Reviews from AWS Marketplace
0 AWS reviews
-
5 star0
-
4 star0
-
3 star0
-
2 star0
-
1 star0
External reviews
External reviews are not included in the AWS star rating for the product.
Wiz platform is a great way to be secure and get knowledge about your environment.
What do you like best about the product?
The most helpful is that you can collect data, the "Threat Center" for example is such a useful tab!
The qualities I appreciate are that I can see if we are exposed to attack.
Actually, I didn’t have a chance to use another platform.
The qualities I appreciate are that I can see if we are exposed to attack.
Actually, I didn’t have a chance to use another platform.
What do you dislike about the product?
I think that the downside is that, at first, it can seem a bit complicated platform.
What problems is the product solving and how is that benefiting you?
So wiz is constantly scanning our cloud so we can be protected and be aware of malicious activity, that is the main issue that wiz solving for me and my security team.
- Leave a Comment |
- Mark review as helpful
Cloud Security Made Easy
What do you like best about the product?
Wiz has one of the best onboarding experiences I've used in a cloud security product. Onboarding AWS accounts can be done in minutes and does not require the installation or management of any infrastructure agents.
What do you dislike about the product?
We've had some issues getting the Jira integration to work how we want it with labeling issues dynamically based on the controls in place. That being said our account managers have been very helpful in getting it figured it ou.
What problems is the product solving and how is that benefiting you?
AWS cloud security oversight, we had multiple accounts and no security team to start with so we were stretched thin. Wiz replaced the need to hire a full time engineer purely for building and running tooling for providing ongoing security observability on our AWS infrastructure.
Wiz, as a solution and from a customer support experience, has exceeded our expectations.
What do you like best about the product?
Ease of deployment is the first thing that comes to mind. Second, the information produced by Wiz quickly turns into actionable data.
What do you dislike about the product?
So far, there is no significant downside to Wiz.
What problems is the product solving and how is that benefiting you?
Visibility into our Cloud environment and ability to ascertain 'real' security risks that coincide with the native security services from our CSP.
Great, multi cloud CSPM. Compliments and enriches our vulnerability visibility.
What do you like best about the product?
The interface is really nice and integrates with our other systems (Kenna, SIEM, etc)
Love that we can deploy this across AWS, as well as GCP and Azure.
Any SaaS company that doesn't have SSO is doomed to fail. Like that we can put it behind our Okta.
Love that we can deploy this across AWS, as well as GCP and Azure.
Any SaaS company that doesn't have SSO is doomed to fail. Like that we can put it behind our Okta.
What do you dislike about the product?
We recently that a few critical CVE/CVSS vulnerabilities and we had to enable some things that weren't turned on out-of-the-box. We didn't know that these were turned off until we scanned systems we knew had it and had to dig through docs to see why.
UPDATE: We recently discovered when Log4J was released that Wiz DOES NOT SCAN CRITICAL DIRECTORIES. What do I mean by this?
It will not scan key directories like /etc /bin /opt /lib /var.
When we were responding to the incident and scanning our infrastructure for Log4j, it came back negative, but we knew we had several Java applets and servers running it. Turns out, Wiz wasn't scanning linux directories where Log4j OR MOST MALWARE would run from.
We've experienced mostly good reviews, but once we identified these exclusions, we had slower responses and reporting from our various systems.
UPDATE: We recently discovered when Log4J was released that Wiz DOES NOT SCAN CRITICAL DIRECTORIES. What do I mean by this?
It will not scan key directories like /etc /bin /opt /lib /var.
When we were responding to the incident and scanning our infrastructure for Log4j, it came back negative, but we knew we had several Java applets and servers running it. Turns out, Wiz wasn't scanning linux directories where Log4j OR MOST MALWARE would run from.
We've experienced mostly good reviews, but once we identified these exclusions, we had slower responses and reporting from our various systems.
What problems is the product solving and how is that benefiting you?
Biggest problem Wiz is solving for us as getting consistent configuration management and vulnerability data across hundreds of AWS accounts as well as some GCP accounts from merger and acquisitions.
Completely redefining 'Cloud Security Posture Management'
What do you like best about the product?
Wiz is a game changer for security teams looking to accelerate their mean time to response for virtually any issue in the cloud. Utilizing mulitple criteria in prioritizing alerts (such as critical vulnerability AND public exposure), highlighting things like plaintext keys, identifying overly permissive roles and service accounts - all potentially in the same set of alerts - was not something we found in any other CSPM we demo'd. Likewise, other tools we used had some visualization capability, but not anything to the extent of Wiz's Security Graph. I think something that isn't talked about enough with the strength of Wiz's visualization is how much easier it makes investigations for analysts of all experience levels. We had several new analysts join our team this year and they were able to feel like they could make a near immediate impact in our cloud environment due to how easy Wiz made it for them to digest and understand the data. I'm not talking about the alert itself, but the context around the alert: the compromise paths, routes out to the greater internet, etc. Visualization is such a huge learning aid and makes it so easy to react almost instantaneously to findings.
What do you dislike about the product?
Not necessarily a downside, but I believe this is an opportunity for Wiz to market its ability to fill an additional gap.
Vulnerability management, at least in AWS, is a bit cumbersome. Before Wiz, we believed we had two options: a third-party vuln scanning platform or an AWS Inspector. Extending our on-prem scanning platform would be way too labor intensive to deploy and administrate. It would require a VM within each AWS OU with authentication privileges to the EC2s in the environment and would not even give us visibility into ECS or EKS. Using AWS Inspector would require the deployment of the systems manager agent across all EC2s. Because Wiz requires no insalled or deployed hardware, I think Wiz could make an excellent vulnerability management tool on top of everything else it does. Unfortunately, we do not use it today because there isn't a way to carve out vulnerabilities at a more granular level or prioritize them beyond Wiz's out-of-the-box rankings. There are plenty of companies, like ours, who are transitioning from on-prem to cloud and with that our development teams are still maturing their practices to align with AWS best practices, like regularly updating the images, checking for updates and calling the newest version of an image during a deployment. And while this maturation is happening it would be great to have Wiz to use for vuln management over deploying an archaic vulnerability scanner tool or being forced to use AWS Inspector.
Vulnerability management, at least in AWS, is a bit cumbersome. Before Wiz, we believed we had two options: a third-party vuln scanning platform or an AWS Inspector. Extending our on-prem scanning platform would be way too labor intensive to deploy and administrate. It would require a VM within each AWS OU with authentication privileges to the EC2s in the environment and would not even give us visibility into ECS or EKS. Using AWS Inspector would require the deployment of the systems manager agent across all EC2s. Because Wiz requires no insalled or deployed hardware, I think Wiz could make an excellent vulnerability management tool on top of everything else it does. Unfortunately, we do not use it today because there isn't a way to carve out vulnerabilities at a more granular level or prioritize them beyond Wiz's out-of-the-box rankings. There are plenty of companies, like ours, who are transitioning from on-prem to cloud and with that our development teams are still maturing their practices to align with AWS best practices, like regularly updating the images, checking for updates and calling the newest version of an image during a deployment. And while this maturation is happening it would be great to have Wiz to use for vuln management over deploying an archaic vulnerability scanner tool or being forced to use AWS Inspector.
What problems is the product solving and how is that benefiting you?
The bigger question is what problem does Wiz not solve? It allows us a greater visibility into our resource configurations, vulnerability posture, network configurations, identities and roles, all without having to deploy a single thing. I manage the security operations team, but Wiz makes it easy for our compliance team to check IAM roles, look up compliance against different standards like ISO and CIS. Our AppSec team uses it too to see ingress paths. We even have our architecture teams with access so that they can perform searches using the Security Graph.
Best Security Tool I ever evaluated
What do you like best about the product?
The User Interface is VERY intuitive and includes a dark mode! The daily alerts feed is also VERY useful.
What do you dislike about the product?
I would like to see a more robust mechanism for dispatching and tracking remediation efforts.
What problems is the product solving and how is that benefiting you?
Wiz provides excellent visibility with minimal to zero impact due to their agentless (full API) approach.
Everything that you could ever desire in a CNAPP
What do you like best about the product?
The implementation of Wiz into an environment could not be any easier. We successfully implemented Wiz into all of our AWS accounts very quickly and easily. Wiz automatically picks up new accounts that are added to our AWS organization. This allows Wiz to begin swiftly discovering vulnerabilities, and misconfigurations, including those with unintended public exposure and much more. Wiz easily integrates into your CI/CD pipeline, allowing developers to identify and fix issues before they are pushed to production. The frequency that Wiz scans your cloud environments provides visibility into problems quickly. Once remediated, Wiz resolves issues automatically in the platform without interaction on behalf of the developers or InfoSec teams. Integration with an identity provider could not be easier using the documentation that Wiz has available to customers. All documentation is extensive, and Wiz support quickly assists with any questions. Wiz employees from our initial onboarding until now have been nothing short of stellar. I truly am amazed at what Wiz has accomplished in the past year since we have been a customer. Evidence mapping of findings by Wiz detailing the path of exposure is also quite impressive. The quick work by the Wiz team to release new controls when a high-priority vulnerability is released is outstanding. I could go on and on, but the best advice I can give is to try Wiz for yourself. You will not be disappointed!
What do you dislike about the product?
I have nothing negative to say about a company that hasn't yet turned three years old. The capabilities of the Wiz are outstanding. The user interface is everything I would want it to be and more. Any issues I have/would like to be fixed were either already identified or quickly prioritized to make me happy as a customer.
What problems is the product solving and how is that benefiting you?
Wiz is a one-stop shop for identifying any problems within our cloud environments. The dashboards provided out of the box by Wiz are nothing short of amazing. Do you want to know what assets are accessible from the Internet via ssh or RDP? Wiz has a panel on the dashboard for that. Want to know about sensitive data exposure? Wiz can do that too. External exposure, vulnerability management, malware detection, container security, key management, and so much more is at your fingertips with Wiz. The visibility that it provides cannot be expressed enough. This visibility has and will continue to help improve our security posture in the cloud. Wiz truly is a game changer in the world of cloud security.
Wiz makes us look like wizards!
What do you like best about the product?
Wiz provides comprehensive security monitoring for multiple cloud environments, giving you a single pane of glass from which to assess and address risk.
What do you dislike about the product?
Wiz can be expensive if you have large cloud workloads.
What problems is the product solving and how is that benefiting you?
Wiz allows consolidation of risk to promote appropriate and timely prioritization in response.
Wiz was very easy to deploy and integrate into our security operations.
What do you like best about the product?
The ease of the initial integration with multiple cloud services made it great for us to centralize findings for our entire cloud deployment. The Wiz deployment was much easier than our initial Rapid7 product deployment. It was much easier to understand the risks and issues we had in our deployments.
What do you dislike about the product?
The pre-Amazon Cognito integration for our SSO provider did not support IdP initiated logins. This issue has been recently removed, and very welcome to help our internal adoption numbers. A nice to have would be an integration into popular SaaS services (Salesforce, GitHub, Atlassian suite, M365) to assess their posture/configurations for our organization. "SSPM".
What problems is the product solving and how is that benefiting you?
Wiz is enabling our development teams to deploy their own infrastructure in our cloud services while adhering to our security standards and frameworks. We are more assured that what we are doing with our cloud services are secured to our comfort level while allowing the business to deploy new services continuously.
An Exceptional tool for cloud security
What do you like best about the product?
I can't describe how deep Wiz goes about finding security issues. All the alerts are genuine, and the false positive rate is very low. It covers all the aspects of cloud security. Also, it helps with finding vulnerabilities and provides an easy fix.
What do you dislike about the product?
There is nothing to dislike about Wiz. I recommend that if it can provide an option to automate the process of remediating vulnerabilities or other security issues by integrating with ticking tools like Jira, it will make our task much more accessible.
What problems is the product solving and how is that benefiting you?
Wiz is an excellent tool for analyzing cloud security issues. I liked that Wiz gives the link to jump to the affected resource; that makes our remediation process a bit quicker.
showing 391 - 400