that run a large number of containers from the exact same image, we want to optimize our license usage by only scanning the shared image repository. However, even when we exclude those container scans, BUs (Billing Units) are still consumed because CSPM functions working, which defeats the purpose of trying to save licenses.
What problems is the product solving and how is that benefiting you?
Wiz has significantly accelerated our process of investigating vulnerability details (such as CVSS, EPSS, KEV, and PoC) to assess exploitability and determine the impact on our organization. Furthermore, it provides a shared context that allows us to communicate more efficiently and have well-aligned discussions with our product teams.
Karunesh Tripathi
Cloud security has become more prioritized and consolidated but still needs better context and bundling
Reviewed on Jun 17, 2026
Review provided by PeerSpot
What is our primary use case?
What is most valuable?
There are several resources deployed on the cloud, and we are monitoring those assets. Wiz has a very strong AI engine that can correlate these findings, and I believe that is the clearer differentiator from other products in the market. We are using Wiz to define the correlation, and it works perfectly by defining priority based on impact and likelihood. I feel this saves considerable rework from security engineers and the team, helping us to immediately act on these exposure issues and address high and critical vulnerabilities.
All other security tools I have seen mainly focus on impact and try to map directly with the CVSS. I think that context is outdated now because threats have changed and patterns have evolved. It clearly requires a different approach so that we can use it enterprise-wide, and security leaders should get clear visibility on the likelihood of these incidents and decide whether to spend resources on them.
Wiz is performing quite well with the existing CNAPP capability. However, Wiz has additional functionalities under Wiz Code , and there are other modules coming for AI security. That is definitely new, which Wiz offers, and it is completely different from existing solutions.
From a security tooling perspective, every enterprise is bombarded with thousands of tools and nobody knows how to consolidate them and what those different data points should be used for. That has been one of the nightmares, where most people simply spend their resources managing those tools and remediating the same issues on different platforms. Using Wiz Code and the other matching capability helps me eliminate the redundancy of tools in my infrastructure. That is a significant win, as I can see everything in a single pane of glass.
The response time has drastically increased, and the data we are getting is more focused. That is something truly required in security, as you need to respond as quickly as possible to breaches because they occur in fractions of seconds. Therefore, quick responsiveness is something Wiz has truly achieved.
What needs improvement?
As an extensive user of Wiz, I have noticed that one critical area Wiz is missing is context. It is performing well in terms of reporting issues and mapping to the environment, but many false positives are generated because it lacks context. I would appreciate Wiz ingesting customer context, understanding how I am using it and what my infrastructure looks like, so it can determine whether something is truly an issue for me. I do not want to keep dealing with thousands of vulnerabilities and marking them under ignore rules or wasting time assessing everything only to find they are false positives. This is an area where Wiz really needs to focus.
Secondly, regarding remediation, Wiz has playbooks, but it is not adding anything new. If I wanted to use Wiz with AI infrastructure, it could provide more guidance on best practices and how to implement them.
Currently, Wiz has three modules: Wiz, Wiz Code, and CNAPP. At some point, Wiz needs to rethink this and consider a bundled offering for more benefit to customers and product owners. If I buy CNAPP and later move to Wiz Code, there may be conflicting or overlapping features. People could be confused about why to use Wiz Code and what is different. It should look like a simple bundle, indicating what you are getting and when to use each. Currently, when to use what is missing, and while it is documented, as an enterprise decision maker, I do not want to spend time repeatedly on the same tools. I want a single comprehensive solution. Wiz Code should be the default offering as a simple, pay-as-you-go model without requiring separate deployments.
The lack of context is an issue. The tool is performing well, but without context, it generates many false positives, which every organization using Wiz struggles with. Secondly, the multiple offerings lead to confusion, as people may hesitate to use the next solution, such as Wiz Code. These two aspects are holding me back from giving a higher rating.
For how long have I used the solution?
I have been using Wiz for almost five years.
What other advice do I have?
As a security product manager and extensive user, I recommend that people explore Wiz. It simplifies their lives with many new features and capabilities. It allows for easy adoption in defining benchmarks and a minimum security baseline for organizations, something that is harder with other tools. Some solutions claim to have specific capabilities, but they do not deliver. Based on my hands-on experience, I can say that Wiz is a clear differentiator, and people should definitely consider it.
Wiz helped consolidate tools, but there were overlapping capabilities, and we still are not getting a complete view. To a certain extent, it helped with consolidation, but there is still room for improvement. I provided feedback suggesting that Wiz Code and other capabilities should be under the same bundle with a pay-as-you-go model, as it can be time-consuming to enable these capabilities later.
Overall, I believe Wiz is doing a great job, simplifying many aspects for security professionals and enterprises. The dashboard is quite nice, and with the introduction of the MCP, I am only concerned about remediation, context defining, and bundling of offerings. These are three areas I want Wiz to focus on to make their product even better. I would rate this product a seven out of ten.