I use Wiz for visibility, cloud visibility, and inventory. We will be using it for prioritizing toxic combinations like risk analysis or vulnerability management and compliance and governments.
External reviews
783 reviews
from
and
External reviews are not included in the AWS star rating for the product.
Helpful Dashboards and Clear Resource Categorization for Faster Troubleshooting
What do you like best about the product?
Dashboards and how resources are being categorized for easy troubleshooting.
What do you dislike about the product?
The MITTR dashboard needs more work to be comprehensive especially on the Executive overview.
What problems is the product solving and how is that benefiting you?
It gives us the overview of our environment and every resources. Easy to track issues down to the source and providing a remediation steps which can be automated.
Wiz Overview Review
What do you like best about the product?
I love that we can bring in connectors for all our repos and also tie it into our SIEM. The onboarding is very helpful with managing tasks that need to be done and the platform is very user friendly.
What do you dislike about the product?
Nothing comes to mind at the moment.....
What problems is the product solving and how is that benefiting you?
It is providing us oversight into our attack surface across our 3rd party applications and in house as well. The dashboards are very informational and provides a lot of good information for tracking and resolving issues.
Cloud risks have been prioritized and investigations are now faster with automated visibility
What is our primary use case?
What is most valuable?
The best features in Wiz are visibility and the security graph, which is one of the main core components of Wiz. Instead of flat results, Wiz builds a digital twin of your entire cloud environment such as AWS and Azure. A site scanning option is also available. One of the main features is automated compliance mapping in Wiz.
As a security analyst, I would say automated compliance mapping is one of the important features because many companies do not actually know everything they have running in the cloud. Wiz provides a single pane of glass to see shadow IT, discovering any forgotten database or server created by developers during unmonitored periods. Multi-cloud management allows seeing assets across different providers, such as AWS and Azure, and maintaining a real-time list of virtual machines, serverless functions, buckets, and containers.
Wiz is a full-scale cloud detection and response platform. Agentless scanning is taking a high-resolution photo of your house once an hour to check for unlocked windows. Runtime is having a motion-activated security camera or a guard on site for twenty-four seven. Unlike other traditional agents that slow down servers, Wiz uses extended Berkeley Packet Filter, which is one of the major key features. It is incredibly lightweight and provides deep visibility into containers and Kubernetes nodes, where agentless snapshots might miss live execution details compared to the previous tool I have worked with.
The security graph takes you to zero through the toxic combination filter, which is the fastest way to clear the queue by focusing on the security graph and its logic with a high CVSS score, vulnerability that is exposed and has server identity that can reach sensitive data. Resolving those specific combinations first means that once the path is broken, for example by closing a port or stripping a permission, the issue moves to zero. To automate that remediation and keep the queue at zero, you cannot rely on manual clicks, so you can set up automation rules that automatically resolve critical issues in Jira or ServiceNow. Serverless cleanup will trigger a Lambda function to automatically remove any permissive IAM role and quarantine any suspicious container the moment Wiz detects it.
Wiz reduces alert fatigue. Unlike traditional scanners, Wiz uses a security graph to filter out the noise. Time to value is achieved through agentless deployment. Wiz connects via API rather than requiring software installation on every server. It provides one hundred percent visibility in minutes, which is one of the key benefits.
For time saving, I have reduced around forty to fifty percent time reduction in investigation by using the Security Graph to show exactly how an attacker could reach a database. That almost saves seventy percent of my time. Instead of manually tracking, which would take much time, it saves overall around forty to fifty percent. The alert volume will decrease almost eighty to ninety percent. SLA issues are also addressed. While using this, I do not have to be afraid of facing any SLA issues since it will reduce almost all the backlogs, ensuring all the critical vulnerabilities are fixed within their required policy window. For cost saving, replacing several point solutions with one platform is absolutely cost saving compared to many other products in the market.
What needs improvement?
Everything Wiz has in place is good enough to analyze things.
Nothing has to be added in the future.
The alert fatigue zero issues and priority-based consolidation security graph and anything that has in it easily make it rate eight, including its customer service and support team service. Two percent would be that the loading time is taking a bit longer while loading the graph, and while navigating to other links, that is also taking some time. That is why I am giving it an eight instead of a ten.
For how long have I used the solution?
I have been working with Wiz for almost five years.
What do I think about the stability of the solution?
I have not faced any stability issues during my use of Wiz.
What do I think about the scalability of the solution?
I have not experienced any scalability issues.
How are customer service and support?
The customer support in Wiz is really good. They are super quick to answer the queries that I am facing or any kind of issues that I am facing. They are responsive over time. The onboarding was easy and smooth.
The support team is really helpful, and whenever I raise any kind of ticket about issues I am facing, they will immediately respond to it.
How would you rate customer service and support?
Positive
How was the initial setup?
It was easy while onboarding Wiz.
What about the implementation team?
Wiz was purchased from the same marketplace. I did not buy it from a different place.
What was our ROI?
Wiz is absolutely cost-effective.
What's my experience with pricing, setup cost, and licensing?
The setup cost is somewhere around twenty-four thousand dollars based on your organization's size.
What other advice do I have?
Wiz does consolidate the issue and the priorities and the containers. I would recommend Wiz because of its time-saving ability. You can almost see what are the criticalities that are there and the consolidation feature that is also there in Wiz. Majorly, the security graph will give you a deep information to analyze things in a much better way.
Traditional scanners and other tools do not treat every vulnerability as a priority. Wiz has the security graph to filter out the noise and by only surfacing toxic combinations, security teams can stop chasing thousands of low-risk patches and focus on the few that actually matter. It allows a small security team to manage a massive complex cloud environment without hiring dozens of additional users to look into it.
For any organization who want to think of moving to Wiz, the Security Graph feature is amazing and awesome. It will give you deeper information than any other tools does. That is the main thing to consider. Overall, I rate this product an eight.
Which deployment model are you using for this solution?
Hybrid Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Amazon Web Services (AWS)
Very Capable APIs and complete product
What do you like best about the product?
The APIs of the product are very capable.
What do you dislike about the product?
There are some inconsistencies in the behaviours of Wiz Code scans, for example, I do not see the same results from performing an IaC scan via wiz cli and having Wiz scan for itself. One can also get overwhelmed by the amount of side popups.
What problems is the product solving and how is that benefiting you?
I'm actively using Wiz Code and it is covering most of the traditional scan methods that an Application Security program does with just the Wiz Code product.
Easy Investigations with a Feature-Rich Toolkit
What do you like best about the product?
Easy investigation and quick releases of new features.
What do you dislike about the product?
All is good in the product, the cost is high
What problems is the product solving and how is that benefiting you?
Provide clear priority between issues and find issues, provide CSPM
Cloud security has unified multi-cloud visibility and simplifies vulnerability management
What is our primary use case?
I have been using Wiz for approximately three years in my career. Our first use case is Cloud Security Posture Management. We needed that because we are a multi-cloud company. We have most of our infrastructure in AWS, but we also have some in Azure and some in GCP. So we needed a CSPM to cover all three environments.
What is most valuable?
The feature I appreciate most about Wiz as a CSPM is the vulnerability detection and misconfiguration identification. It helps us to ensure that we know if there are misconfigured cloud workloads and what those are, as well as if there are vulnerabilities. That is one of the key value adds for us.
What we have done is create a tool that is not just a security tool but is actually used by other teams. We have created dashboards for other teams, for product teams who are developing code. They can see their assets, or our cloud team or other teams that own different assets can view their own team's vulnerabilities and misconfigurations through per-team dashboards.
For us, the value add when considering Wiz is that I would rather consolidate under fewer tools to get to a platform. This allows for alerts, administration, and dashboards to all be under one platform, simplifying the environment. It makes operations easier and ultimately enhances our ability to use the platform more effectively.
What needs improvement?
Wiz allows us to consolidate tools, particularly in vulnerability management. We used to use a technology called Tenable to do our vulnerability scans, not just on-prem but in the cloud, and we replaced Tenable with Wiz's capabilities as well as the capabilities of an endpoint protection technology we use called CrowdStrike.
Regarding scalability, we have connected to all our cloud accounts and have never had any capacity or performance issues, so scalability really has not been a topic of conversation for us because we have never had any issues.
I have contacted customer support for Wiz. They are aware of our discussions about it. We have talked about it during our quarterly business reviews.
What do I think about the stability of the solution?
I have never seen any instability with Wiz, such as lagging, crashing, or downtime.
What do I think about the scalability of the solution?
We have connected to all our cloud accounts and have never had any capacity or performance issues, so scalability really has not been a topic of conversation for us because we have never had any issues.
How are customer service and support?
I have contacted customer support for Wiz. They are aware of our discussions about it. We have talked about it during our quarterly business reviews.
I am a few steps removed from the details about the support quality and speed, but my impression through the team and talking with the account team directly is that when we raise issues, they are addressed thoughtfully, professionally, and quickly. I do not think there have been any lingering support issues we have had. We have also surfaced feature requests or changes, and they have implemented those and rolled those out within a few weeks. Wiz does a good job of listening to the feedback of their customers and using that to help shape the platform.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
I have not used any alternatives to Wiz. Wiz was our choice; although we evaluated different technologies when we were looking for a CSPM, we went with Wiz, so we went from nothing to Wiz.
How was the initial setup?
The initial deployment of Wiz was easy from my point of view. Essentially, once we connected Wiz to our AWS account, all the data starts to flow in and telemetry on our cloud assets, any vulnerabilities, and misconfigurations. So the dashboards light up with red, yellow, and green indicators. After deciding to go with Wiz, our proof of concept ended up becoming our production implementation, and we just expanded Wiz to more accounts, then to Azure and GCP. So it was very easy.
What about the implementation team?
I do not know exactly how long it took to fully deploy to a working condition because it has been so long ago, but I will say that getting the visibility was in a matter of weeks to connect the accounts, probably within a week. Then it was a few months to build some of the dashboards and operationalize what we were seeing.
What other advice do I have?
Feature-wise, I cannot tell you that it is a bit expensive compared to its peers, but I do think the premium is worth it. One of the things that Wiz has done well is that there are no agents for the CSPM, at least from what we are doing. It is very easy to roll out, easy to configure, maintain, and generally it does what it says it does with few issues. We had more overhead and more issues with other competing CSPM platforms.
From the team standpoint, I do not think Wiz requires much maintenance on our end because it is all cloud-based and Wiz does a great job of providing almost weekly updates. The ongoing maintenance itself of Wiz is low. We do have integrations which require some care and feeding. We have an integration with ServiceNow, but Wiz's ServiceNow integration is not the best. I have been told there have been issues getting the data out of Wiz and plugged into ServiceNow effectively, so that has taken a little bit more attention.
We are working on achieving zero criticals in our issue queues with Wiz. It has helped us gain visibility into our critical issues, but we still have a few dozen left to work through. A lot of that actually has to do with some older infrastructure and workloads that applications use. So we have some application migrations in the works, but we have not quite got to the zero critical status.
I would rate this review as a 9 overall.
Which deployment model are you using for this solution?
Public Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Amazon Web Services (AWS)
Improved our security posture thanks to comprehensive visibility
What is our primary use case?
We are delighted to have Wiz Cloud revealing our cloud security posture across our development, QA and production systems for both Azure and AWS. We share access to the results widely with our technical staff. It's great that Wiz permits unlimited user accounts. Our professional services and support can use Wiz to demonstrate to individual customers the security posture of the systems we are hosting for them.
Mika, the built-in AI, is easy to use. The query creation is intuitive.
How has it helped my organization?
The attack surface findings initially revealed numerous vulnerable systems. Upon investigation we learned that 100% of them were stale DNS entries. We deleted those but this gave us confidence that our security posture is better than the general industry. If we were to have a vulnerable system, we're confident that Wiz will quickly surface the finding.
What is most valuable?
To someone who is looking at buying Wiz but concerned they already have too many products that give them a lot of alerts, the overview dashboard does a great job of raising the issues that matter. It intelligently filters the signal from the noise. Interns on our team were immediately as productive with Wiz as experienced security experts.
Wiz allowed us to cancel two other tools with noticeably superior results.
What needs improvement?
Our Technical Account Manager set up weekly meetings, but we have switched it to monthly. We dove into self-training with Wiz Academy so there wasn't much value for us in the meetings. Anytime we need something, we open a support ticket and they are responsive.
For how long have I used the solution?
We acquired Wiz Cloud in September, 4 months ago.
What do I think about the stability of the solution?
As for stability, we have seen some issues where our results changed radically from one day to the next, but we had not made radical changes, so we opened a case with support. It didn't cause us any downtime.
What do I think about the scalability of the solution?
Scalability is not an issue for us because we have a constant load. It quickly took on our substantially large workload.
How are customer service and support?
I have contacted Wiz technical support frequently.
The support is excellent. We contact via an in-application portal. We can see the support cases we personally open, and also the cases that other people have opened from our company. I appreciate that feature. Generally, support gets back to us within a few days with a good answer. There was one fellow in particular who has been knocking it out of the park. He is a great support person to deal with. We are happy with the support experience.
If I were to put Wiz support on a scale from one to ten, I would give them a ten.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
Wiz distinguished itself immediately in the PoC, surfacing important issues that were entirely missed by both the products we were already using and other CNAPP's that we tested. We dropped both products.
For configuration management we had been using another product that we were happy with that was much cheaper, but it did not do any of the other things Wiz does. We also had what was formerly a leading CNAPP that was priced similar to Wiz, but the support and upgrades declined rapidly. In head to head comparison Wiz stood out as the superior solution.
How was the initial setup?
The initial deployment of Wiz was super easy. It only took a few hours, so we were getting results the next day. There are still a few minor settings that Wiz scripts don't handle so we have to manually apply and then we will be fully deployed.
What about the implementation team?
What was our ROI?
Quickly identified around $40K in unneeded annual expenses that we were able to drop.
What's my experience with pricing, setup cost, and licensing?
Wiz is expensive, but it offers good value for the money.
What other advice do I have?
I feel confident that we are learning of the issues that matter. I rate Wiz nine out of ten.
Cloud security Swiss army knife
What do you like best about the product?
In-depth cloud asset configuration visibility, code-to-cloud capabilities, vulnerability management, ITSM tool integration, trends and reporting dashboards.
What do you dislike about the product?
Menus are sometimes cluttered, findings can get overwhelming and you would need good prioritization procedures, naming conventions are a bit difficult to explain to security auditors looking for overall vulnerabilities in a system (between findings and issues)
What problems is the product solving and how is that benefiting you?
Cloud vulnerability management
Cloud security has improved and detects vulnerabilities across multi-account environments
What is our primary use case?
Wiz serves as our enterprise tool for securing our cloud platform. We use AWS as our cloud platform and have Wiz integrated across multiple accounts for IT, engineering, and other departments. Within IT itself, we have different environments including development, production, and stage accounts. In every account, we have Wiz integrated and use policies based on the environment. For example, the dev environment has a less secure policy while production has a high-security policy. Technically, we use Wiz for securing our cloud platform.
What is most valuable?
The best feature of Wiz is the ability to detect any security violations across multi-cloud platforms and the ability to integrate for creating security incidents and vulnerability incidents. It works very well for scanning the environment, detecting vulnerabilities, and reporting them based on our requirements. It can generate reports via email or create ServiceNow incidents. It has helped me identify threats more easily. When it comes to the Kubernetes cluster, we do not have any other option for detecting vulnerabilities. This is the only way we observe our Kubernetes clusters to determine whether they are secured or not. Regarding speed, I cannot compare it with other solutions, but so far, we are happy with the way it works.
Wiz has improved our business in many ways. While I do not know in numbers how it has helped the business gain more profit, as a technical expert and part of our IT architect team, I would say Wiz has helped tremendously to secure our cloud platform. There were many security vulnerabilities existing before we implemented this solution that were not at all in our attention because there was nothing to scan and report what was wrong. After implementing Wiz, it has helped significantly. There was a program for implementing high-security measures in our environment, and Wiz has contributed substantially to that program.
What needs improvement?
I feel there is a delay in detection, though I am uncertain whether this is due to our implementation disadvantage. Wiz can detect all the issues, threats, and security vulnerabilities, but the delay may be due to the time taken for running a scan because we have a 24-hour scan cycle. When I checked with the team, there was no on-demand scanning possibility. We still see improvement scopes in this area. It does the work, but we are not seeing the changes very fast. Once you get a threat and fix it, to see that fix reflected in Wiz, you have to wait 24 hours. That is something I am not happy with.
One improvement that I am looking for in Wiz is the capability for on-demand scanning. That should be available. Second, we should be able to see the fixes faster. Once a threat is detected and we apply the fix, we want to see that result updated in the dashboard or portal as soon as possible. If Wiz can detect it faster and update it in the portal, that would be beneficial.
For how long have I used the solution?
I have been using Wiz for more than two years, approximately two years and four months.
What do I think about the stability of the solution?
Regarding stability, it is stable. I would rate it nine out of ten.
What do I think about the scalability of the solution?
Regarding scalability, I would also rate it nine out of ten.
How are customer service and support?
I would rate the technical support of Wiz eight out of ten on a scale from one to ten, with ten being the best.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
When comparing Wiz with other software, I did not use any other software similar to Wiz for the same purpose. A similar tool was Qualys, but we used Qualys for a different use case. We used it for vulnerability scanning of our servers, not end-user devices. For securing or detecting threats from cloud accounts, I do not have any other tool that I am aware of. Qualys is another vulnerability management tool, but the use cases are different, so I do not have the expertise to compare.
How was the initial setup?
Deployment took approximately three months.
What about the implementation team?
From one to ten, with one being cheap and ten being expensive, I would rate the implementation cost a seven.
What was our ROI?
Wiz does require some maintenance.
What's my experience with pricing, setup cost, and licensing?
Wiz does require some maintenance.
Which other solutions did I evaluate?
My thoughts on the pricing of Wiz are that it is not cheap, but it is cost-efficient. From one to ten, with one being cheap and ten being expensive, I would rate it a seven.
What other advice do I have?
I would recommend Wiz to anyone. If anyone wants to secure their infrastructure, cloud environment, or Kubernetes cluster, I would strongly recommend Wiz as a tool because it is easy to use and user-friendly. It has tight integration with many tools out-of-the-box for sending alerts, creating emails, and creating incidents.
My advice to others looking to implement Wiz is that when you implement Wiz, if your hybrid environment is not managed properly, it will be difficult to implement. It is better to make some cleanup and ensure that the environment you are going to implement meets Wiz standards. If you do not take care of that and simply implement Wiz, you will encounter many issues being reported by the system. It is better to follow the prerequisite standards of your cloud account and then implement the solution. Otherwise, you will see many issues being reported.
Regarding whether Wiz has helped reduce alert fatigue, I do not have a definitive answer because we do not see that much decrease in the alerts. Initially, when we implemented Wiz, since we were not using any tool like that before, there were too many alerts. Because it was the first implementation, it started sending too many alerts. Later on, the alerts decreased, but this decrease was not because of Wiz itself. Rather, it was because we implemented security fixes wherever Wiz reported threats or vulnerabilities. That is how the number of alerts got reduced. I feel we can also customize the Wiz policy to reduce the number of alerts, but I am not at that level here, so I do not have that expertise.
My overall rating for this solution is eight out of ten.
Effortless Adoption and Prioritization Across Teams
What do you like best about the product?
I appreciate the ease of use, the ability to prioritize tasks, and the clear communication regarding issues. Additionally, I have noticed how quickly it has been adopted by various teams.
What do you dislike about the product?
The only aspect that left me disappointed was the transition from the previous "all in" licensing model to a pricing structure based more on specific features or workloads.
What problems is the product solving and how is that benefiting you?
Wiz helped us take enormous amounts of data about our systems, and turn it into actionable insights. Acting on those insights has generated tangible improvements in our security and responsiveness as new risks emerge.
showing 1 - 10