We use Wiz in our cloud security management by connecting it to our main cloud environment and other multi-cloud solutions. It helps us consolidate and manage information and risks, dividing them between VPCs and business units. Wiz keeps all information up-to-date and helps us identify any toxic connections within our cloud implementations.
External reviews
763 reviews
from
and
External reviews are not included in the AWS star rating for the product.
Very good
What do you like best about the product?
The amount of scope/integrations and the ease of implementation as well
What do you dislike about the product?
This amount of integrations also creates an initial struggle on how to navigate inside the tool
What problems is the product solving and how is that benefiting you?
External perimeter management for cloud was the main gap
Visibility into your cloud env
What do you like best about the product?
The intuitive and user-friendly, making navigation and use straightforward.
The customer support is amazing! They are always available for urgent situations, with representatives ready to assist and jump on calls as needed.
Security graph allows you proactive threat hunting by utilizing Wiz capabilities effectively.
The customer support is amazing! They are always available for urgent situations, with representatives ready to assist and jump on calls as needed.
Security graph allows you proactive threat hunting by utilizing Wiz capabilities effectively.
What do you dislike about the product?
In complex scenarios, sometimes, it is difficult to determine why an alert is high or critical. There are many factors that determine the severity, and sometimes it is not clear what is the root cause.
What problems is the product solving and how is that benefiting you?
Wiz has helped us gain a unique and comprehensive view of our company's security posture. Integrating AWS, GCP, and Azure into a single dashboard has been incredible.
The Best Cloud Security Platform
What do you like best about the product?
Very easy to use user-interface
Easy to get access to customer support
The constant release of new features to add to an already broad feature set
The attack path mapping creates a contextual view beyond that of cloud native security services such as AWS Inspector/Security hub.
Easy to get access to customer support
The constant release of new features to add to an already broad feature set
The attack path mapping creates a contextual view beyond that of cloud native security services such as AWS Inspector/Security hub.
What do you dislike about the product?
Due to the scope of the product offering, the users of Wiz and Administrators, developers or SOC analysts, need to have a clear understanding of cloud service providers to make maximum use of it.
What problems is the product solving and how is that benefiting you?
Understanding cloud misconfigurations
Assisting us in cloud vulnerability management
Demonstrating compliance to CIS/PCI DSS to our regulators
Assisting us in cloud vulnerability management
Demonstrating compliance to CIS/PCI DSS to our regulators
Wiz helped us solve multiple challenges and has identified multiple ongoing risks in our cloud
What do you like best about the product?
Ability to detect vulnerabilities without network scanning. How it portrays our cloud network environment and shows the exposure points.
What do you dislike about the product?
I wish it did a better job at network threat detection. It mostly focuses on workload threat detection.
What problems is the product solving and how is that benefiting you?
Wiz helped us solve the problem of detecting vulnerabilities in a poorly architected cloud environment with overlapping subnets and inconsistent network reachability.
The best cloud security tool so far
What do you like best about the product?
The comprehensive UI and extensive security features are really waht differentiates from other tools
What do you dislike about the product?
The Infrastructure as Code findings do not have a direct integration button with ITSM tools like Jira.
What problems is the product solving and how is that benefiting you?
Our exposure management in the cloud was not the best until we started using Wiz. It collects information about all the exposed assets and creates an attach path graph that details perfectly the possible impact of the exposure.
Wiz Review - Nearly 1 Year In
What do you like best about the product?
The data and presentation of it. This allows our team to enable the development and devops teams to follow along and move closer to self service with Security curating the path.
What do you dislike about the product?
The available auto-remediation list could be larger and it would be great if there was more on the prevention side (CDR), greater DSPM capability. We are looking at more told to go deeper here.
What problems is the product solving and how is that benefiting you?
More of a centralized security view related to the cloud. Enablement of cross team security efforts.
Helps us consolidate and manage information and risks, dividing them between VPCs and business units
What is our primary use case?
What is most valuable?
The most valuable feature of Wiz is that it keeps information up to date without needing to perform scans or schedule maintenance windows. It provides a fresh snapshot of our vulnerability metrics. It also helps us make decisions on improvements, maintenance, or updates for our systems. Regarding compliance and governance, Wiz streamlines our vulnerability management to meet specific needs effectively.
What needs improvement?
The reporting should be improved because until a few months ago, the reports were only in CSV format, which made it difficult to clean up. Wiz tried to improve the reporting process, but it's not as valuable as Tenable.
For how long have I used the solution?
I have experience of using Wiz for more than a year.
What do I think about the scalability of the solution?
Wiz was quite scalable and easy to manage initially. However, as the solution became more costly with our growth, it posed some challenges. We had to work on managing costs and scaling according to our needs, which required some effort, but we were able to find a balance in terms of pricing and performance.
How are customer service and support?
It is difficult to get in touch with them initially. We had to get in touch every for our queries related to AWS and GCP marketplaces. However, once you need to discuss numbers, they are very responsive.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
I have worked with Tenable and Qualys. Wiz stands out in deployment ease and resource consumption compared to Qualys or Tenable. Its simplified processes and snapshot features make it a preferred choice.
How was the initial setup?
The initial setup was easy. We need to key details, therefore setting up Wiz very easily. It’s easier than Tenable, which requires deploying infrastructure and handling the associated costs. Deploying Wiz took about one month due to our multi-cloud services, but the main cloud service took less than a week.
Wiz requires no maintenance since it is a SaaS, but if we need to deploy a new service or have any issues, the technical support is really helpful without additional costs. Once integrated, it is very easy to maintain.
What about the implementation team?
We took help from an external account manager and a technical account manager from Wiz. Our team consisted of three people: a DevOps engineer, a TechOps engineer, and the person responsible for the implementation.
What was our ROI?
Using Wiz has significantly reduced our costs compared to having three separate solutions. We estimate a cost reduction of around 35% to 50%, or even more, due to consolidating our security management into one platform. This operational impact has been one of the most significant benefits we've experienced with Wiz.
What's my experience with pricing, setup cost, and licensing?
Regarding pricing, it’s more than $100k because we have a very big infrastructure. Our environment supports around three thousand people, and we offer business-to-client financial services to around one million clients, so we rely heavily on Wiz.
What other advice do I have?
I'd recommend Wiz, especially if reporting improvements are made. I rate Wiz an episode ght out of ten primarily due to reporting challenges.
An agentless cloud assets vulnerability scanner which akes snapshots and then scans
What is our primary use case?
Wiz is an agentless cloud assets vulnerability scanner. You don't need to install anything to use any of the machines. It takes snapshots and then scans it. It is interesting because all other scanners need to install some agent.
How has it helped my organization?
This solution is designed to be agentless. This approach saves bandwidth and other resources. Nobody needs to report anything or send packages to the backend. Everything operates as a SaaS solution. They perform snapshots and alerting, converting the data into metadata, which they then analyze and return. Thus, the SaaS solution handles the entire process without requiring additional effort from us.
What is most valuable?
Wiz is a very powerful and easy-to-use tool. It's highly customizable, allowing us to manage many custom features effectively.
What needs improvement?
You need to enter numbers manually. Now, everyone has to press to proceed. Wiz still requires managing all the numbers on the web page. Wiz could enhance API integration with ServiceNow and Jira.
For how long have I used the solution?
I have been using Wiz for six months.
Which solution did I use previously and why did I switch?
How was the initial setup?
The initial setup is straightforward and takes two to three weeks to complete.
What's my experience with pricing, setup cost, and licensing?
Wiz is quite expensive. However, having a comprehensive view of your cloud environment is essential. On-premises systems are much easier to track, but managing numerous instances in the cloud requires enhanced visibility.
We are paying 250k per year.
For our business case, we needed Wiz to meet regulatory requirements and quickly identify public exposure vulnerabilities, such as publicly accessible instances or resources. This information immediately helps prevent vulnerabilities within your business environment, providing a cybersecurity advantage. While this doesn't translate to direct financial benefits, it helps prevent potential breaches and escalations, which is invaluable. Like other security tools, Wiz incurs a cost, but its value lies in enhanced security rather than financial gain.
What other advice do I have?
Wiz's scanning and detection capabilities can identify vulnerabilities potentially affecting the cloud or exposure. It's not solely focused on database issues. It performs various tasks effectively. The categorization is excellent, the dashboards are informative, and the reporting features are robust. Additionally, you can create highly customizable reports.
Everything works using a CI/CD pipeline, which is very good because every DevOps engineer can manage it by simply creating some code around the message request. Wiz works fine and is fully compliant with CI/CD. The workflow and the tasks align with industry standards.
We can configure any compliance framework for checking with Wiz. For example, you can select frameworks such as GDPR, AWS Fundamentals, and CI/CD. You can configure the tool based on the recommendations provided by these frameworks. If your company has specific requirements, like allowing an 8-character password while the state requires 12 characters, you can customize the settings accordingly. Wiz will then assess compliance based on these customized parameters, and if everything meets the set criteria, it will confirm that you are compliant.
You have everything in one dashboard. The dashboard and reports are quite literally perfect. Since everything is in one dashboard, you can customize the reports to show only the columns you want to see. For example, you can exclude low-risk items so you don't get notifications about low-risk issues that do not impact your compliance status.
Wiz has some AI features for consolidation, but it's not customizable. What VMware offers is similar, but there's not much to choose between. You either have a batch compliance agreement, or you don't. Wiz's framework complies with requirements, or it doesn't. It's a vulnerability management tool similar to Kangaroo but with better AI documentation features. You can ask questions about how to do something, and the AI will provide the relevant information. This feature is built into the system.
Overall, I rate the solution a ten out of ten.
Best CSPM I’ve used plus much more
What do you like best about the product?
We looked at Wiz to replace our previous CSPM and it did a great job at that. However, we found that it's also awesome at dependency management and showing context around alerts.
What do you dislike about the product?
The automation capabilities aren't as strong as other competitors, and what was once a single-SKU, everything-you-need platform has become more fragmented as they acquire other companies and add features. I like the new features, but the pricing is becoming less friendly.
What problems is the product solving and how is that benefiting you?
Wiz takes care of pretty much our entire cloud security stack and DevSecOps efforts. We've licensed Wiz Code for CI/CD scans and will use their SAST product as soon as it launches.
Great CSPM tool for getting an handle on cloud workloads
What do you like best about the product?
Graph search feature allows complex querying of cloud assets
What do you dislike about the product?
Support is a little slow
CI/CD Scans Vulnerabiity rankings do not align with findings within the system's "toxic combinations"
CI/CD Scans Vulnerabiity rankings do not align with findings within the system's "toxic combinations"
What problems is the product solving and how is that benefiting you?
Wiz is helping us to understand and monitor our cloud workloads.
showing 181 - 190