External reviews
External reviews are not included in the AWS star rating for the product.
Very easy to use, quickly visible value
Results are relevant
Wiz CNAPP
Streamlined cloud security integration with a powerful cloud-native application protection platform
What is our primary use case?
How has it helped my organization?
It has been user-friendly, and most of the integrations and configurations are straightforward.
What is most valuable?
Wiz is a very powerful product technologically. Our requirement is related to the CNAPP solution, which is a cloud-native application protection platform. It is user-friendly, and most of the integrations and configurations are straightforward.
What needs improvement?
I have not measured certain abilities on a scale yet. The ultimate value depends on the requirements of your organization.
For how long have I used the solution?
We are still in the midst of implementing Wiz. As such, we are still analyzing its behavior.
What do I think about the stability of the solution?
We are still analyzing its behavior as we are in the midst of the implementation.
How are customer service and support?
We still get support for at least a month by default after implementing any tool. As of now, everything is good.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
In the past, I worked with Check Point, specifically their firewall product and RaaS VeeTrail subproducts. I no longer use Check Point products as I switched my domain from network security to application security and cloud security.
How was the initial setup?
Since we are still in the midst of implementing the new solutions within our environment, it is a work in progress.
What about the implementation team?
We are currently onboarding resources and working to streamline the implementation of Wiz.
What's my experience with pricing, setup cost, and licensing?
This feedback is not based on much experience yet, as we have only conducted POV or POC.
Which other solutions did I evaluate?
We compared Wiz with other products, such as Orca and other industry standard solutions.
What other advice do I have?
I do not want my name or my organization's name to be reflected in any of the feedback provided.
I'd rate the solution eight out of ten.
Wiz - Incredibly Useful for a Comprehensive View of your cloud environment
*Breadth and Accuracy: Wiz is able to tie together disparate cloud presences in a complete way, allowing for easy querying across multiple environments
*Rapid Development: Wiz evolves quickly and new features appear rapidly
*Help Center: AI and up-to-date documentation are incredibly userful
*Integrations and Automations: The ability to tie event triggered automations to a myriad of systems out-of-the-box is extremely helpful.
*Flexibility: The ability to both see the logic and create/modify/suppress any check in the system is incredibly powerful.
*Licensing: Wiz moves rapidly, and sometimes features are shifted between licenses, meaning a feature in preview could be moved to a different license once GA'd, which has occasionally caused confusion and caught us off guard
Advanced security insights and comprehensive risk visibility across multi-cloud environments
What is our primary use case?
We use Wiz to monitor cloud security across Azure, Oracle OCI, and Google GCP cloud environments. With Wiz implementation we aim to eliminate the security team from security findings communication and triage and allow development, cloud and infrastructure teams direct access to security configuration findings - saving time for everyone involved.
The client has around over 2000 workloads in Azure, and more than 200 in Oracle OCI, as well as small cloud presence in Google GCP.
For the initial deployment, we aim to enable good visibility across all cloud platforms (width), as well as across different levels of visibility (depth) by employing CSPM, CIEM, DSPM, EASM, CDR and other capabilities offered by Wiz.
Going forward, we plan to implement cloud forensics feature, as well as integrate it into our CI/CD pipelines and code repositories for preventative capabilities.
How has it helped my organization?
The integration is still in its early stages, and I will continue to update this report as we move forward. That being said, everything has been excellent so far!
Wiz helped to detect multiple virtual machines in Azure and Oracle OCI cloud environments that had problems, including crypto-miners and malware. Furthermore, Google GCP usage in the company was discovered by Wiz, which the other two CNAPP tools we've tested have missed.
We also discovered credentials stored on the disk of a virtual machine in the test/dev environment, which could potentially provide access to parts of other cloud environments if compromised (allow lateral movement).
We can confidently say that we now see the full picture of risk across our cloud environments, including internet-exposed, vulnerable (unpatched) and misconfigured cloud assets, as well as sensitive data stored in those cloud assets.
We're currently going through the process of user onboarding to enable time savings for security team and streamline the time to take action to remediate the findings.
What is most valuable?
The time savings and the many moments of "if I was building a CNAPP, this is how I would do it" were where Wiz had already implemented what I wished for. Wiz also saves time by validating a network misconfiguration by not only looking at the cloud asset configuration but also by testing if a port that is stated to be open is actually open.
The Wiz product team recognises that the world doesn't revolve around Cyber Security teams. This is evident in their emphasis on providing clear and simple remediation advice and offering explanations of the alerts, making it easy for non-security team members to understand what’s happening and why. This was one of the key criteria why Wiz has been selected over the competitors.
My favourite is the EASM/External Exposure view and overall package - full risk visibility. It allows us to prioritize, and I mean truly prioritize, what should be addressed first. We can now see cloud workloads exposed to the internet in case of critical vulnerabilities, and if these workloads hold or can access sensitive data, we can act fast and patch these workloads first, and therefore reduce our overall risk exposure time.
Another favourite feature is the ability to give feedback and quickly raise a support case, as well as the comment option for each finding in Wiz web portal. It enables simple, yet effective collaboration between security, cloud, infrastructure and development teams.
What needs improvement?
It's too early to tell what can really be improved. However, we noticed some capabilities that were lacking, specifically ignoring some false-positive Issue findings. The good news - with the latest update, this has been resolved.
The built-in reports have room for improvement, especially the executive summary reports. However, this is compensated by the excellent Dashboards available in Wiz web portal.
Overall, nothing is majorly lacking, and so far, all issues we encountered have been addressed with a few outstanding ones that are pending for a feature release.
For how long have I used the solution?
I have been using this solution since June 2024.
With two main cloud platforms fully onboarded, the integration project is still ongoing.
What do I think about the stability of the solution?
The solution is very stable. We observed a case where some of the newly introduced built-in policies caused minor discrepancies in the alert count, but the Wiz support team promptly resolved the issue.
What do I think about the scalability of the solution?
So far, so good! No issues were observed in scalability.
How are customer service and support?
Support is excellent. We had 10 to 15 TAC cases open; most are addressed, and few that remain open have updates and a clear path towards resolution.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
Previously, I used Check Point's CloudGuard (while it was still called Dome9), Prisma Cloud by Palo Alto Networks, and Microsoft's Defender for Cloud (since 2020, when it was still called Azure Security Center). I have also tested Orca Security CNAPP solution in a PoC setting for about a month.
How was the initial setup?
The setup is straightforward. There were no issues with either cloud connector that I used (Azure, OCI and Kubernetes).
What about the implementation team?
I am a consultant working on this integration - HLD, LLD, integration itself, policy review/triage of findings, and user training/onboarding. The support team has been great! From sales to customer success - it has been a smooth ride.
What was our ROI?
The main ROI will be the time savings from not needing to write a basic remediation advisory for the dev team and then send/track it using email.
What's my experience with pricing, setup cost, and licensing?
The sizing script provided by Wiz is fairly accurate. The support team will help you accurately identify the licensing needs. We've done it, and it is spot-on.
Which other solutions did I evaluate?
We evaluated two other CNAPP solutions.
What other advice do I have?
So far, I really like the solution and the team supporting our integration.
While it's quite early for a full review, we already have the key parts functionality deployed, and I will be updating this review once the integration is finalized next year (code security for CI/CD, cloud incident response and forensics, and automation of preventative capabilities remains on our to-do list).
Disclaimer: I received a typical customer "swag" package (jumper, backpack, thermal cup) from Wiz, but I can confidently say it had no influence on the content of my review of the CNAPP solution.