Wiz OverviewUNIXBusinessApplication

Wiz is the #1 ranked solution in top DSPM- Data Security Posture Management tools, #9 ranked solution in top Cloud-Native Application Protection Platforms (CNAPP) tools, #14 ranked solution in Container Security Solutions, #15 ranked solution in top Cloud Security Posture Management (CSPM) tools, #17 ranked solution in top Vulnerability Management tools, and #19 ranked solution in Cloud Workload Protection Platforms. PeerSpot users give Wiz an average rating of 9.0 out of 10. Wiz is most commonly compared to Orca Security: Wiz vs Orca Security. Wiz is popular among the large enterprise segment, accounting for 63% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a computer software company, accounting for 17% of all views.
Buyer's Guide

Download the Vulnerability Management Buyer's Guide including reviews and more. Updated: November 2022

What is Wiz?

Wiz is reinventing cloud security from the inside out.

We’re on a mission to help organizations effectively reduce risks in their Cloud and Kubernetes environments. Purpose-built for the unique complexities of multi-environment, multi-workload, and multi-project cloud estates, Wiz automatically correlates the critical risk factors to deliver actionable insights that don't waste time.

Wiz connects in minutes using a 100% API-based approach that scans both platform configurations and inside every workload. Our full security stack context surfaces the toxic combinations that show the attackers’ view to a breach. Security and development teams use Wiz workflows to proactively remove risks and prevent them from becoming breaches.

Get a demo | Wiz

Wiz Customers

Wiz is the fastest growing software company ever - $100M ARR in 18 months: Wiz becomes the fastest-growing software company ever | Wiz Blog 

Discover why companies, including Salesforce, Morgan Stanley, Fox, and Bridgewater choose Wiz as their cloud security partner. Read their success stories here: Customers | Wiz

Wiz Video

Wiz Pricing Advice

What users are saying about Wiz pricing:
"The pricing seems pretty simple. We don't have to do a lot of calculations to figure out what the components are. They do it by enabling specific features, either basics or advanced, which makes it easy to select."

Wiz Reviews

Filter by:
Filter Reviews
Industry
Loading...
Filter Unavailable
Company Size
Loading...
Filter Unavailable
Job Level
Loading...
Filter Unavailable
Rating
Loading...
Filter Unavailable
Considered
Loading...
Filter Unavailable
Order by:
Loading...
  • Date
  • Highest Rating
  • Lowest Rating
  • Review Length
Search:
Showingreviews based on the current filters. Reset all filters
CyberSecurity Sr Manager at a retailer with 10,001+ employees
Real User
Multiple features help us prioritize remediation, and agentless implementation reduces overhead
Pros and Cons
  • "Out of all the features, the one item that has been most valuable is the fact that Wiz puts into context all the pieces that create an issue, and applies a particular risk evaluation that helps us prioritize when we need to address a misconfiguration, vulnerability, or any issue that would put our environment into risk."
  • "We wish there were a way, beyond providing visibility and automated remediation, to wait on a given remediation, due to a critical aspect, such as the cost associated with a particular upgrade... We would like to see preventive controls that can be applied through Wiz to protect against vulnerabilities that we're not going to be able to remediate immediately."

What is our primary use case?

Most of our use cases are within cloud security posture management, in which we identify misconfigurations and any type of what they call "toxic combinations" of risk and vulnerabilities that are affecting our cloud deployments.

How has it helped my organization?

We don't consider Wiz just a cyber security tool. What we have done is opened up the visibility to our cloud users. Now, our cloud users are able to see for themselves what is affecting their assets. It helps enable a shared model of responsibility for security. With the visibility that Wiz enables, our users are no longer receiving a report in the form of a spreadsheet. They're able to quickly see and navigate, and drill into anything, if they need to, to see what is affecting their environments. 

Now that we have given them visibility into what's running in production, through some of the capabilities available in Wiz, we are investing in how we can shift things and identify some of those issues earlier in the pipeline so that they don't have to worry about things after going to production.

In addition, the fact that Wiz is agentless and that it's leveraging APIs to give us visibility at the organizational or the account level, are factors that have definitely reduced some of the overhead that come with other technologies that use agents to attain the same results.

Another benefit is that it consolidates tools. We now have one tool that is capable of giving us vulnerabilities, not just on modern services or cloud-ready services, but also on traditional instances in which we would have been using an agent to be able to pull the information we need. The fact that Wiz is agentless and is capable of looking at traditional compute as well as modern compute has reduced the need for additional tools that are agent-based.

What is most valuable?

Out of all the features, the one item that has been most valuable is the fact that Wiz puts into context all the pieces that create an issue, and applies a particular risk evaluation that helps us prioritize when we need to address a misconfiguration, vulnerability, or any issue that would put our environment into risk. The fact that it's able to reveal those toxic combinations has been really key for us in prioritizing what to fix first.

Having visibility with a contextual view for prioritizing potentially critical risks has been quite important. Especially in the cloud, it's no longer about applying a particular patch or applying particular updates to address a CVE. It's more about, for example, how a combination of a misconfiguration with the fact that it's externally facing allows us to prioritize that to be addressed first. There's a higher risk for an externally facing asset that has a vulnerability with, potentially, a service account that has high privileges. We're able to say, "Hey, we need to fix that first," and not worry so much about a compute engine that might be vulnerable, but is still protected by some other security controls that are in place. Knowing where we gain the most value, from a security perspective, and where we can reduce the most risk, has been a critical piece of our adoption of Wiz.

The solution's Security Graph has been key as well. One of the things that Wiz provides is out-of-the-box dashboards, but the Security Graph allows us to pinpoint things by creating custom reports to target specific vulnerabilities. We have multiple use cases in which we can target, for example 

  • a subscription ID that we are after, and that we are trying to prioritize for remediation
  • if a particular CVE is part of our environment. 

Through the Security Graph, we're able to quickly determine those types of things. It also enables us to start looking at our assets and our inventory. It's almost human-readable. I don't have to write any type of RQL code. Rather, it allows me to quickly select, through the UI, the pieces that I'm interested in and build a report or query for it.

In addition, the automated attack path analysis is one of the factors that we use when we're prioritizing where we should focus first in our remediation. Understanding any type of lateral movement within an attack path helps us determine the type of urgency involved, as we try to prioritize what to address first. It has been very important in detecting assets that we consider valuable and quickly identifying if they are well protected.

What needs improvement?

Something that we're starting to look into is identifying vulnerabilities for which we potentially need to delay the remediation. We wish there were a way, beyond providing visibility and automated remediation, to wait on a given remediation, due to a critical aspect, such as the cost associated with a particular upgrade. We don't have remediation prevention capabilities available through Wiz. We would like to see preventive controls that can be applied through Wiz to protect against vulnerabilities that we're not going to be able to remediate immediately.

Buyer's Guide
Vulnerability Management
November 2022
Find out what your peers are saying about Wiz, Orca Security, Lacework and others in Vulnerability Management. Updated: November 2022.
656,474 professionals have used our research since 2012.

For how long have I used the solution?

We've been using Wiz for about a year and a half.

What do I think about the stability of the solution?

It is pretty stable. We initially had some problems with timeouts, but they addressed them and the platform has been quite stable.

What do I think about the scalability of the solution?

We have not had any problems with being able to scale to meet our demands.

Which solution did I use previously and why did I switch?

We did not have a previous solution for the cloud.

How was the initial setup?

It was straightforward. We did it in partnership with Wiz.

We have it deployed across multiple public clouds and it's deployed at the organization level. All of our application teams and our 250-plus cloud users are able to see the data through Wiz.

We started with one FTE on Wiz and, since then, we have grown the team to three FTEs. 

In terms of maintenance, no solution is perfect. We have been able to identify issues on the platform and to engage support to either address the bugs and issues that we see, or to enable a feature enhancement for a particular use case.

What was our ROI?

We have seen ROI from Wiz and we continued to see value in Wiz. Although we have been using Wiz for close to two years, one of the key items that we are still driving is adoption. The more cloud users that adopt the tool, the more value we gain from it. We still continue to see value added. 

In terms of immediate benefits, the first major benefit was asset management. We got a better understanding of the type of workloads or services that were being run in our cloud. The second benefit was around vulnerabilities. Wiz quickly proved that a lot of our application teams were not following best practices related to patching. We were able to quickly tell a story: although you are using a modern service in the form of a container, you are not maintaining the container image in a way that prevents vulnerabilities.

One of the main values that we see is that as a SaaS platform, Wiz continues to deploy new features. As those new features are enabled, more value is being gained by us and by our community.

What's my experience with pricing, setup cost, and licensing?

I believe they're moving to a different licensing model. We are still grandfathered to the initial pricing models. What I do like is that the pricing seems pretty simple. We don't have to do a lot of calculations to figure out what the components are. They do it by enabling specific features, either basics or advanced, which makes it easy to select. But I'll have to see how the new pricing model will work for us.

Which other solutions did I evaluate?

We evaluated Aqua Cloud Security Posture Management, Prisma Cloud, and Orca Security. Wiz seems to be more user-friendly. It enables a user to quickly identify risks with minimal intervention. That was definitely a positive factor and a welcome one because it's less hands-on than some of the other tools.

Also, the fact that Wiz is able to see and contextualize multiple components or issues, provides a richer way of looking at risk. It takes into account not just a particular vulnerability that is CVE-driven, but also items like misconfigurations, over-privileged service accounts, and other factors that help us better prioritize our risk.

What other advice do I have?

Initially, there was unplanned work when our cloud owners saw the risks in their environments. But because we were prioritizing what needed to be fixed first, they were able to utilize existing staff resources to address those vulnerabilities. We were not just trying to patch or fix something that might be low risk. Rather, we were always trying to identify where our critical issues were and address those first.

If you're looking at Wiz but are concerned that your existing products already give you a lot of alerts, I would ask about your journey to the cloud and what you're focusing on. Are you mainly focusing on what I call CVEs and patching? Or are you looking into other areas like compliance and identity and access management pieces? If you are, then Wiz is definitely the right choice. It has to be driven based on that journey to the cloud. Visibility, once deployed, is one thing, and visibility prior to deployment is another thing. You should have a good understanding of what your requirements are and where you see the value of addressing any type of risk that is introduced into your environment.

Understand what is important to you. Are you more focused on the CSPM features that are available through Wiz? Are you more focused on cloud infrastructure entitlements that are available through Wiz? Are you looking to remove existing agents that could create overlap, and how does that fit into your roadmap? Understanding your requirements for the type of information that you want to see out of the tool is going to be critical to understanding your use cases, and how your community is engaged with those use cases, regardless of how easy the tool is to integrate. Those are factors that are going to be vital to your success.

Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Flag as inappropriate
PeerSpot user
Buyer's Guide
Download our free Vulnerability Management Report and find out what your peers are saying about Wiz, Orca Security, Lacework, and more!
Updated: November 2022
Buyer's Guide
Download our free Vulnerability Management Report and find out what your peers are saying about Wiz, Orca Security, Lacework, and more!