WIZ Cloud Infrastructure Security Platform

What do you like best about the product?

As a second-time customer of Wiz, I knew the CSPM was great and research told me it was still the best. This feature was even better than I remembered, as Wiz had not rested on their laurels and had continually improved over time! It has helped me get to zero critical issues in less than 6 months with the issue prioritisation and clear remedial steps which I can share with the teams responsible. No excuse for not having a well refined Jira, or not knowing what we really asking for - the details are in the language of the remediator, spoon-fed by Wiz!
Now, we use it all the time to proactively monitor our systems, look for config or vulnerabilities, and whenever I see a new Critical or High issue we immediately jump on it to triage. This means we have got managing Critical config issues down to similar remediation timelines as a Critical security incident and indeed in most cases we treat them almost identically (urgent conf calls, drop tools and huddle to fix etc.).
When it came to implementing Wiz, it was simply as quick as hooking up to our Cloud instances, providing the access, and sitting back to watch the fireworks. During the implementation the support was outstanding, and Wiz spent so much time with us and our different teams showing them how to use it, how simple it was to integrate with other tools, how we could extend visibility to the max, how to interpret the results, get good report data to the right people etc.. This operationalisation help ensure Wiz was used by multiple teams - although I think there's always room for even more engagement internally.
After implementing the engagement didn't stop though, and we still have a regular call with our TAM who is always happy to demo to some new users, or to help tweak some settings or help with some report or other. I don't think we've ever found the limit of engagement and Wiz seems happy to provide whatever level of interaction we need to get where we want to go.

What do you dislike about the product?

Nothing to dislike, although of course I wish it could be cheaper :-)

What problems is the product solving and how is that benefiting you?

For us, it was that we have so many different cloud environments and flavours. By the nature of our service, we deliver stand-alone clouds, private clouds, different cloud vendors etc. for different products and regions and customers. This is complex and incredibly difficult to get an holistic view across them as CISO, let alone to prioritise and manage where the risks are across this disconnected landscape. Wiz pulls it all together into one window from which we can easily distribute the effort out to the teams responsible for those very different environments and provide a consistent level of detail and track in a consistent manner. This allows me to do a lot less chasing and a lot more governing. It simply makes the security team hugely more leveraged and able to span so much more than without. I can't even imagine how we'd do that without Wiz, and we'd be in a much less secure state, less able to identify and respond to immediate risks (config and vuln issues). Wiz solves this very thoroughly.

I have been using Wiz  for approximately three years in my career. Our first use case is Cloud Security Posture Management. We needed that because we are a multi-cloud company. We have most of our infrastructure in AWS , but we also have some in Azure  and some in GCP. So we needed a CSPM to cover all three environments.

The feature I appreciate most about Wiz  as a CSPM is the vulnerability detection and misconfiguration identification. It helps us to ensure that we know if there are misconfigured cloud workloads and what those are, as well as if there are vulnerabilities. That is one of the key value adds for us.

What we have done is create a tool that is not just a security tool but is actually used by other teams. We have created dashboards for other teams, for product teams who are developing code. They can see their assets, or our cloud team or other teams that own different assets can view their own team's vulnerabilities and misconfigurations through per-team dashboards.

For us, the value add when considering Wiz is that I would rather consolidate under fewer tools to get to a platform. This allows for alerts, administration, and dashboards to all be under one platform, simplifying the environment. It makes operations easier and ultimately enhances our ability to use the platform more effectively.

Wiz allows us to consolidate tools, particularly in vulnerability management. We used to use a technology called Tenable to do our vulnerability scans, not just on-prem but in the cloud, and we replaced Tenable with Wiz's capabilities as well as the capabilities of an endpoint protection technology we use called CrowdStrike.

Regarding scalability, we have connected to all our cloud accounts and have never had any capacity or performance issues, so scalability really has not been a topic of conversation for us because we have never had any issues.

I have contacted customer support for Wiz. They are aware of our discussions about it. We have talked about it during our quarterly business reviews.

I have never seen any instability with Wiz, such as lagging, crashing, or downtime.

We have connected to all our cloud accounts and have never had any capacity or performance issues, so scalability really has not been a topic of conversation for us because we have never had any issues.

I have contacted customer support for Wiz. They are aware of our discussions about it. We have talked about it during our quarterly business reviews.

I am a few steps removed from the details about the support quality and speed, but my impression through the team and talking with the account team directly is that when we raise issues, they are addressed thoughtfully, professionally, and quickly. I do not think there have been any lingering support issues we have had. We have also surfaced feature requests or changes, and they have implemented those and rolled those out within a few weeks. Wiz does a good job of listening to the feedback of their customers and using that to help shape the platform.

Positive

I have not used any alternatives to Wiz. Wiz was our choice; although we evaluated different technologies when we were looking for a CSPM, we went with Wiz, so we went from nothing to Wiz.

The initial deployment of Wiz was easy from my point of view. Essentially, once we connected Wiz to our AWS  account, all the data starts to flow in and telemetry on our cloud assets, any vulnerabilities, and misconfigurations. So the dashboards light up with red, yellow, and green indicators. After deciding to go with Wiz, our proof of concept ended up becoming our production implementation, and we just expanded Wiz to more accounts, then to Azure  and GCP. So it was very easy.

I do not know exactly how long it took to fully deploy to a working condition because it has been so long ago, but I will say that getting the visibility was in a matter of weeks to connect the accounts, probably within a week. Then it was a few months to build some of the dashboards and operationalize what we were seeing.

Feature-wise, I cannot tell you that it is a bit expensive compared to its peers, but I do think the premium is worth it. One of the things that Wiz has done well is that there are no agents for the CSPM, at least from what we are doing. It is very easy to roll out, easy to configure, maintain, and generally it does what it says it does with few issues. We had more overhead and more issues with other competing CSPM platforms.

From the team standpoint, I do not think Wiz requires much maintenance on our end because it is all cloud-based and Wiz does a great job of providing almost weekly updates. The ongoing maintenance itself of Wiz is low. We do have integrations which require some care and feeding. We have an integration with ServiceNow , but Wiz's ServiceNow  integration is not the best. I have been told there have been issues getting the data out of Wiz and plugged into ServiceNow effectively, so that has taken a little bit more attention.

We are working on achieving zero criticals in our issue queues with Wiz. It has helped us gain visibility into our critical issues, but we still have a few dozen left to work through. A lot of that actually has to do with some older infrastructure and workloads that applications use. So we have some application migrations in the works, but we have not quite got to the zero critical status.

I would rate this review as a 9 overall.

Public Cloud

Amazon Web Services (AWS)

What do you like best about the product?

The agentless installation at Suki was incredibly smooth. We were able to get 100% visibility across our cloud environment immediately without the friction of deploying agents. The dashboards are truly world-class; they don't just show data, they tell a story.

The biggest upside is the prioritization. Instead of a flat list of thousands of alerts, Wiz uses its Security Graph to identify 'toxic combinations'—helping us focus on the 1% of issues that actually pose a reachable risk. Lastly, the support team is exceptional. They are highly responsive and act more like partners than a standard help desk.

What do you dislike about the product?

While the visibility is unmatched, the sheer volume of data can lead to initial alert fatigue. The platform is so comprehensive that it requires significant tuning to ensure developers aren't overwhelmed by non-critical findings.

There is also a slight workflow gap for developers. While Wiz is great at identifying the problem, the transition from 'finding an issue' to 'fixing it' still requires manual effort. Navigating the Security Graph can be a bit of a learning curve for non-security users who just want to know exactly what code to change.

What problems is the product solving and how is that benefiting you?

We have a very lean security team. Before Wiz, we were drowning in noisy, low-context alerts. Wiz has solved this by automating the prioritization of issues.

For Security: It acts as a force multiplier. Our current security engineers can manage a complex cloud footprint that would typically require a much larger team.

For Developers and SRE: We’ve given them their time back. We no longer bother them with irrelevant vulnerabilities; we only surface the "reachable" risks that actually matter. This has improved our developer and SRE velocity and built a culture of trust between security and engineering.

What do you like best about the product?

Wiz provides exceptional visibility across cloud environments, making it easy to identify misconfigurations, vulnerabilities, and compliance gaps in real time. The platform’s agentless architecture is a huge advantage it deploys quickly without impacting performance. The dashboard is intuitive, and the contextual risk prioritisation helps security teams focus on what truly matters. Integration with existing workflows is seamless, which saves time and reduces complexity.

What do you dislike about the product?

While Wiz is powerful, the pricing can be a barrier for smaller organisations. Some advanced features require additional configuration, which can be time-consuming for teams without dedicated cloud security expertise. The alert volume can feel overwhelming at first, and tuning policies to reduce noise takes effort. Reporting capabilities, although good, could benefit from more customisation options for executive-level summaries.

What problems is the product solving and how is that benefiting you?

Faster incident triage , earlier identity‑risk detection, lightweight audit readiness via scheduled reports, and better threat‑led prioritisation all of which reduce operational overhead while strengthening our cloud security posture.

What do you like best about the product?

In-depth cloud asset configuration visibility, code-to-cloud capabilities, vulnerability management, ITSM tool integration, trends and reporting dashboards.

What do you dislike about the product?

Menus are sometimes cluttered, findings can get overwhelming and you would need good prioritization procedures, naming conventions are a bit difficult to explain to security auditors looking for overall vulnerabilities in a system (between findings and issues)

What problems is the product solving and how is that benefiting you?

Cloud vulnerability management