I use Wiz for visibility, cloud visibility, and inventory. We will be using it for prioritizing toxic combinations like risk analysis or vulnerability management and compliance and governments.
External reviews
783 reviews
from
and
External reviews are not included in the AWS star rating for the product.
CSP-Agnostic, User-Friendly Risk Visibility in One Pane
What do you like best about the product?
Wiz is CSP-agnostic and brings all risk issues into a single pane. It also has interesting features like runtime monitoring, threat detection, and SBOM. I especially like that it has a very user-friendly interface anyone can learn it quickly and use it with ease.
What do you dislike about the product?
There’s no clear definition of ETA for certain features. Also, there’s no way to submit an enhancement or feature request through the Wiz platform.
What problems is the product solving and how is that benefiting you?
Cloud cost is a concern for us. We also rely on a third-party SIEM to ingest Kubernetes logs, which adds extra complexity. On top of that, using separate vulnerability management products isn’t as efficient or effective as Wiz. Overall, issues and vulnerabilities feel scattered rather than consolidated in one place.
Wiz.io: A Strong Primary CNAPP and CWP Platform
What do you like best about the product?
Wiz.io has been operationalized as the County’s primary Cloud Native Application Protection Platform (CNAPP) and Cloud Workload Protection (CWP) platform.
What do you dislike about the product?
I would have to honestly say that I would not classify as a dislike, however sometimes it is easy to get lost in the console/dashboard.
What problems is the product solving and how is that benefiting you?
Under the CGO Governance, Risk & Compliance (GRC) program, Wiz.io has been operationalized to provide our section with a single pane-of-glass view into our CSP environment, enabling us to take operational action quickly and efficiently.
Cloud risks have been prioritized and investigations are now faster with automated visibility
What is our primary use case?
What is most valuable?
The best features in Wiz are visibility and the security graph, which is one of the main core components of Wiz. Instead of flat results, Wiz builds a digital twin of your entire cloud environment such as AWS and Azure. A site scanning option is also available. One of the main features is automated compliance mapping in Wiz.
As a security analyst, I would say automated compliance mapping is one of the important features because many companies do not actually know everything they have running in the cloud. Wiz provides a single pane of glass to see shadow IT, discovering any forgotten database or server created by developers during unmonitored periods. Multi-cloud management allows seeing assets across different providers, such as AWS and Azure, and maintaining a real-time list of virtual machines, serverless functions, buckets, and containers.
Wiz is a full-scale cloud detection and response platform. Agentless scanning is taking a high-resolution photo of your house once an hour to check for unlocked windows. Runtime is having a motion-activated security camera or a guard on site for twenty-four seven. Unlike other traditional agents that slow down servers, Wiz uses extended Berkeley Packet Filter, which is one of the major key features. It is incredibly lightweight and provides deep visibility into containers and Kubernetes nodes, where agentless snapshots might miss live execution details compared to the previous tool I have worked with.
The security graph takes you to zero through the toxic combination filter, which is the fastest way to clear the queue by focusing on the security graph and its logic with a high CVSS score, vulnerability that is exposed and has server identity that can reach sensitive data. Resolving those specific combinations first means that once the path is broken, for example by closing a port or stripping a permission, the issue moves to zero. To automate that remediation and keep the queue at zero, you cannot rely on manual clicks, so you can set up automation rules that automatically resolve critical issues in Jira or ServiceNow. Serverless cleanup will trigger a Lambda function to automatically remove any permissive IAM role and quarantine any suspicious container the moment Wiz detects it.
Wiz reduces alert fatigue. Unlike traditional scanners, Wiz uses a security graph to filter out the noise. Time to value is achieved through agentless deployment. Wiz connects via API rather than requiring software installation on every server. It provides one hundred percent visibility in minutes, which is one of the key benefits.
For time saving, I have reduced around forty to fifty percent time reduction in investigation by using the Security Graph to show exactly how an attacker could reach a database. That almost saves seventy percent of my time. Instead of manually tracking, which would take much time, it saves overall around forty to fifty percent. The alert volume will decrease almost eighty to ninety percent. SLA issues are also addressed. While using this, I do not have to be afraid of facing any SLA issues since it will reduce almost all the backlogs, ensuring all the critical vulnerabilities are fixed within their required policy window. For cost saving, replacing several point solutions with one platform is absolutely cost saving compared to many other products in the market.
What needs improvement?
Everything Wiz has in place is good enough to analyze things.
Nothing has to be added in the future.
The alert fatigue zero issues and priority-based consolidation security graph and anything that has in it easily make it rate eight, including its customer service and support team service. Two percent would be that the loading time is taking a bit longer while loading the graph, and while navigating to other links, that is also taking some time. That is why I am giving it an eight instead of a ten.
For how long have I used the solution?
I have been working with Wiz for almost five years.
What do I think about the stability of the solution?
I have not faced any stability issues during my use of Wiz.
What do I think about the scalability of the solution?
I have not experienced any scalability issues.
How are customer service and support?
The customer support in Wiz is really good. They are super quick to answer the queries that I am facing or any kind of issues that I am facing. They are responsive over time. The onboarding was easy and smooth.
The support team is really helpful, and whenever I raise any kind of ticket about issues I am facing, they will immediately respond to it.
How would you rate customer service and support?
Positive
How was the initial setup?
It was easy while onboarding Wiz.
What about the implementation team?
Wiz was purchased from the same marketplace. I did not buy it from a different place.
What was our ROI?
Wiz is absolutely cost-effective.
What's my experience with pricing, setup cost, and licensing?
The setup cost is somewhere around twenty-four thousand dollars based on your organization's size.
What other advice do I have?
Wiz does consolidate the issue and the priorities and the containers. I would recommend Wiz because of its time-saving ability. You can almost see what are the criticalities that are there and the consolidation feature that is also there in Wiz. Majorly, the security graph will give you a deep information to analyze things in a much better way.
Traditional scanners and other tools do not treat every vulnerability as a priority. Wiz has the security graph to filter out the noise and by only surfacing toxic combinations, security teams can stop chasing thousands of low-risk patches and focus on the few that actually matter. It allows a small security team to manage a massive complex cloud environment without hiring dozens of additional users to look into it.
For any organization who want to think of moving to Wiz, the Security Graph feature is amazing and awesome. It will give you deeper information than any other tools does. That is the main thing to consider. Overall, I rate this product an eight.
Which deployment model are you using for this solution?
Hybrid Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Amazon Web Services (AWS)
Very Capable APIs and complete product
What do you like best about the product?
The APIs of the product are very capable.
What do you dislike about the product?
There are some inconsistencies in the behaviours of Wiz Code scans, for example, I do not see the same results from performing an IaC scan via wiz cli and having Wiz scan for itself. One can also get overwhelmed by the amount of side popups.
What problems is the product solving and how is that benefiting you?
I'm actively using Wiz Code and it is covering most of the traditional scan methods that an Application Security program does with just the Wiz Code product.
Easy Investigations with a Feature-Rich Toolkit
What do you like best about the product?
Easy investigation and quick releases of new features.
What do you dislike about the product?
All is good in the product, the cost is high
What problems is the product solving and how is that benefiting you?
Provide clear priority between issues and find issues, provide CSPM
Wiz Delivers Exceptional Cloud Visibility and Actionable Security Insights
What do you like best about the product?
Wiz has become an essential part of our cloud security ecosystem. The platform provides exceptional visibility across all cloud environments, allowing us to quickly identify risks, misconfigurations, and toxic combinations that would otherwise go unnoticed.
Its ease of use, intuitive interface, and powerful correlation engine significantly streamline our security operations. Integrations are seamless, deployment is fast, and the insights are both actionable and highly reliable.
Overall, Wiz enables us to proactively strengthen our security posture with minimal effort, and I’m extremely satisfied with the product.
Its ease of use, intuitive interface, and powerful correlation engine significantly streamline our security operations. Integrations are seamless, deployment is fast, and the insights are both actionable and highly reliable.
Overall, Wiz enables us to proactively strengthen our security posture with minimal effort, and I’m extremely satisfied with the product.
What do you dislike about the product?
There is very little to criticize. The platform is continuously improving, and while some advanced features may require deeper tuning to match specific organizational needs, this is minor compared to the value Wiz delivers. The product is strong, stable, and consistently meets — and often exceeds — expectations.
What problems is the product solving and how is that benefiting you?
Wiz helps us address one of the most significant challenges in cloud security: achieving full visibility into complex, multi‑cloud environments. Before using Wiz, identifying risks, misconfigurations, and hidden attack paths required multiple tools and manual correlation. Wiz centralizes all this information into a single, unified platform, giving us a clear and immediate understanding of our security posture.
The platform’s ability to automatically surface toxic combinations, prioritize vulnerabilities based on real context, and map potential attack vectors dramatically improves our response time and reduces operational overhead. This allows our security team to focus on meaningful remediation instead of spending time piecing data together. Overall, Wiz enables us to strengthen our cloud security posture efficiently, proactively, and with significantly greater accuracy.
The platform’s ability to automatically surface toxic combinations, prioritize vulnerabilities based on real context, and map potential attack vectors dramatically improves our response time and reduces operational overhead. This allows our security team to focus on meaningful remediation instead of spending time piecing data together. Overall, Wiz enables us to strengthen our cloud security posture efficiently, proactively, and with significantly greater accuracy.
Explanatory Graphics That Make Threat Prioritization Easy
What do you like best about the product?
It provides a very explanatory graphic that helps prioritize and resolve threats, from development to production deployment.
What do you dislike about the product?
The way the solution is licensed makes it difficult for customers to have clarity about the associated costs
What problems is the product solving and how is that benefiting you?
Visibility and priority of incidents that could occur in the different clouds used by companies
Easy Implementation, Excellent Visibility
What do you like best about the product?
I like that Wiz is very simple and quick to implement. It doesn't require agents, and in just a few hours we already have the first visibility information of the cloud environment. This ease of implementation really requires fewer resources and speeds up the process of offering services to clients. The integration with platforms like Splunk and CrowdStrike is very valuable because it allows sending alerts and helps in event correlation, which is useful for threat intelligence.
What do you dislike about the product?
Sizing to acquire Wiz is not straightforward because it is priced based on the number of workloads a client has. This complicates the process, as the client is not always aware of their inventory and it is necessary to run a script to obtain that information. However, some clients do not allow the execution of scripts, which can create an obstacle in generating an inventory and add risk to the sizing.
What problems is the product solving and how is that benefiting you?
I use Wiz to solve visibility issues, find exposed assets, and assess workloads in clouds. It also helps detect misconfigurations and minimize cybersecurity risks, while the implementation is simple and fast, providing visibility of the environment in a short time.
Effortless Cloud Security with Wiz
What do you like best about the product?
I find Wiz incredibly useful for identifying the security weaknesses of cloud applications and infrastructure. It helps detect and close vulnerabilities and threats effectively. I like that Wiz performs a daily scan of assets, which means I can see live data on whether vulnerabilities have been mitigated. This feature helps secure cloud apps without the need for manual daily scanning. The initial setup is easy too, almost like plug and play by connecting the cloud subscriptions to Wiz and then letting it do its magic.
What do you dislike about the product?
Logging into Wiz can be tricky when multiple tenants are involved, and some sections of the reports need improvement.
What problems is the product solving and how is that benefiting you?
I use Wiz to identify security weaknesses and cloud infrastructure misconfigurations, which helps detect and close vulnerabilities. The daily scans provide live data on asset security, enabling us to secure cloud apps efficiently without manual checks.
Wiz Delivers Outstanding CSPM and Continuous Improvements
What do you like best about the product?
As a second-time customer of Wiz, I knew the CSPM was great and research told me it was still the best. This feature was even better than I remembered, as Wiz had not rested on their laurels and had continually improved over time! It has helped me get to zero critical issues in less than 6 months with the issue prioritisation and clear remedial steps which I can share with the teams responsible. No excuse for not having a well refined Jira, or not knowing what we really asking for - the details are in the language of the remediator, spoon-fed by Wiz!
Now, we use it all the time to proactively monitor our systems, look for config or vulnerabilities, and whenever I see a new Critical or High issue we immediately jump on it to triage. This means we have got managing Critical config issues down to similar remediation timelines as a Critical security incident and indeed in most cases we treat them almost identically (urgent conf calls, drop tools and huddle to fix etc.).
When it came to implementing Wiz, it was simply as quick as hooking up to our Cloud instances, providing the access, and sitting back to watch the fireworks. During the implementation the support was outstanding, and Wiz spent so much time with us and our different teams showing them how to use it, how simple it was to integrate with other tools, how we could extend visibility to the max, how to interpret the results, get good report data to the right people etc.. This operationalisation help ensure Wiz was used by multiple teams - although I think there's always room for even more engagement internally.
After implementing the engagement didn't stop though, and we still have a regular call with our TAM who is always happy to demo to some new users, or to help tweak some settings or help with some report or other. I don't think we've ever found the limit of engagement and Wiz seems happy to provide whatever level of interaction we need to get where we want to go.
Now, we use it all the time to proactively monitor our systems, look for config or vulnerabilities, and whenever I see a new Critical or High issue we immediately jump on it to triage. This means we have got managing Critical config issues down to similar remediation timelines as a Critical security incident and indeed in most cases we treat them almost identically (urgent conf calls, drop tools and huddle to fix etc.).
When it came to implementing Wiz, it was simply as quick as hooking up to our Cloud instances, providing the access, and sitting back to watch the fireworks. During the implementation the support was outstanding, and Wiz spent so much time with us and our different teams showing them how to use it, how simple it was to integrate with other tools, how we could extend visibility to the max, how to interpret the results, get good report data to the right people etc.. This operationalisation help ensure Wiz was used by multiple teams - although I think there's always room for even more engagement internally.
After implementing the engagement didn't stop though, and we still have a regular call with our TAM who is always happy to demo to some new users, or to help tweak some settings or help with some report or other. I don't think we've ever found the limit of engagement and Wiz seems happy to provide whatever level of interaction we need to get where we want to go.
What do you dislike about the product?
Nothing to dislike, although of course I wish it could be cheaper :-)
What problems is the product solving and how is that benefiting you?
For us, it was that we have so many different cloud environments and flavours. By the nature of our service, we deliver stand-alone clouds, private clouds, different cloud vendors etc. for different products and regions and customers. This is complex and incredibly difficult to get an holistic view across them as CISO, let alone to prioritise and manage where the risks are across this disconnected landscape. Wiz pulls it all together into one window from which we can easily distribute the effort out to the teams responsible for those very different environments and provide a consistent level of detail and track in a consistent manner. This allows me to do a lot less chasing and a lot more governing. It simply makes the security team hugely more leveraged and able to span so much more than without. I can't even imagine how we'd do that without Wiz, and we'd be in a much less secure state, less able to identify and respond to immediate risks (config and vuln issues). Wiz solves this very thoroughly.
showing 11 - 20