I use Wiz for both my own company and other companies to detect and investigate vulnerabilities and any type of alerts that pop up.
External reviews
714 reviews
from
and
External reviews are not included in the AWS star rating for the product.
Helps eliminate critical issues and streamline threat investigation
What is our primary use case?
What is most valuable?
I am really enjoying the new Threat Detection that they have set up; it is pretty nice. I appreciate the way that it lays out the data.
For some of my customers, I create custom dashboards, charts, or counters, and they're actually really helpful. It's quite easy. They have extensive technical documentation that guides you through the process. Additionally, there are short videos available in each section that demonstrate how to do things.
Wiz has helped my organization achieve zero criticals in its issue queues after a month.
What needs improvement?
It would be better if, when you get an alert type, you are able to view the regex or alert logic without having to dig through all the different options; it is difficult to find where the alert logic is because you have to go to the investigations and then actually find and search for the individual alert. If they just showed the alert logic, that would be really nice.
Also, if there was an easier way for threats to convert those into issues rather than having to set up a custom rule to pull those in as issues, it would be great.
For how long have I used the solution?
I have been using Wiz for just under a year.
What do I think about the stability of the solution?
I have not seen any sort of instability with Wiz; I was curious how their SRE team works because I have not seen a single downtime.
What do I think about the scalability of the solution?
Wiz scales really efficiently; I have worked with some huge companies that have multiple clouds and thousands of workflows, and it all seems to work.
How are customer service and support?
We have account executive people that we talk to for help with Wiz. We talk to them sometimes when new features come out or when we see weird things for the first time. They provide help with writing either new regex alert queries or just helping us figure out how to do something with using the product. They are very helpful and very responsive, and if they cannot get you the answer, then they will find someone to help you; it has been as quick as a turnaround time of one business day, which is really good.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
I have used CrowdStrike, Prisma, and I think that Wiz is the best out of all of them. Wiz is good at conveying the information for the active threats. The way that it shows you is easier to understand as a human. It is about the same quality of detection, but the presentation is better.
How was the initial setup?
It's really easy. It's very user-friendly, and it's very intuitive.
My team had Wiz set up already when I joined, but I have gone through the whole setup process myself; they let me reset it up. I found that to be pretty simple. It only took about an hour and a half to install Wiz because we do not have a super big system.
Once you set up Wiz, it is good to go. As a security engineer, you need to maintain the alerts and keep that stuff moving. Once we have the system in place, I have not noticed it disconnect any of our accounts. It seems once you set it, it is good to go.
What about the implementation team?
One person can deploy Wiz; they just have to have the right access.
What's my experience with pricing, setup cost, and licensing?
I don't know how much we pay, but I do know that Wiz charges a lot. However, they're offering a good product, so it might be fair. I haven't seen the exact numbers.
What other advice do I have?
I would rate Wiz a 10 out of 10. I really like it.
Which deployment model are you using for this solution?
Public Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Amazon Web Services (AWS)
A Game-Changer for Cloud Security team
What do you like best about the product?
What I like best about Wiz is its clear visibility across our entire cloud environment without requiring agents. The platform maps risks end-to-end — from infrastructure misconfigurations to vulnerabilities, secrets, and compliance gaps — in a single dashboard.
For SecOps, it’s extremely valuable that Wiz prioritizes issues by context (e.g., exposed to the internet, contains sensitive data, exploitable path), so we don’t waste time chasing noise. Integrations with existing workflows (SIEM, ticketing, etc.) make it easy to operationalize findings.
From an admin perspective, the ease of deployment and scalability stand out. It’s quick to onboard new accounts, and visibility is almost immediate, which is rare in this space.
For SecOps, it’s extremely valuable that Wiz prioritizes issues by context (e.g., exposed to the internet, contains sensitive data, exploitable path), so we don’t waste time chasing noise. Integrations with existing workflows (SIEM, ticketing, etc.) make it easy to operationalize findings.
From an admin perspective, the ease of deployment and scalability stand out. It’s quick to onboard new accounts, and visibility is almost immediate, which is rare in this space.
What do you dislike about the product?
What I dislike about Wiz is that the platform is not yet truly unified in management. With the number of products and capabilities they’ve added, it feels like they could be consolidated better — today it’s more like managing three different consoles instead of a single pane of glass.
The DSPM (Data Security Posture Management) capabilities are promising but still relatively immature compared to Wiz’s core strengths. Coverage is not as deep as I’d like, and it still needs more development to give us the same confidence we have with vulnerability and misconfiguration findings.
In addition, the volume of findings can be overwhelming, especially early on, and it requires tuning and integrations to avoid alert fatigue. Wiz is improving here, but out-of-the-box prioritization can still surface too much noise for smaller teams.
The DSPM (Data Security Posture Management) capabilities are promising but still relatively immature compared to Wiz’s core strengths. Coverage is not as deep as I’d like, and it still needs more development to give us the same confidence we have with vulnerability and misconfiguration findings.
In addition, the volume of findings can be overwhelming, especially early on, and it requires tuning and integrations to avoid alert fatigue. Wiz is improving here, but out-of-the-box prioritization can still surface too much noise for smaller teams.
What problems is the product solving and how is that benefiting you?
Wiz helps us address several critical areas in cloud security, including monitoring and analytics, detection and response, compliance, vulnerability management, exposure management, and DSPM. Providing agentless visibility across our cloud environment eliminates blind spots and gives our SecOps team clear insight into risks and misconfigurations.
Its cloud detection and response features stand out because alerts are contextualized, allowing us to focus on real threats instead of noise.
Continuous compliance checks against industry frameworks save significant time during audits, while vulnerability scanning and exposure management prioritize issues based on exploitability and exposure paths, so we can remediate what truly matters first.
The DSPM capabilities are still maturing, but already help us locate sensitive data and highlight where it may be at risk, and help us to map most of our data.
Benefits to Us:
Time savings—Instead of manually correlating risks, Wiz shows the attack path in context, which accelerates the response.
Risk reduction – Prioritized findings ensure our limited SecOps resources focus on the most dangerous issues first.
Audit readiness – Compliance reporting is much faster and less painful.
Operational efficiency – With Wiz’s agentless deployment, onboarding new cloud accounts takes minutes, not days.
Its cloud detection and response features stand out because alerts are contextualized, allowing us to focus on real threats instead of noise.
Continuous compliance checks against industry frameworks save significant time during audits, while vulnerability scanning and exposure management prioritize issues based on exploitability and exposure paths, so we can remediate what truly matters first.
The DSPM capabilities are still maturing, but already help us locate sensitive data and highlight where it may be at risk, and help us to map most of our data.
Benefits to Us:
Time savings—Instead of manually correlating risks, Wiz shows the attack path in context, which accelerates the response.
Risk reduction – Prioritized findings ensure our limited SecOps resources focus on the most dangerous issues first.
Audit readiness – Compliance reporting is much faster and less painful.
Operational efficiency – With Wiz’s agentless deployment, onboarding new cloud accounts takes minutes, not days.
Fantastic product and team!
What do you like best about the product?
Immediately gained actionable insight into our cloud security posture which was previously considered a 'security black hole'.
The onboarding process was a breeze and the team we are working with know their stuff!
It's very intuitive, even for someone with no prior devsecops experience.
The onboarding process was a breeze and the team we are working with know their stuff!
It's very intuitive, even for someone with no prior devsecops experience.
What do you dislike about the product?
Not an issue with Wiz itself but we are still working on buy-in and utilization from all our devs on the Wiz Code component.
What problems is the product solving and how is that benefiting you?
Lack of visibility into cloud security posture. No dedicated DevSecOps staff.
Engineer-Friendly Cloud Risk Management
What do you like best about the product?
Wiz provides comprehensive visibility across AWS without agents (so really easy to get started). The security graph highlights risks by factoring in exposure, lateral movement, known vulnerabilities, so only the most relevant issues surface. This reduces false positives and alert fatigue compared to for example AWS native Security Hub. Dashboards, root cause analysis, and Terraform fix snippets make it engineer-friendly and actionable, not just a compliance tool.
What do you dislike about the product?
The platform can feel overwhelming at first due to the breadth of features and data. Role-based access and project scoping require careful setup to avoid visibility gaps.
What problems is the product solving and how is that benefiting you?
Wiz solves the lack of visibility across a complex AWS environment. It consolidates security findings, eliminates noise from false positives, and prioritizes risks based on exposure and business impact. This reduces alert fatigue, accelerates remediation, and frees engineers from manual triage. Also supports compliance audits (useful if you have yearly audits), and enables proactive risk reduction.
Single pane of glass for multicloud security
What do you like best about the product?
Security starts with visibility, in WIZ we have the complete inventory, starting from the cloud layer up to the application deployed on workloads, including data and identity. Posture and behavior rules are based on this solid basement.
What do you dislike about the product?
The product is constantly evolving, pretty hard to follow and some changes are a bit not expected.
What problems is the product solving and how is that benefiting you?
We have a single window that is enough for solving 85%+ of questions for a multi-cloud enterprise environment. There is a solution for each stage from code to cloud, and everything is visible in a single console.
Wiz is helping us better secure our company
What do you like best about the product?
Visibility and Team Ownership: Setting up projects and dashboards has helped our teams take ownership of their areas of the organization.
Risk Prioritization: We know exactly what to work on because Wiz helps identify assets with external exposure, vulnerabilities, data findings, misconfigurations, etc.
Solve issues, not just identify them: This is where I think Wiz has the secret sauce so to speak. Not only can it identify issues in your environment, but generating code fixes or steps how to remediate an issue makes it much easier for development teams to solve.
Setup: Integrations are seamless, easy to implement and work right away.
Dashboard: Allows you to quickly check each day the status of your environment and what needs to be tackled next.
Support Team: Support is fast and has a ton of helpful documents to assist you in the need arises.
Risk Prioritization: We know exactly what to work on because Wiz helps identify assets with external exposure, vulnerabilities, data findings, misconfigurations, etc.
Solve issues, not just identify them: This is where I think Wiz has the secret sauce so to speak. Not only can it identify issues in your environment, but generating code fixes or steps how to remediate an issue makes it much easier for development teams to solve.
Setup: Integrations are seamless, easy to implement and work right away.
Dashboard: Allows you to quickly check each day the status of your environment and what needs to be tackled next.
Support Team: Support is fast and has a ton of helpful documents to assist you in the need arises.
What do you dislike about the product?
Custom Dashboards: The board views right now are limited to some predefined queries. While very good and useful. I would like to see this expanded in the future to allow more customizations.
Some of the views and issues do require some time in seat being in the application. If you want your dev team to be in the console, you will need to provide some training or use the integrations to send the information to them elsewhere.
Some of the views and issues do require some time in seat being in the application. If you want your dev team to be in the console, you will need to provide some training or use the integrations to send the information to them elsewhere.
What problems is the product solving and how is that benefiting you?
Lack of Visibility and Context: It can be hard to know exactly what is going on in your cloud environments and that's where Wiz has shined for us. Integrating from our code repository to our cloud service provides us with a really cool security graph that shows potential attack paths. The context of not only a vulnerability or exploit in your environment, but seeing how it impacts your organization is huge.
Overwhelming Security Alerts and "Alert Fatigue": While Wiz doesn't completely remove false positives, my team knows when alerts come in, it means action is needed.
Slow Remediation and Collaboration Issues: Remediation steps provided directly to the engineering teams shortens investigation time and allows our team to actually resolve issues rather than Jira tickets sitting in a backlog.
Vulnerability Management: Connecting to our code repository we can instantly create PRs to update packages in our repositories.
Overwhelming Security Alerts and "Alert Fatigue": While Wiz doesn't completely remove false positives, my team knows when alerts come in, it means action is needed.
Slow Remediation and Collaboration Issues: Remediation steps provided directly to the engineering teams shortens investigation time and allows our team to actually resolve issues rather than Jira tickets sitting in a backlog.
Vulnerability Management: Connecting to our code repository we can instantly create PRs to update packages in our repositories.
CIO review on Wiz
What do you like best about the product?
Wiz is intuitive, easy to use, and gives clear visibility into our environment while saving time with smart automation
What do you dislike about the product?
At times, Wiz can feel a bit overwhelming with the amount of data it surfaces, and some advanced features take time to fully understand. More streamlined reporting and customization options would make it even better
What problems is the product solving and how is that benefiting you?
Wiz helps us identify security risks across our cloud environment in real time, from misconfigurations to vulnerabilities. By having a unified view and automated prioritization, we can address the most critical issues faster and reduce risk. This saves time for the team, improves compliance, and strengthens overall security posture
Wiz: Simplifying Cloud Security Visibility and Risk Management
What do you like best about the product?
Wiz offers comprehensive visibility across cloud infrastructure without requiring agents, making it incredibly easy to deploy and scale. Its security graph provides a clear view of vulnerabilities, misconfigurations, and potential attack paths in a unified interface. The platform integrates seamlessly with major cloud providers and supports rapid detection and remediation workflows, which helps security teams respond faster.
What do you dislike about the product?
While powerful, the interface can feel overwhelming at first due to the sheer volume of data presented. Custom policy creation and fine-tuning require a learning curve. Additionally, pricing may be a concern for smaller organizations or teams with limited cloud footprints.
What problems is the product solving and how is that benefiting you?
Wiz is solving the problem of fragmented and complex cloud security by providing agentless, full-stack visibility into cloud infrastructure. It identifies vulnerabilities, misconfigurations, secrets, malware, and exposed services across virtual machines, containers, and serverless functions—all in a single, unified platform.
This benefits me by drastically reducing the time and effort required to gain security insights across multi-cloud environments. Instead of juggling multiple tools or manual audits, I get a clear risk prioritization view that helps focus on what truly matters—like exploitable paths attackers might use. It improves security posture, supports compliance efforts, and enables faster remediation with less operational overhead.
This benefits me by drastically reducing the time and effort required to gain security insights across multi-cloud environments. Instead of juggling multiple tools or manual audits, I get a clear risk prioritization view that helps focus on what truly matters—like exploitable paths attackers might use. It improves security posture, supports compliance efforts, and enables faster remediation with less operational overhead.
WIZ a CSPM for CISO's
What do you like best about the product?
powerful tools bring a lot of features and innovations in one platform
What do you dislike about the product?
not very intuitive , controls and issues need to be defined separately
What problems is the product solving and how is that benefiting you?
mainly CSPM and vulnerability management on hybrid and decentralized could environment including aws and gcp
Enables efficient management of vulnerabilities and project inventories
What is our primary use case?
We are using Wiz for many deployments in terms of vulnerability and also our Microsoft tenants, two different Microsoft tenants. We use it to manage our projects.
Wiz's automated compliance checks are the reason for our use case. I am actually working on the GCCR audit, which is the reason I was looking at it. There are still some things I need clarity on in my own meeting this morning.
Wiz's automated compliance checks are the reason for our use case. I am actually working on the GCCR audit, which is the reason I was looking at it. There are still some things I need clarity on in my own meeting this morning.
What is most valuable?
I might not be able to give substantial information as I do not use the most valuable features of Wiz day-to-day in full capacity. I can check managing each of my projects and check vulnerabilities across each of those projects across each of the tenants. It allows you to manage your inventories that you have in different subscriptions or different tenants on your technology. Then you can configure different kinds of policies that you use around each of those.
What needs improvement?
I have not used Wiz in full capacity, so I cannot provide detailed improvement suggestions. I just started fully going through each feature to have a basic, comprehensive understanding of the product itself.
I cannot recommend Wiz to others until I have a clear understanding of its full capacity and benefits. In my organization, we have Rapid7, which is a vulnerability management tool, we have Wiz, and we have Microsoft Defender. I need to understand the reason for that decision in the first place to be able to look at the benefit to my organization.
I cannot recommend Wiz to others until I have a clear understanding of its full capacity and benefits. In my organization, we have Rapid7, which is a vulnerability management tool, we have Wiz, and we have Microsoft Defender. I need to understand the reason for that decision in the first place to be able to look at the benefit to my organization.
For how long have I used the solution?
I started with Wiz some months ago.
What was my experience with deployment of the solution?
I do not know how long it took for us to actually deploy Wiz, as I was not within the corporation when it was deployed.
What do I think about the stability of the solution?
So far, I would say Wiz is stable to the best of my knowledge.
What do I think about the scalability of the solution?
My thoughts on the scalability of Wiz so far is that it is scalable for me and good for us.
On a scale of one to ten, I would rate the scalability of Wiz as nine.
On a scale of one to ten, I would rate the scalability of Wiz as nine.
How are customer service and support?
I rate Wiz's customer service as ten out of ten.
How would you rate customer service and support?
Positive
How was the initial setup?
I find the initial setup of Wiz straightforward in my opinion.
On a scale of one to ten, I would rate how easy it is to set up Wiz as nine, if ten is the easiest.
On a scale of one to ten, I would rate how easy it is to set up Wiz as nine, if ten is the easiest.
What about the implementation team?
I do not know how many people it took to deploy Wiz. However, it is always the vendor and probably my director that was in the position which I was before.
What was our ROI?
I do not know if Wiz has impacted our operational costs related to cloud security or any kind of return on investment or operational impact that it has for us.
Which other solutions did I evaluate?
I do not really know the main differences between Wiz and other vulnerability management solutions such as Defender, but they perform similar functions.
When comparing Wiz to Defender, I think they do almost the same thing. The only difference is that Defender will give you RISK call. However, Wiz can give you a risk call against your investment because it is not a Microsoft solution.
When comparing Wiz to Defender, I think they do almost the same thing. The only difference is that Defender will give you RISK call. However, Wiz can give you a risk call against your investment because it is not a Microsoft solution.
What other advice do I have?
I work in accounting with Wiz in a large enterprise business.
Wiz does not require a lot of maintenance on our side. It is just ease of use. Wiz maintains most of it.
I have not used Wiz's AI capabilities to enhance our security threat detection as I just started looking at it. I have not really done much with that so far.
Overall, I would rate Wiz as good. I get everything I want, just the same way it is for every other solution, so I am going to rate it nine out of ten.
I rate Wiz a nine out of ten instead of a ten until I use the solution based on use cases and exploitation of the product, and what it gives me. If I am able to do that in full capacity, then I will give it ten. This is just based on what I still see so far. Until I get to see the benefits and everything, then my rating might be different in two weeks' time. At this moment, this is how it is.
RISC call is what I mean by that, RISC (R I S K).
Wiz does not require a lot of maintenance on our side. It is just ease of use. Wiz maintains most of it.
I have not used Wiz's AI capabilities to enhance our security threat detection as I just started looking at it. I have not really done much with that so far.
Overall, I would rate Wiz as good. I get everything I want, just the same way it is for every other solution, so I am going to rate it nine out of ten.
I rate Wiz a nine out of ten instead of a ten until I use the solution based on use cases and exploitation of the product, and what it gives me. If I am able to do that in full capacity, then I will give it ten. This is just based on what I still see so far. Until I get to see the benefits and everything, then my rating might be different in two weeks' time. At this moment, this is how it is.
RISC call is what I mean by that, RISC (R I S K).
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
showing 1 - 10