What is our primary use case?
My main use case for
Wiz is cloud security, infrastructure as code, threat detection and response, and application security.
For example, if we have a cloud resource that has an Amazon GuardDuty alert, we will use Wiz to ingest the log, and we review it for security reasons and use that information in our alerting pipeline. Wiz is where we ingest all the information and logs.
My main use case is to scan cloud infrastructure for misconfigurations, issues, security threat intelligence, and more.
What is most valuable?
The best features Wiz offers include the scanning, the ability to map vulnerabilities to specific resources, the ability for GraphQL API integration, and their security graph when it comes to querying information, finding specific detections, and responding to them, and much more.
For example, we use many other automation tools that need to integrate with Wiz, and through the graph API or GraphQL API, we are able to call Wiz in a very specific way where if we want to automate anything, it is possible via their API.
There is a variety of features per team, such as cloud security, AI security, security operations center, and more.
Wiz has positively impacted my organization by stopping security incidents, giving us full visibility in our cloud environments, and providing us with the confidence that we can use the tool not just for security but also for operations tooling, DevOps, code scanning, and all of the above.
We have seen specific outcomes and information improve as a result, and we have definitely narrowed down more incidents that we might need to take care of with the tooling, which has given us wider visibility compared to when we did not have it.
Wiz allowed us to consolidate tools, and on the issues it gives us from the top level down—critical to informational—we are able to fully prioritize the things that are most important due to that capability.
What needs improvement?
Wiz's pricing model is very poor.
The pricing is out of control, but when it comes to the actual functionality of the tool, the tool is great.
On a scale of one to ten, I would rate Wiz an eight. I rate it an eight because internally, they have specific people who want to bulldoze you when it comes to signing agreements that are much higher priced than the value that you get. Wiz is great. Some people are great and some are not, so they are a little bit less willing to work with customers on their specific needs regarding things such as pricing versus other tools.
For how long have I used the solution?
I have been using Wiz for over four years.
What do I think about the stability of the solution?
Wiz is stable.
What do I think about the scalability of the solution?
Wiz's scalability is very good, and I have not had any issues yet.
How are customer service and support?
The customer support is fair; they are not great, nor bad.
Which solution did I use previously and why did I switch?
We started to use Wiz since their inception.
How was the initial setup?
Everything is very well set up; the UI is easy to use, and their API is great.
What about the implementation team?
We are just a customer without a business relationship with this vendor other than that.
What was our ROI?
I have definitely saved time, but money saved is still up in the air; there have been things that make us feel that is not the case. We also need fewer employees, partially.
What's my experience with pricing, setup cost, and licensing?
My experience with pricing, setup cost, and licensing has been very poor.
Which other solutions did I evaluate?
Before choosing Wiz, I evaluated other options such as
Orca and
Upwind.
What other advice do I have?
The extent to which the Wiz runtime sensor has helped in identifying active threats more effectively compared to previous solutions is pretty minimal.
My impression of the cloud security democratization aspect of the product is that it is one of the best sources of truth we have. It is extremely impactful on the organization, so it is definitely a tool we are going to use if the pricing is right.
We have gone through three technical account managers and have decided not to renew.
My advice to others looking into using Wiz is to make sure that you are working with the right account team, set up all of your integrations correctly, and take your time during your proof of value.
Wiz is a great tool, and we will continue to use it over time. I rate Wiz an eight out of ten overall.
Which deployment model are you using for this solution?
Public Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Disclosure: My company does not have a business relationship with this vendor other than being a customer.