Wiz Reviews

I have used Wiz for security findings, which includes dashboards with the main purpose of Cloud Security Posture Management. Wiz scans all cloud accounts to detect misconfigurations, open ports, publicly exposed resources, and weak IAM permissions. I also utilize it for vulnerability management, such as VMs, containers, serverless functions, and any IAM risky visibilities. I use Wiz for all these things as I work on these areas most of the time. Essentially, it is a cloud risk tool that prioritizes the most critical issues, allowing me to address high-yield issues quickly with the help of Wiz's architecture.

Achieving zero critical issues in Wiz means eliminating all critical severity securities across the cloud platform, which is a significant goal for our cloud security teams. I utilize the Risk Graph to identify real critical issues, prioritizing the resolution of public exposures and patching high and critical CVEs. I track OS-level and package vulnerabilities that need fixing, and sometimes when our OS isn't updated, it flags the errors. My processes involve patching libraries, upgrading AMIs, and removing secrets found in workloads, such as rotating keys for public IPs or un-updated software and databases. It is critical to implement least privilege measures for IAM risks, ensuring admin access is minimized. Moreover, I encrypt all storage and use tags to separate non-production issues according to different environments such as dev, stage, or prod. Utilizing Wiz projects, I segment teams such as network, platform, application, or DevOps so that each team handles their assigned issues, boosting closure speed. I also automate workflows through Jira to create tickets for critical exposures or IAM risks. Thus, achieving zero criticals in Wiz reflects my commitment to eradicating public exposures, patching critical vulnerabilities, and addressing IAM risks, ensuring I adhere to cloud best practices.

I love this interface because it is very clean, neat, and easy to understand. It includes the CNAPP and CSPM security features and extensively uses detection for vulnerabilities and misconfigurations. Everything is present on the dashboard. My personal interest lies in agentless scanning, which I consider the most powerful feature. The unique capability I can highlight is Attack Path Analysis, which identifies the exact path an attacker can exploit by correlating network exposure and any misconfigurations. Additionally, the unified Risk Graph is a very strong feature that helps teams find the most critical issues. I appreciate the accurate prioritization, which saves a great deal of time. Overall, Wiz provides a full CNAPP platform, encompassing CSPM, vulnerability management, IaC scanning, and more. I really appreciate these elements, and the dashboard is also very good.

I do not identify many areas for improvement, but I believe dashboard customization is somewhat limited. While the dashboards are quite good, the variety of widget types is restricted; I cannot fully customize colors or create complex multi-level dashboards. There is also alert noise in larger environments that generates duplicate alerts for the same issues under different categories. Furthermore, remediation automation is limited; Wiz suggests fixes but lacks auto-remediation for many issues. Compared to Prisma, the auto-resolve options are fewer. Although I have heard about deeper container and K8s scanning capabilities, I do not have a clear understanding of what that entails. I perceive that real-time cluster events are also somewhat limited. Regarding the reports, I face limitations in fully customizing PDF reports.

I have been using Wiz for more than eight months.

The setup for Wiz is a one-time configuration, similar to setups in ServiceNow or Ultimatics. This one-time setup ensures proper cloud integration, assessing the type of cloud account, the API permissions in place, and avoiding mistakes during the initial configuration. It highlights any missing requirements, such as IAM roles or permissions, and shows failed connections to allow for quick fixes. Agentless scanning is feasible, so this setup ensures proper configurations are in place. Additionally, it aids the administration in understanding what has been completed versus what remains pending. In summary, it guides onboarding tools to configure cloud accounts, permissions, and integrations accurately and prevents security visibility gaps while reducing onboarding errors.

The deployment time is not measured in days, weeks, or months; rather, it typically takes between five to ten minutes at most. IAM configurations and similar setups may take about two to three minutes.

When comparing Wiz with other solutions on the market, I note that my initial experience was with Prisma Cloud. Wiz stands out for its strengths, particularly in agentless scanning and graph-based risk prioritization, in addition to its comprehensive CNAPP capabilities and multi-cloud coverage. However, I recognize that certain areas, such as runtime threat detection and response, might be handled better by other vendors; while Wiz excels in posture and risk analysis, its runtime protection may not be as advanced as specialized tools designed for workload protection. Other tools might offer better capabilities for behavioral or anomaly detection, as Wiz may not capture the most subtle runtime issues. For instance, scanning public and private buckets requires waiting for scheduled scans or conducting manual scans, which can take significant time to yield updated records. While other vendors might possess better flexibility, the overall effectiveness depends heavily on data size and volume. I observe that legacy security vendor solutions offer mature enterprise support, while newer CNAPP solutions such as Wiz move rapidly but face trade-offs in large regulated enterprises. Overall, Wiz receives high ratings for its innovation and speed, which are great qualities despite some areas requiring improvement. So, in summary, I consider Wiz one of the strongest CNAPP platforms due to its agentless scanning architecture, making it lighter to deploy than competitors such as Prisma Cloud or Lacework. Nonetheless, organizations needing deep runtime protection or specialized identity entitlement management might want to explore other platforms, but I can definitely recommend Wiz for various needs.

For the dashboard itself, it is a very simple and clear function. I generally go to the dashboards to create and add widgets for vulnerability by severity, public exposure, or misconfigurations. I also include widgets such as graphs or tables based on my requirements. I utilize saved views for custom data, which filters the exact information I have in the dashboard, for example, all AWS EC2 instances with critical CVEs or public-facing VMs with secret keys. Multiple sections include critical compliance and posture scores, and I apply filters at the dashboard level too. Essentially, I have almost everything available in terms of customization. I simply need to understand how to use Wiz dashboard in conjunction with my project requirements. Although Wiz is a relatively new tool and I have only worked on a portion of its capabilities, I can refer to the documentation to successfully carry out the needed customizations.

I find the pricing to be cost-effective, as Wiz includes features that many other vendors lack. It seems reasonable when compared to alternatives. Overall, pricing can vary significantly based on Wiz's licensing of workloads, which depends on the number of VMs, containers, and functions I deploy. However, I can request volume-based discounts for larger deployments, especially if managing numerous workloads. Hence, I classify Wiz as cost-effective.

I notice that redeployment is generally very easy compared to other CNAPP tools because it is agentless. The agentless architecture permits multiple operations without the need for redeployment. I only need to connect to the cloud, set up scans, and ensure workload visibility, making the entire process straightforward.

The results from using Wiz have been quite positive; it effectively reduces alert fatigue within my organization. It is clearly a time-efficient solution, which enhances operational efficiency.

I indeed consolidate tools when using Wiz, effectively streamlining processes to enhance focus on critical risks. I would rate this solution a nine out of ten.

I use Wiz to secure code to cloud posture. We are using Wiz and also positioning Wiz to my customers, especially to protect their code environment, runtime environment like DevOps environment, and other code-related vulnerabilities in an automated way. Automating security processes is particularly helpful. We also provide CSPM and CNAPP ability to the customers.

I have created custom dashboards with Wiz for code-to-cloud scenarios, different scenarios, and for our whole infrastructure which is monitored through Wiz.

Wiz is very helpful to achieve a zero critical scenario. Wherever possible, it gives good insights and there is an ability to automate with AI scenarios. Their powerful AI engines also recommend best solutions to apply to identified vulnerabilities and identified gaps related to coding scenarios especially. It also suggests the best way to patch vulnerabilities and other related issues. This is really helpful.

Wiz is very effective and very advanced compared to other solutions. It is helpful to use and user-friendly from the customer's view. It is easy to use, easy to handle, and easy to customize for our scenarios especially.

Pricing in comparison to other solutions is good, but a little bit of discounting and flexibility if Wiz can offer to customers would be helpful. Training, vouchers, and certifications would help position this solution in the market. If Wiz integrates their certifications free with their solution positioning in the market for customers especially, it would be helpful. In comparison to the Microsoft product, it is not as costly, but for other products in comparison to other available players, it is a little bit on the high side.

Wiz may try to ease the connector positions. When integrating multiple clouds like hybrid cloud with Wiz, these processes need to be more user-friendly because more scripting is required in this scenario. Without a coder or without a deep administrator managing things, it is not possible to integrate clouds with Wiz dashboards. Some easy steps are required so that users who are not highly technical can do these things.

I have been using Wiz in my career for approximately one year.

I have not observed stability issues in my scenario, and my customers also have not reported any major crises.

Wiz is very much scalable. It totally depends on the workloads which are working on cloud scenarios, either GCP or Azure or any cloud scenario. It totally depends on your workloads. In cloud scenarios, workloads are always scalable, so Wiz is also scalable and adopts these things easily. There is no challenge.

I have used Microsoft CNAPP and CSPM functionality very frequently, and also used Palo Alto Prisma CNAPP and CWP functionality. I can compare them with these two OEMs.

Wiz is OEM agnostic. It is able to integrate any cloud, either GCP, Azure, or AWS. Similarly, like Palo Alto, Wiz is OEM agnostic. Microsoft is more specific to Azure where it is easy to integrate with Azure and it is a native platform. For other platforms, there may be some complications, like AWS with other GCP and other suites like Oracle OCI cloud. However, Wiz is OEM agnostic, so it is helpful to integrate and manage hybrid cloud scenarios efficiently.

Pricing in comparison to other solutions is good, but a little bit of discounting and flexibility if Wiz can offer to customers would be helpful. Training, vouchers, and certifications would help position this solution in the market. If Wiz integrates their certifications free with their solution positioning in the market for customers especially, it would be helpful. In comparison to the Microsoft product, it is not as costly, but for other products in comparison to other available players, it is a little bit on the high side.

Maintenance is required from time to time, as patching is required. If there are any latest updates available, then we need to just patch those updates. Integrations need to be monitored to ensure there are no gaps in the integration part. If we monitor multiple hybrid clouds, we need to be there and monitor these things also.

We deployed Wiz, but not for our internal use. We are just demoing and practicing scenarios.

I would rate this review a 9 overall.

I'm working with Jackson Vision, the track and trace provider, and we have been using Wiz for six years. We use Wiz as a portal similar to an ERP tool, managing customer inventory for security purposes and vulnerability management.

The best features of Wiz are its security capabilities, providing the best security for pharmaceutical products and industries, along with the required dashboard containing customer details and inventory management features.

The runtime sensor in Wiz helps identify threats effectively as it integrates with machines and operates on a hierarchy-based system with different rights for operators and supervisors.

The benefits of using Wiz are significant as we provide a solution based on 21 CFR standards for security and audit purposes, making it the best tool for these needs.

With Wiz, we achieve almost zero downtime and zero fault management in its issue queues.

Using Wiz saves us a significant amount of time and resources, with an almost thirty to forty percent return on investment.

Wiz has significantly reduced alert fatigue in our organization, addressing operator-level mistakes that used to be common in manual processes before we adopted automation.

Wiz has been the best tool for consolidating our solutions.

There is room for improvement in Wiz, particularly in operator management, as general operators may lack the necessary knowledge, requiring an easier-to-understand tool. We also need all tasks and dashboards to show completed activities and next steps along with SOPs for missed steps.

I'm working with Jackson Vision, the track and trace provider, and we have been using Wiz for six years.

I rate the stability of Wiz as almost eight out of ten, indicating good performance with limited downtime, bugs, or glitches.

Wiz is a very scalable product, as we operate in sixty-five countries and serve the pharmaceutical industry well, rating it eight out of ten for scalability.

I rate the technical support of Wiz as eight out of ten.

Positive

We are not currently comparing Wiz with other solutions as we have our research team looking for the best solutions available.

The deployment of Wiz is easy.

Deployment takes almost three to four hours, and our IT teams facilitate this process. We have around two hundred fifty to two hundred eighty customers who work with Wiz, and our team and IT teams are knowledgeable about it.

Using Wiz saves us a significant amount of time and resources, with an almost thirty to forty percent return on investment.

The pricing of Wiz is cost efficient.

I find Wiz to be better compared to other software, and we are currently progressing, rating it seven out of ten against any master product or company.

I have experience with Wiz and can provide a review. We are manufacturers of pharmaceutical machines and provide integrated solutions for track and trace, but we are not partners or resellers.

Wiz requires maintenance including patching and updates; if we encounter issues on-site, we update accordingly.

We purchased Wiz from the AWS marketplace, and many of our customers are utilizing the cloud-based solution we provide them, along with the portal that includes all necessary details for them.

We recommend Wiz to other users, such as Life Pharma in Dubai. I rate this product a nine out of ten.

Wiz serves as our enterprise tool for securing our cloud platform. We use AWS as our cloud platform and have Wiz integrated across multiple accounts for IT, engineering, and other departments. Within IT itself, we have different environments including development, production, and stage accounts. In every account, we have Wiz integrated and use policies based on the environment. For example, the dev environment has a less secure policy while production has a high-security policy. Technically, we use Wiz for securing our cloud platform.

The best feature of Wiz is the ability to detect any security violations across multi-cloud platforms and the ability to integrate for creating security incidents and vulnerability incidents. It works very well for scanning the environment, detecting vulnerabilities, and reporting them based on our requirements. It can generate reports via email or create ServiceNow incidents. It has helped me identify threats more easily. When it comes to the Kubernetes cluster, we do not have any other option for detecting vulnerabilities. This is the only way we observe our Kubernetes clusters to determine whether they are secured or not. Regarding speed, I cannot compare it with other solutions, but so far, we are happy with the way it works.

Wiz has improved our business in many ways. While I do not know in numbers how it has helped the business gain more profit, as a technical expert and part of our IT architect team, I would say Wiz has helped tremendously to secure our cloud platform. There were many security vulnerabilities existing before we implemented this solution that were not at all in our attention because there was nothing to scan and report what was wrong. After implementing Wiz, it has helped significantly. There was a program for implementing high-security measures in our environment, and Wiz has contributed substantially to that program.

I feel there is a delay in detection, though I am uncertain whether this is due to our implementation disadvantage. Wiz can detect all the issues, threats, and security vulnerabilities, but the delay may be due to the time taken for running a scan because we have a 24-hour scan cycle. When I checked with the team, there was no on-demand scanning possibility. We still see improvement scopes in this area. It does the work, but we are not seeing the changes very fast. Once you get a threat and fix it, to see that fix reflected in Wiz, you have to wait 24 hours. That is something I am not happy with.

One improvement that I am looking for in Wiz is the capability for on-demand scanning. That should be available. Second, we should be able to see the fixes faster. Once a threat is detected and we apply the fix, we want to see that result updated in the dashboard or portal as soon as possible. If Wiz can detect it faster and update it in the portal, that would be beneficial.

I have been using Wiz for more than two years, approximately two years and four months.

Regarding stability, it is stable. I would rate it nine out of ten.

Regarding scalability, I would also rate it nine out of ten.

I would rate the technical support of Wiz eight out of ten on a scale from one to ten, with ten being the best.

Positive

When comparing Wiz with other software, I did not use any other software similar to Wiz for the same purpose. A similar tool was Qualys, but we used Qualys for a different use case. We used it for vulnerability scanning of our servers, not end-user devices. For securing or detecting threats from cloud accounts, I do not have any other tool that I am aware of. Qualys is another vulnerability management tool, but the use cases are different, so I do not have the expertise to compare.

Deployment took approximately three months.

From one to ten, with one being cheap and ten being expensive, I would rate the implementation cost a seven.

Wiz does require some maintenance.

Wiz does require some maintenance.

My thoughts on the pricing of Wiz are that it is not cheap, but it is cost-efficient. From one to ten, with one being cheap and ten being expensive, I would rate it a seven.

I would recommend Wiz to anyone. If anyone wants to secure their infrastructure, cloud environment, or Kubernetes cluster, I would strongly recommend Wiz as a tool because it is easy to use and user-friendly. It has tight integration with many tools out-of-the-box for sending alerts, creating emails, and creating incidents.

My advice to others looking to implement Wiz is that when you implement Wiz, if your hybrid environment is not managed properly, it will be difficult to implement. It is better to make some cleanup and ensure that the environment you are going to implement meets Wiz standards. If you do not take care of that and simply implement Wiz, you will encounter many issues being reported by the system. It is better to follow the prerequisite standards of your cloud account and then implement the solution. Otherwise, you will see many issues being reported.

Regarding whether Wiz has helped reduce alert fatigue, I do not have a definitive answer because we do not see that much decrease in the alerts. Initially, when we implemented Wiz, since we were not using any tool like that before, there were too many alerts. Because it was the first implementation, it started sending too many alerts. Later on, the alerts decreased, but this decrease was not because of Wiz itself. Rather, it was because we implemented security fixes wherever Wiz reported threats or vulnerabilities. That is how the number of alerts got reduced. I feel we can also customize the Wiz policy to reduce the number of alerts, but I am not at that level here, so I do not have that expertise.

My overall rating for this solution is eight out of ten.

We are a Wiz user and partner, so we have an environment using Wiz, and our use case is to provide risk analysis. We have dashboards to understand the main risks and categorize them, and we use these to get the baseline and reports. We personalize some reports.

The best features of Wiz are the AI, risk analysis, the framework, and the compliance frameworks, so we can check if our frameworks comply with CCPA or similar regulations, and the toxic combination. We can identify active threats more effectively with granularity in databases, operational systems, and access keys, so the granularity of the Wiz view is the key for this kind of risk analysis.

We can provide an inventory, which is crucial when managing large cloud databases or environments such as AWS, Azure, or Google environments, where it's difficult to have one view for all cloud components. Wiz can accomplish this and easily provide the total inventory in the cloud.

Wiz has helped us analyze critical issues, and it can provide guidance on how to mitigate these issues to resolve them, offering step-by-step instructions.

An area that Wiz can still continue to improve is FinOps.

I have been using Wiz for almost one and a half years.

My experience with Wiz's support has been satisfactory.

Positive

We analyzed other options before choosing Wiz. For example, we looked at Orca, which lacks functionality such as toxic combination or resolving issues easily. Wiz can provide a better way to resolve critical issues, while Orca can show the issues but not truly resolve them.

We use Wiz in the cloud with AWS and GCP. We use both AWS and GCP almost equally. The time frame to achieve zero criticals in our issue queues depends on the environment. While we don't achieve zero criticals, some problems can be solved in two or three weeks while others may occur. It's optimal to work toward zero critical issues, but it depends on the installation or the cloud dynamics.

Some customers achieve zero critical issues, and Wiz has a program that rewards this achievement with a puzzle. Wiz offers pricing for both huge and small environments, and customers can purchase it from the Google Marketplace. In my opinion, Wiz has a competitive price.

I rate Wiz between 9 and 10 out of 10.

I use Wiz for both my own company and other companies to detect and investigate vulnerabilities and any type of alerts that pop up. 

I am really enjoying the new Threat Detection that they have set up; it is pretty nice. I appreciate the way that it lays out the data.

For some of my customers, I create custom dashboards, charts, or counters, and they're actually really helpful. It's quite easy. They have extensive technical documentation that guides you through the process. Additionally, there are short videos available in each section that demonstrate how to do things.

Wiz has helped my organization achieve zero criticals in its issue queues after a month. 

It would be better if, when you get an alert type, you are able to view the regex or alert logic without having to dig through all the different options; it is difficult to find where the alert logic is because you have to go to the investigations and then actually find and search for the individual alert. If they just showed the alert logic, that would be really nice. 

Also, if there was an easier way for threats to convert those into issues rather than having to set up a custom rule to pull those in as issues, it would be great.

I have been using Wiz for just under a year.

I have not seen any sort of instability with Wiz; I was curious how their SRE team works because I have not seen a single downtime.

Wiz scales really efficiently; I have worked with some huge companies that have multiple clouds and thousands of workflows, and it all seems to work.

We have account executive people that we talk to for help with Wiz. We talk to them sometimes when new features come out or when we see weird things for the first time. They provide help with writing either new regex alert queries or just helping us figure out how to do something with using the product. They are very helpful and very responsive, and if they cannot get you the answer, then they will find someone to help you; it has been as quick as a turnaround time of one business day, which is really good.

Positive

I have used CrowdStrike, Prisma, and I think that Wiz is the best out of all of them. Wiz is good at conveying the information for the active threats. The way that it shows you is easier to understand as a human. It is about the same quality of detection, but the presentation is better.

It's really easy. It's very user-friendly, and it's very intuitive.

My team had Wiz set up already when I joined, but I have gone through the whole setup process myself; they let me reset it up. I found that to be pretty simple. It only took about an hour and a half to install Wiz because we do not have a super big system.

Once you set up Wiz, it is good to go. As a security engineer, you need to maintain the alerts and keep that stuff moving. Once we have the system in place, I have not noticed it disconnect any of our accounts. It seems once you set it, it is good to go.

One person can deploy Wiz; they just have to have the right access.

I don't know how much we pay, but I do know that Wiz charges a lot. However, they're offering a good product, so it might be fair. I haven't seen the exact numbers.

I would rate Wiz a 10 out of 10. I really like it.

I use the solution for test and demo environments, and then we deploy the platform's last version for our customers. We use the advanced license type, so we have all the features in the platform.

The tool is used for security assessment and maintaining our customers' correct security posture. We have different types of customers, so there are different types of use cases. But in general, the main need is for the maintenance of cloud security posture.

The tool's most valuable feature is its attack path analysis. The feature of the tool for inspecting running containers and the new feature of intelligent artificial intelligence security posture is good. With the attack path analysis, I can see the perfect path of a possible attack, I can see the exposure of different types of resources, and I can stop the attack with the remediation or suggestion of the platform. Regarding the container runtime security, I can see how the container runs and what type of action the container takes during execution. I can take some action to modify the running of the container. For the artificial intelligence security posture, I can see the misconfiguration problem with the security permission that customers give to the platform, like Bedrock or OpenAI, and so on. We can help the customer resolve this problem of data security exposure and so on. All such features are effective in identifying vulnerabilities. The platform allows users to collect information without the need for an install agent. So it's totally agentless, and it is a great feature. I don't need to install an agent, so onboarding the platform is very easy and very speedy.

The tool keeps improving on a weekly basis. Wiz enters into a lot of partnerships with other technologies. I don't have any idea about the improvements needed in the tool at the moment.

For me, Wiz is a very complete product, but it is not the perfect one. Other technologies are better for our customers' specific use cases. A possible way to grow the tool is by introducing new functionality or features.

In the future, the tool can introduce an on-prem infrastructure or platform. Not having an on-prem version can be an obstacle for customers who have a large workload in an on-prem environment.

The onboarding can be done in five minutes or five to ten minutes. Then, there is the configuration, and it depends on the type of the use case of the customer. There is a customer that has simple use cases for whom the onboarding can be done in four to eight hours a day. If there are some customers with a lot of use cases and a lot of different cloud providers, more time is needed. In general, we don't need more than five days to deploy the tool, even in the case of a very complex architecture and hybrid cloud environment.

To deploy the tool, we need to have access to the account of the customer, and Wiz is a stuff that we need to make with the customer. We do the onboarding together. The customer creates the correct authorization in the cloud platform and gives us the key to connect to the platform, and then the platform connector starts and begins to collect information.

I have been using Wiz since 2023. My company is a service integrator and a partner of Wiz. I use the solution's latest version.

It is a stable solution. Stability-wise, I rate the solution an eight to nine out of ten.

Scalability-wise, I rate the solution a ten out of ten.

I don't know the exact number of users because every customer can create a user autonomously on the platform. So, I don't have availability at the moment for the total number of users. We have five customers at the moment, and we have done a lot of PoC during the last two years. I suppose that we will have around 22 different customers. If you need a number, a minimum of 60 users use the tool.

My customers are medium and large enterprises.

The solution's technical support was excellent. We have had excellent communication and availability for any of our needs or questions. They answer quickly, and we have had a great experience with the technical support. I rate the technical support a nine out of ten.

Positive

If one is difficult and ten is easy to set up, I rate the product's initial setup phase a nine out of ten.

The solution is deployed on the cloud. In the future, the tool can introduce an on-prem infrastructure or on-prem platform, but at the moment, it is only cloud.

If one is cheap and ten is expensive, I rate the tool's price as a five out of ten. The pricing depends on the customer and the dimension of the environment, whether the customer is strategic or not. I suppose that it is available at a middle price. In some cases, it has a very aggressive price, so very cheap, in order it's expensive. In particular, if the workload is poor, they can't make grid cells, so the price is high, and it is not in terms of real value but in terms of the budget of the customer.

The tool can be used for all customers who don't have a security structure or security team inside because the platform is very easy to use. It is a very useful tool for developer teams that can use the platform without having security knowledge, and the platform helps the developer of code applications. The tool adapts to a use case in which there is a SOC team because of the rich data that the SOC can correlate and manage.

I recommend the tool to companies that use cloud products. Wiz can be integrated with other customer platforms because it enriches information and makes inaction very valuable in terms of security.

I rate the tool as an eight out of ten.

My main use case for Wiz is that it identifies misconfigurations within the cloud services and misconfiguration within the Kubernetes platform. We also detect vulnerabilities within the runtime from the containers. Once we have those findings in place, we run a cron job within the GitLab pipeline wherein it pulls all vulnerabilities and misconfigurations and then creates tickets to the respective teams through Jira or through ServiceNow. Everything is totally automated. A Python function has been created which pulls all the vulnerabilities, performs data enrichment to identify the ownership, and then assigns the SLA and the SLA breach timeline, based on which it is then posted to the respective groups.

The best features Wiz offers in my experience are the collective findings that you get to see for each resource, which is called something as issues. It combines all findings, whether it is exposed to the internet, whether it has misconfigurations, whether there is encryption in place, or whether there is an IAM issue in place. You get to see all findings for a particular resource in one view, which Prisma or some other tool was not offering at this moment. Wiz is also offering ASPM at a service management level, KSPM, and AI security.

Wiz has positively impacted my organization because with the consequence model, as and when the consequence model triggers, every team goes ahead and mitigates the findings to ensure that it is not escalated to the CEO level. The automation is helping us to drive our platform to be more secure.

I choose eight out of ten because there is always room for improvement. Possibly I am not able to identify it, but definitely there would be some room for improvement. Nothing is perfect in terms of security.

We are in the process of getting to zero-day vulnerabilities.

I have been using Wiz for the past two years, enabling CSPM and CWP mainly, but as of now we have also started with KSPM, which is Kubernetes security posture management and data security posture management as well in my current company.

Wiz is stable in my experience.

Wiz's scalability is good as of now because the attributes we need in terms of identifying vulnerabilities is pretty good compared to Prisma.

Customer support is good. They are really helpful, but it is only the management who gets to interact with the sales team.

Positive

We did evaluate CrowdStrike, Tenable One, and Prisma Cortex.

We create dashboards with the automation, so all the findings being pulled from Wiz are enriched first, and then we store all those findings with the SLA metrics into a Grafana dashboard.

I have seen a return on investment with Wiz, specifically in that we need fewer employees.

I would advise others looking into using Wiz to definitely compare it with all the other tools that are in the market. Wiz is one of the finest tools that I have used so far, and it gives visibility to all the services based resources, which other tools do not give. It also helps to create custom policies based on Rego, which is one of the easiest solutions that anyone can develop. I give this product a rating of eight out of ten and would definitely recommend Wiz.