My use cases for Wiz mostly revolve around cloud security posture management, compliance, internal opex reporting, and shift-left security tooling, centered around compliance and cloud security shift-left.
External reviews
743 reviews
from
and
External reviews are not included in the AWS star rating for the product.
Enables comprehensive visibility into cloud risks and supports tailored compliance reporting across teams
What is our primary use case?
What is most valuable?
What I appreciate most about Wiz is that the compliance and CSPM aspects of this cloud-native application protection offering are genuinely better than other products available in the market. Having worked on Prisma, Orca, and Qualys as well, when I compare Wiz with everything else, it definitely has an edge. The graph queries and graph explorer in Wiz are exceptionally well done by their team, giving me a complete view of resources, how they relate to other resources in the account or in other accounts, and how they pose an external threat or risk.
I have created boards in Wiz for internal projects and teams depending on what product line it is, and I have tried creating custom dashboards. My experience with creating custom dashboards is that it is neither easy nor difficult; it is somewhere in between. Obviously, it is not the same as Power BI or any other visualization tool, so I understand it will not be at that level, but it gets the job done. I get a high-level overview of trends of the findings or non-compliant items, and it accomplishes what I need. I also do not expect it to be at that level because that is not what it is built for.
What needs improvement?
I really cannot think of anything that Wiz can improve, because the use cases I deal with have almost all features that cater to them, so I really do not have anything in mind right now.
One thing Wiz can do better is regarding support for the open-source fork of Terraform called OpenTofu. Many organizations are moving from Terraform to OpenTofu to save costs in licensing, but their documentation does not officially state that they are supporting OpenTofu, so that would be beneficial to have. Since it is just a copy of Terraform, it should not be a difficult addition, but that would be a valuable feature.
For how long have I used the solution?
I have been using Wiz in my career for close to one and a half years.
What do I think about the stability of the solution?
I have seen some lagging or downtime a couple of times, but I am not sure why it happened. It was just a couple of times, and it did not impact what I was doing.
What do I think about the scalability of the solution?
Wiz is very scalable.
How are customer service and support?
I have contacted Wiz's technical support. The quality and speed of the support are very good; most of the time, I do get the answers I am looking for, and if not, the team works internally. If there is no feature, they raise a feature request for us, so it has been very good. On a scale from 1 to 10, I would give Wiz's support a 10.
How would you rate customer service and support?
Positive
How was the initial setup?
The initial deployment of Wiz is very easy for me. The first time I deployed Wiz, it took me approximately 10 to 20 minutes, depending on the availability of the other team. When they are available, I usually get it done within 10 or 15 minutes, or even less than that when we have all the prerequisites ready.
What about the implementation team?
Wiz does require some maintenance on my end, but it is minimal. The maintenance involves configuring connectors for Wiz, and it does require a few permissions for Wiz to scan the cloud accounts and other resources. That is the only maintenance needed, such as adding or updating the role in Wiz if other permissions or services introduced by the cloud provider are not covered.
Which other solutions did I evaluate?
I have used some alternatives and similar solutions to Wiz. I remember the names of those alternatives; one is Palo Alto's Prisma Cloud, and the other was Qualys' tool, which was kind of a makeshift tool, not a full-fledged CSPM, but they called it CSPM. When I compare Wiz to those tools, I prefer Wiz a lot more because it is definitely a couple of notches above all those tools. They have done much better with their UI, which is very organized, whereas Prisma is mostly a lot of acquisitions and a lot of tools stitched together and offered as a SaaS solution. Not saying it is bad, but Wiz does it better than what they have been doing.
What other advice do I have?
I personally have not worked on Wiz Runtime Sensor, so I cannot really comment on whether it has helped identify active threats more effectively compared to any other solutions that I have used. We have plans, but not yet. I would rate this review overall as a 9.
Revolutionized Our Cloud Security Posutre with Unmatched Visibility and Support
What do you like best about the product?
Wiz has become and invaluable tool for our cloud security posture. The platform provides full visibility into all layers of our workload and cloud environments, which has been a game-changer for our security team.
It is amazing to see how different assets and resources are connected to each other. This contextual relationship helps us understand the risks and potential blast radius of vulnerability and misconfigurations in ways we have not been able to view before.
I also have to highlight that the Support team is exceptional. Our Account Manager and Technical Support team has been incredibly responsive, knowledgeable and genuinely invested in help us get the most value out of Wiz.
It is amazing to see how different assets and resources are connected to each other. This contextual relationship helps us understand the risks and potential blast radius of vulnerability and misconfigurations in ways we have not been able to view before.
I also have to highlight that the Support team is exceptional. Our Account Manager and Technical Support team has been incredibly responsive, knowledgeable and genuinely invested in help us get the most value out of Wiz.
What do you dislike about the product?
My main critique is that Wiz is overwhelming at first. Wiz does so much that it can be challenging to know where to start. Its breadth of features and insights, while ultimately its strengths, creates a steep initial learning curve for new users to the platform.
What problems is the product solving and how is that benefiting you?
Wiz has fundamentally transformed how we approach cloud security management. The platform gives us visibility across our entire cloud environment, eliminating the blind spots that previously existed when trying to piece together information from multiple tools and consoles.
Having a single pane of glass to view all cloud resources, issues, and findings has dramatically improved our efficiency. Instead of context-switching between different dashboards and security tools, our team can now see everything in one place, which speeds up investigation and remediation times significantly.
The automation capabilities have been particularly valuable – Wiz automatically notifies the appropriate teams of vulnerabilities based on our configured rules and workflows. This means critical issues reach the right people immediately without manual triage, reducing our mean time to response.
Perhaps most importantly for our organization, Wiz ensures we adhere to the strictest security standards. The platform's compliance frameworks and continuous monitoring help us maintain our security posture and demonstrate compliance to auditors and stakeholders. This has reduced the stress and manual effort that previously went into compliance reporting, while giving us confidence that we're meeting our security obligations.
Having a single pane of glass to view all cloud resources, issues, and findings has dramatically improved our efficiency. Instead of context-switching between different dashboards and security tools, our team can now see everything in one place, which speeds up investigation and remediation times significantly.
The automation capabilities have been particularly valuable – Wiz automatically notifies the appropriate teams of vulnerabilities based on our configured rules and workflows. This means critical issues reach the right people immediately without manual triage, reducing our mean time to response.
Perhaps most importantly for our organization, Wiz ensures we adhere to the strictest security standards. The platform's compliance frameworks and continuous monitoring help us maintain our security posture and demonstrate compliance to auditors and stakeholders. This has reduced the stress and manual effort that previously went into compliance reporting, while giving us confidence that we're meeting our security obligations.
Streamlines cloud risk prioritization and accelerates resolution of critical vulnerabilities and IAM issues
What is our primary use case?
I have used Wiz for security findings, which includes dashboards with the main purpose of Cloud Security Posture Management. Wiz scans all cloud accounts to detect misconfigurations, open ports, publicly exposed resources, and weak IAM permissions. I also utilize it for vulnerability management, such as VMs, containers, serverless functions, and any IAM risky visibilities. I use Wiz for all these things as I work on these areas most of the time. Essentially, it is a cloud risk tool that prioritizes the most critical issues, allowing me to address high-yield issues quickly with the help of Wiz's architecture.
Achieving zero critical issues in Wiz means eliminating all critical severity securities across the cloud platform, which is a significant goal for our cloud security teams. I utilize the Risk Graph to identify real critical issues, prioritizing the resolution of public exposures and patching high and critical CVEs. I track OS-level and package vulnerabilities that need fixing, and sometimes when our OS isn't updated, it flags the errors. My processes involve patching libraries, upgrading AMIs, and removing secrets found in workloads, such as rotating keys for public IPs or un-updated software and databases. It is critical to implement least privilege measures for IAM risks, ensuring admin access is minimized. Moreover, I encrypt all storage and use tags to separate non-production issues according to different environments such as dev, stage, or prod. Utilizing Wiz projects, I segment teams such as network, platform, application, or DevOps so that each team handles their assigned issues, boosting closure speed. I also automate workflows through Jira to create tickets for critical exposures or IAM risks. Thus, achieving zero criticals in Wiz reflects my commitment to eradicating public exposures, patching critical vulnerabilities, and addressing IAM risks, ensuring I adhere to cloud best practices.
What is most valuable?
I love this interface because it is very clean, neat, and easy to understand. It includes the CNAPP and CSPM security features and extensively uses detection for vulnerabilities and misconfigurations. Everything is present on the dashboard. My personal interest lies in agentless scanning, which I consider the most powerful feature. The unique capability I can highlight is Attack Path Analysis, which identifies the exact path an attacker can exploit by correlating network exposure and any misconfigurations. Additionally, the unified Risk Graph is a very strong feature that helps teams find the most critical issues. I appreciate the accurate prioritization, which saves a great deal of time. Overall, Wiz provides a full CNAPP platform, encompassing CSPM, vulnerability management, IaC scanning, and more. I really appreciate these elements, and the dashboard is also very good.
What needs improvement?
I do not identify many areas for improvement, but I believe dashboard customization is somewhat limited. While the dashboards are quite good, the variety of widget types is restricted; I cannot fully customize colors or create complex multi-level dashboards. There is also alert noise in larger environments that generates duplicate alerts for the same issues under different categories. Furthermore, remediation automation is limited; Wiz suggests fixes but lacks auto-remediation for many issues. Compared to Prisma, the auto-resolve options are fewer. Although I have heard about deeper container and K8s scanning capabilities, I do not have a clear understanding of what that entails. I perceive that real-time cluster events are also somewhat limited. Regarding the reports, I face limitations in fully customizing PDF reports.
For how long have I used the solution?
I have been using Wiz for more than eight months.
How was the initial setup?
The setup for Wiz is a one-time configuration, similar to setups in ServiceNow or Ultimatics. This one-time setup ensures proper cloud integration, assessing the type of cloud account, the API permissions in place, and avoiding mistakes during the initial configuration. It highlights any missing requirements, such as IAM roles or permissions, and shows failed connections to allow for quick fixes. Agentless scanning is feasible, so this setup ensures proper configurations are in place. Additionally, it aids the administration in understanding what has been completed versus what remains pending. In summary, it guides onboarding tools to configure cloud accounts, permissions, and integrations accurately and prevents security visibility gaps while reducing onboarding errors.
The deployment time is not measured in days, weeks, or months; rather, it typically takes between five to ten minutes at most. IAM configurations and similar setups may take about two to three minutes.
Which other solutions did I evaluate?
When comparing Wiz with other solutions on the market, I note that my initial experience was with Prisma Cloud. Wiz stands out for its strengths, particularly in agentless scanning and graph-based risk prioritization, in addition to its comprehensive CNAPP capabilities and multi-cloud coverage. However, I recognize that certain areas, such as runtime threat detection and response, might be handled better by other vendors; while Wiz excels in posture and risk analysis, its runtime protection may not be as advanced as specialized tools designed for workload protection. Other tools might offer better capabilities for behavioral or anomaly detection, as Wiz may not capture the most subtle runtime issues. For instance, scanning public and private buckets requires waiting for scheduled scans or conducting manual scans, which can take significant time to yield updated records. While other vendors might possess better flexibility, the overall effectiveness depends heavily on data size and volume. I observe that legacy security vendor solutions offer mature enterprise support, while newer CNAPP solutions such as Wiz move rapidly but face trade-offs in large regulated enterprises. Overall, Wiz receives high ratings for its innovation and speed, which are great qualities despite some areas requiring improvement. So, in summary, I consider Wiz one of the strongest CNAPP platforms due to its agentless scanning architecture, making it lighter to deploy than competitors such as Prisma Cloud or Lacework. Nonetheless, organizations needing deep runtime protection or specialized identity entitlement management might want to explore other platforms, but I can definitely recommend Wiz for various needs.
What other advice do I have?
For the dashboard itself, it is a very simple and clear function. I generally go to the dashboards to create and add widgets for vulnerability by severity, public exposure, or misconfigurations. I also include widgets such as graphs or tables based on my requirements. I utilize saved views for custom data, which filters the exact information I have in the dashboard, for example, all AWS EC2 instances with critical CVEs or public-facing VMs with secret keys. Multiple sections include critical compliance and posture scores, and I apply filters at the dashboard level too. Essentially, I have almost everything available in terms of customization. I simply need to understand how to use Wiz dashboard in conjunction with my project requirements. Although Wiz is a relatively new tool and I have only worked on a portion of its capabilities, I can refer to the documentation to successfully carry out the needed customizations.
I find the pricing to be cost-effective, as Wiz includes features that many other vendors lack. It seems reasonable when compared to alternatives. Overall, pricing can vary significantly based on Wiz's licensing of workloads, which depends on the number of VMs, containers, and functions I deploy. However, I can request volume-based discounts for larger deployments, especially if managing numerous workloads. Hence, I classify Wiz as cost-effective.
I notice that redeployment is generally very easy compared to other CNAPP tools because it is agentless. The agentless architecture permits multiple operations without the need for redeployment. I only need to connect to the cloud, set up scans, and ensure workload visibility, making the entire process straightforward.
The results from using Wiz have been quite positive; it effectively reduces alert fatigue within my organization. It is clearly a time-efficient solution, which enhances operational efficiency.
I indeed consolidate tools when using Wiz, effectively streamlining processes to enhance focus on critical risks. I would rate this solution a nine out of ten.
Effortless Inventory and Vulnerability Management with Wiz
What do you like best about the product?
Wiz is incredibly easy to use. I find it much simpler to search through all my inventory and vulnerabilities with Wiz, rather than having to sift through countless pages elsewhere.
It includes all the enterprise feature everyone needs.
The customer support is amazing, they reach out to me a lot to make sure we improve our posture and make sure to keep up with best practices.
Implementation and Integration wise it's really easy, you click on few buttons and that's it everything is up and ready inside any cloud, if you have any issue the CS Team will be there to assist.
I'm using Wiz every week for few hours in order to make sure that everything is set up correctly, and there is nothing exposed to vulerabilities.
It includes all the enterprise feature everyone needs.
The customer support is amazing, they reach out to me a lot to make sure we improve our posture and make sure to keep up with best practices.
Implementation and Integration wise it's really easy, you click on few buttons and that's it everything is up and ready inside any cloud, if you have any issue the CS Team will be there to assist.
I'm using Wiz every week for few hours in order to make sure that everything is set up correctly, and there is nothing exposed to vulerabilities.
What do you dislike about the product?
I honestly can't find anything to dislike about Wiz; it offers everything I need.
What problems is the product solving and how is that benefiting you?
By scanning all of my cloud environments, I am able to maintain a proper security posture across each of them. This process helps ensure that my security standards are consistently upheld throughout all clouds.
Outstanding Threat Visualization and Asset Management
What do you like best about the product?
UI presentation of threats and all the associated assets. Onboarding and customer support has been great.
What do you dislike about the product?
Currently not supporting Tier 2 cloud providers (i.e. nebius, coreweave, lightingAI).
What problems is the product solving and how is that benefiting you?
Runtime visibility into containers has been awesome. As well as misconfigured cloud settings are really helpful.
Exceptional Code-to-Cloud Visibility with Effortless Deployment
What do you like best about the product?
The platform offers strong code-to-cloud visibility and provides meaningful insights into cloud risks. I also appreciate its excellent product roadmap and the straightforward deployment process, which makes it easy to use.
What do you dislike about the product?
The platform can become confusing due to the depth and breadth of its capabilities. There are certain edge cases where Wiz is unable to perform cloud security scanning, such as with private cloud resources. Additionally, some features, like exposure management, are still in the early stages of development.
What problems is the product solving and how is that benefiting you?
This product offers comprehensive security features, including application security, cloud security, and enhanced cloud visibility. It provides end-to-end security coverage, ensuring visibility from the initial code stage through to cloud deployment and runtime operations.
Wiz Delivers Real-Time Cloud Security Insights with Confidence
What do you like best about the product?
Wiz has truly transformed the way our security teams, engineers, and developers work. We were able to set it up within a few days, and the integration process was extremely straightforward. Almost immediately, it began delivering in-depth insights into nearly every facet of our cloud environments in real time, giving us a high level of confidence in the data and results it provides. The support we've received, both during the initial deployment and afterwards, has been outstanding. My teams rely on Wiz daily, and it has rapidly become an essential part of our operations.
What do you dislike about the product?
We would appreciate it if the product could offer additional capabilities and features, as this would allow us to phase out some of our on-premises scanning tools. I am aware that some of these enhancements are already planned for future updates.
What problems is the product solving and how is that benefiting you?
We transitioned significant parts of our enterprise to managed cloud services and needed comprehensive security visibility for these newly deployed critical workloads and data sets. Wiz was able to deploy rapidly, scale to support multiple teams, and deliver reliable, accurate results that benefited not only the security team but also the platform teams and cloud engineers.
Cloud and Network Security Team Lead
What do you like best about the product?
What I appreciate most about Wiz is how simple it is to integrate with my various cloud providers. Additionally, the sheer number of integrations with different tools, combined with the API it provides, allows us to extract valuable data. This enables us to enhance our security across all of our resources to an even greater degree.
What do you dislike about the product?
Since I have a hybrid environment, what I would like from Wiz is a simpler way to integrate my on-premise environments.
What problems is the product solving and how is that benefiting you?
Since we have a large M&A process, I am able to integrate Wiz quickly and easily assess the status of newly acquired companies. The platform provides dashboards that are straightforward for the executive team to understand and monitor.
Wiz Makes Cloud Security Simple and Smart
What do you like best about the product?
Wiz is an incredibly easy tool to activate and use — setup requires minimal configuration effort, and the onboarding process is straightforward. Once operational, it provides a comprehensive and intuitive dashboard that allows teams to easily prioritize their remediation and improvement activities based on risk visibility and context.
In our organization, multiple teams use Wiz daily, including Security, DevOps, IT, and Compliance. This cross-team adoption has greatly improved collaboration and consistency in managing cloud security and compliance posture.
Another strong point is the seamless integration capabilities — connecting Wiz with other tools enhances its value and automates parts of the workflow. Finally, it’s worth highlighting that new features are frequently released, continuously improving the platform and keeping it aligned with the latest security needs.
The support team is very competent and quick to respond to questions.
Overall, Wiz stands out for its simplicity, effectiveness, and continuous innovation.
In our organization, multiple teams use Wiz daily, including Security, DevOps, IT, and Compliance. This cross-team adoption has greatly improved collaboration and consistency in managing cloud security and compliance posture.
Another strong point is the seamless integration capabilities — connecting Wiz with other tools enhances its value and automates parts of the workflow. Finally, it’s worth highlighting that new features are frequently released, continuously improving the platform and keeping it aligned with the latest security needs.
The support team is very competent and quick to respond to questions.
Overall, Wiz stands out for its simplicity, effectiveness, and continuous innovation.
What do you dislike about the product?
One aspect that could be improved is the initial learning experience. Since the platform offers a wide range of features and insights, it can feel a bit overwhelming at first. For users who are not deeply specialized in cloud environments, it may take some time to become fully comfortable and to grasp the full value Wiz provides.
What problems is the product solving and how is that benefiting you?
Wiz helps us gain complete visibility and control over our cloud environments, identifying misconfigurations, vulnerabilities, and compliance risks across multiple platforms in a single view. It significantly reduces the time needed to detect and prioritize issues by correlating them with context — such as exposure, permissions, and data sensitivity.
This has allowed our Security, DevOps, IT, and Compliance teams to collaborate more effectively, focus on what really matters, and take action faster. Overall, Wiz has improved our risk management, compliance posture, and operational efficiency across the organization.
This has allowed our Security, DevOps, IT, and Compliance teams to collaborate more effectively, focus on what really matters, and take action faster. Overall, Wiz has improved our risk management, compliance posture, and operational efficiency across the organization.
Effortless Setup and Actionable Insights with Outstanding Developer Experience
What do you like best about the product?
The agent-less architecture allowed us to get started in just a few hours rather than weeks. There were no complicated deployments or issues with agent sprawl—simply connect your cloud accounts and begin scanning. What truly sets the platform apart is the developer experience. The platform communicates in a way that makes sense to us, providing clear, actionable findings along with meaningful context about why an issue is important and how to address it. The graph-based method for visualizing attack paths is especially impressive. Rather than being overwhelmed by thousands of unrelated vulnerabilities, we can now identify which ones are truly significant based on actual exposure risk.
What do you dislike about the product?
To be honest, there isn't much to criticize. While the pricing may be high for smaller organizations, the extensive coverage and the amount of time saved make the return on investment worthwhile. At first, the number of alerts can feel overwhelming until you adjust the policies to fit your environment, but this is fairly typical for most security tools.
What problems is the product solving and how is that benefiting you?
With shift-left security, our developers are able to identify issues much earlier in the pipeline, which helps reduce incidents in production. Compliance has also become more manageable, as automated compliance mapping now saves us weeks of work during audit season. Additionally, our mean time to resolution has improved significantly, since clear remediation guidance allows our team to address vulnerabilities three times faster than before.
showing 1 - 10