What is our primary use case?
We use Wiz to monitor cloud security across Azure, Oracle OCI, and Google GCP cloud environments. With Wiz implementation we aim to eliminate the security team from security findings communication and triage and allow development, cloud and infrastructure teams direct access to security configuration findings - saving time for everyone involved.
The client has around over 2000 workloads in Azure, and more than 200 in Oracle OCI, as well as small cloud presence in Google GCP.
For the initial deployment, we aim to enable good visibility across all cloud platforms (width), as well as across different levels of visibility (depth) by employing CSPM, CIEM, DSPM, EASM, CDR and other capabilities offered by Wiz.
Going forward, we plan to implement cloud forensics feature, as well as integrate it into our CI/CD pipelines and code repositories for preventative capabilities.
How has it helped my organization?
The integration is still in its early stages, and I will continue to update this report as we move forward. That being said, everything has been excellent so far!
Wiz helped to detect multiple virtual machines in Azure and Oracle OCI cloud environments that had problems, including crypto-miners and malware. Furthermore, Google GCP usage in the company was discovered by Wiz, which the other two CNAPP tools we've tested have missed.
We also discovered credentials stored on the disk of a virtual machine in the test/dev environment, which could potentially provide access to parts of other cloud environments if compromised (allow lateral movement).
We can confidently say that we now see the full picture of risk across our cloud environments, including internet-exposed, vulnerable (unpatched) and misconfigured cloud assets, as well as sensitive data stored in those cloud assets.
We're currently going through the process of user onboarding to enable time savings for security team and streamline the time to take action to remediate the findings.
What is most valuable?
The time savings and the many moments of "if I was building a CNAPP, this is how I would do it" were where Wiz had already implemented what I wished for. Wiz also saves time by validating a network misconfiguration by not only looking at the cloud asset configuration but also by testing if a port that is stated to be open is actually open.
The Wiz product team recognises that the world doesn't revolve around Cyber Security teams. This is evident in their emphasis on providing clear and simple remediation advice and offering explanations of the alerts, making it easy for non-security team members to understand what’s happening and why. This was one of the key criteria why Wiz has been selected over the competitors.
My favourite is the EASM/External Exposure view and overall package - full risk visibility. It allows us to prioritize, and I mean truly prioritize, what should be addressed first. We can now see cloud workloads exposed to the internet in case of critical vulnerabilities, and if these workloads hold or can access sensitive data, we can act fast and patch these workloads first, and therefore reduce our overall risk exposure time.
Another favourite feature is the ability to give feedback and quickly raise a support case, as well as the comment option for each finding in Wiz web portal. It enables simple, yet effective collaboration between security, cloud, infrastructure and development teams.
What needs improvement?
While over the past few years Wiz has improved a lot (and I mean A LOT!), there are some areas that are still lacking.
One of them is runtime security. Coverage of serverless workloads could be improved, though knowing some of the constraints on the cloud provider's side, I do understand this may be challenging. The good news is that I see these gaps being addressed in Wiz' roadmap.
The other point that didn't improve that much is built-in reports. These still have room for improvement, especially the executive summary reports. However, this is compensated by the excellent Dashboards available in Wiz web portal.
For how long have I used the solution?
I have been using this solution since June 2024.
With two main cloud platforms fully onboarded, the integration project is still ongoing.
What do I think about the stability of the solution?
The solution is very stable. We observed a case where some of the newly introduced built-in policies caused minor discrepancies in the alert count, but the Wiz support team promptly resolved the issue.
What do I think about the scalability of the solution?
So far, so good! No issues were observed in scalability.
How are customer service and support?
Support is excellent. We had 10 to 15 TAC cases open; most are addressed, and few that remain open have updates and a clear path towards resolution.
How would you rate customer service and support?
Which solution did I use previously and why did I switch?
Previously, I used Check Point's CloudGuard (while it was still called Dome9), Prisma Cloud by Palo Alto Networks, and Microsoft's Defender for Cloud (since 2020, when it was still called Azure Security Center). I have also tested Orca Security CNAPP solution in a PoC setting for about a month.
How was the initial setup?
The setup is straightforward. There were no issues with either cloud connector that I used (Azure, OCI and Kubernetes).
What about the implementation team?
I am a consultant working on this integration - HLD, LLD, integration itself, policy review/triage of findings, and user training/onboarding. The support team has been great! From sales to customer success - it has been a smooth ride.
What was our ROI?
The main ROI will be the time savings from not needing to write a basic remediation advisory for the dev team and then send/track it using email.
What's my experience with pricing, setup cost, and licensing?
The sizing script provided by Wiz is fairly accurate. The support team will help you accurately identify the licensing needs. We've done it, and it is spot-on.
Which other solutions did I evaluate?
We evaluated two other CNAPP solutions.
What other advice do I have?
So far, I really like the solution and the team supporting our integration.
While it's quite early for a full review, we already have the key parts functionality deployed, and I will be updating this review once the integration is finalized next year (code security for CI/CD, cloud incident response and forensics, and automation of preventative capabilities remains on our to-do list).
Disclaimer: I received a typical customer "swag" package (jumper, backpack, thermal cup) from Wiz, but I can confidently say it had no influence on the content of my review of the CNAPP solution.
Which deployment model are you using for this solution?
Public Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Microsoft Azure
Disclosure: My company does not have a business relationship with this vendor other than being a customer.