No more typing reviews! Try our Samantha, our new voice AI agent.
reviewer2857296 - PeerSpot reviewer
Security Specialist at a tech vendor with 10,001+ employees
Real User
Top 20
Jun 30, 2026
Contextual risk insights have strengthened cloud threat detection and reduced incident response time
Pros and Cons
  • "Wiz has improved the overall security posture of our previous organization, National Australia Bank, by providing wide-cross visibility in terms of risk identification, alert creation, misconfiguration identification, vulnerability remediations, patching of security holes, and exposing details."
  • "There are various ways to improve Wiz, particularly focusing on posture prioritization and enhancing runtime detections while comparing to solutions like CrowdStrike or Defender which have more mature runtime capabilities and can work on stronger behavior-based detections."

What is our primary use case?

I used Wiz for more than 2.5 years while working for NAB, National Australia Bank, where they were using Wiz cloud security platform to enhance their detections for cloud-related threats.

We are using Wiz to enhance our security detections for automated risk detection and threat detection across the cloud network infrastructure while also utilizing it for automated risk remediations, the exposure of the attack, and the lifecycle path analysis.

We mainly use Wiz for cloud security identifications, cloud-related vulnerability platform, patching of the vulnerabilities, and new alerts and detections, which also provides visibility across multiple cloud environments.

What is most valuable?

The very best feature is Wiz's contextual graph relationships in terms of the security graphs, as it's basically the core engine.

It integrates with cloud-native platforms and cloud security, giving us insights into current vulnerabilities, misconfigurations, identity permissions, and network exposure while also providing a real-time attack path, isolating alerts quickly, and reducing exploitable risk.

There are a lot of features that I found personally very good, such as CSPM, which stands for Cloud Security Posture Management, identifying misconfigurations like open ports, public storage, and continuously monitoring those configurations.

Wiz has improved the overall security posture of our previous organization, National Australia Bank, by providing wide-cross visibility in terms of risk identification, alert creation, misconfiguration identification, vulnerability remediations, patching of security holes, and exposing details.

What needs improvement?

There are various ways to improve Wiz, particularly focusing on posture prioritization and enhancing runtime detections while comparing to solutions like CrowdStrike or Defender which have more mature runtime capabilities and can work on stronger behavior-based detections.

I noticed an initial spike in alert noise, with many alerts triggered, so there should be work on the fine-tuning of those alerts, potentially using AI for better alert separation to improve overall performance.

Wiz currently covers all AI workloads, but there are opportunities for improvement, particularly regarding LLM issues and data leakage.

For how long have I used the solution?

I have been working in cybersecurity for a total of nine years.

Buyer's Guide
Wiz
June 2026
Learn what your peers think about Wiz. Get advice and tips from experienced pros sharing their opinions. Updated: June 2026.
903,147 professionals have used our research since 2012.

What do I think about the stability of the solution?

Wiz is stable.

What do I think about the scalability of the solution?

Wiz is highly scalable according to our requirements and can be deployed across the cloud infrastructure.

How are customer service and support?

The customer service is excellent and very supportive.

Which solution did I use previously and why did I switch?

We previously used Orca Security, which was good but lacked integration capabilities with cloud environments and globally deployed threats, which is why we switched to Wiz.

How was the initial setup?

We purchased Wiz through the AWS Marketplace.

What was our ROI?

The ROI is 80%. I believe the total efforts and time needed have been reduced by 80%.

Which other solutions did I evaluate?

We evaluated CrowdStrike Falcon as another option.

What other advice do I have?

I would rate Wiz a 10 because the platform has quickly grown in the market and offers great alerting features as it captures the needs of different enterprises effectively.

Most of the big companies are utilizing Wiz's security platform due to its design, which effectively identifies risks, alerts users to threats or vulnerabilities, and provides actionable insights.

Wiz has positively affected our team's efficiency.

It has affected our operations to a great extent, as Wiz quickly identifies true positive incidents, active threats, and ongoing threats, allowing the security team to act swiftly.

Wiz effectively helps in identifying critical issues within a timeframe, facilitating the detection of those issues.

It has positively impacted the overall security posture by allowing comprehensive data reliability, identification, and alert configuration in a single view.

Wiz is very important because it uses an AI security platform that provides end-to-end security management.

We initially did not see employee reductions, but after fine-tuning, there was a significant decrease in total staff required and time spent on vulnerabilities.

Organizations should opt for this newly launched solution for threat identification in cloud infrastructure. I have given this product an overall rating of 10.

Which deployment model are you using for this solution?

Hybrid Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Amazon Web Services (AWS)
Disclosure: My company does not have a business relationship with this vendor other than being a customer.
Last updated: Jun 30, 2026
Flag as inappropriate
PeerSpot user
Product Management Cybersecurity Leader at a tech vendor with 10,001+ employees
Real User
Top 20
Jun 18, 2026
Cloud security has become more prioritized and consolidated but still needs better context and bundling
Pros and Cons
  • "Overall, I believe Wiz is doing a great job, simplifying many aspects for security professionals and enterprises."
  • "As an extensive user of Wiz, I have noticed that one critical area Wiz is missing is context."

What is our primary use case?

I am using Wiz for CNAPP and DSPM, primarily for vulnerability and exposure management. These are the key areas I am focusing on, and over the last five years, I have been actively working with Wiz. Prior to that, I used it for a specific customer deployment in my previous organizations.

What is most valuable?

There are several resources deployed on the cloud, and we are monitoring those assets. Wiz has a very strong AI engine that can correlate these findings, and I believe that is the clearer differentiator from other products in the market. We are using Wiz to define the correlation, and it works perfectly by defining priority based on impact and likelihood. I feel this saves considerable rework from security engineers and the team, helping us to immediately act on these exposure issues and address high and critical vulnerabilities.

All other security tools I have seen mainly focus on impact and try to map directly with the CVSS. I think that context is outdated now because threats have changed and patterns have evolved. It clearly requires a different approach so that we can use it enterprise-wide, and security leaders should get clear visibility on the likelihood of these incidents and decide whether to spend resources on them.

Wiz is performing quite well with the existing CNAPP capability. However, Wiz has additional functionalities under Wiz Code, and there are other modules coming for AI security. That is definitely new, which Wiz offers, and it is completely different from existing solutions.

From a security tooling perspective, every enterprise is bombarded with thousands of tools and nobody knows how to consolidate them and what those different data points should be used for. That has been one of the nightmares, where most people simply spend their resources managing those tools and remediating the same issues on different platforms. Using Wiz Code and the other matching capability helps me eliminate the redundancy of tools in my infrastructure. That is a significant win, as I can see everything in a single pane of glass.

The response time has drastically increased, and the data we are getting is more focused. That is something truly required in security, as you need to respond as quickly as possible to breaches because they occur in fractions of seconds. Therefore, quick responsiveness is something Wiz has truly achieved.

What needs improvement?

As an extensive user of Wiz, I have noticed that one critical area Wiz is missing is context. It is performing well in terms of reporting issues and mapping to the environment, but many false positives are generated because it lacks context. I would appreciate Wiz ingesting customer context, understanding how I am using it and what my infrastructure looks like, so it can determine whether something is truly an issue for me. I do not want to keep dealing with thousands of vulnerabilities and marking them under ignore rules or wasting time assessing everything only to find they are false positives. This is an area where Wiz really needs to focus.

Secondly, regarding remediation, Wiz has playbooks, but it is not adding anything new. If I wanted to use Wiz with AI infrastructure, it could provide more guidance on best practices and how to implement them.

Currently, Wiz has three modules: Wiz, Wiz Code, and CNAPP. At some point, Wiz needs to rethink this and consider a bundled offering for more benefit to customers and product owners. If I buy CNAPP and later move to Wiz Code, there may be conflicting or overlapping features. People could be confused about why to use Wiz Code and what is different. It should look like a simple bundle, indicating what you are getting and when to use each. Currently, when to use what is missing, and while it is documented, as an enterprise decision maker, I do not want to spend time repeatedly on the same tools. I want a single comprehensive solution. Wiz Code should be the default offering as a simple, pay-as-you-go model without requiring separate deployments.

The lack of context is an issue. The tool is performing well, but without context, it generates many false positives, which every organization using Wiz struggles with. Secondly, the multiple offerings lead to confusion, as people may hesitate to use the next solution, such as Wiz Code. These two aspects are holding me back from giving a higher rating.

For how long have I used the solution?

I have been using Wiz for almost five years.

What other advice do I have?

As a security product manager and extensive user, I recommend that people explore Wiz. It simplifies their lives with many new features and capabilities. It allows for easy adoption in defining benchmarks and a minimum security baseline for organizations, something that is harder with other tools. Some solutions claim to have specific capabilities, but they do not deliver. Based on my hands-on experience, I can say that Wiz is a clear differentiator, and people should definitely consider it.

Wiz helped consolidate tools, but there were overlapping capabilities, and we still are not getting a complete view. To a certain extent, it helped with consolidation, but there is still room for improvement. I provided feedback suggesting that Wiz Code and other capabilities should be under the same bundle with a pay-as-you-go model, as it can be time-consuming to enable these capabilities later.

Overall, I believe Wiz is doing a great job, simplifying many aspects for security professionals and enterprises. The dashboard is quite nice, and with the introduction of the MCP, I am only concerned about remediation, context defining, and bundling of offerings. These are three areas I want Wiz to focus on to make their product even better. I would rate this product a seven out of ten.

Which deployment model are you using for this solution?

Public Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Other
Disclosure: My company does not have a business relationship with this vendor other than being a customer.
Last updated: Jun 18, 2026
Flag as inappropriate
PeerSpot user
Buyer's Guide
Wiz
June 2026
Learn what your peers think about Wiz. Get advice and tips from experienced pros sharing their opinions. Updated: June 2026.
903,147 professionals have used our research since 2012.
Wellington Franham - PeerSpot reviewer
CEO at Century Data
Real User
Top 5
Oct 12, 2025
Has enabled consistent risk analysis and compliance tracking across multiple cloud environments
Pros and Cons
  • "Wiz can accomplish this and easily provide the total inventory in the cloud, which is crucial when managing large cloud databases or environments such as AWS, Azure, or Google environments, where it's difficult to have one view for all cloud components."
  • "An area that Wiz can still continue to improve is FinOps."

What is our primary use case?

We are a Wiz user and partner, so we have an environment using Wiz, and our use case is to provide risk analysis. We have dashboards to understand the main risks and categorize them, and we use these to get the baseline and reports. We personalize some reports.

What is most valuable?

The best features of Wiz are the AI, risk analysis, the framework, and the compliance frameworks, so we can check if our frameworks comply with CCPA or similar regulations, and the toxic combination. We can identify active threats more effectively with granularity in databases, operational systems, and access keys, so the granularity of the Wiz view is the key for this kind of risk analysis.

We can provide an inventory, which is crucial when managing large cloud databases or environments such as AWS, Azure, or Google environments, where it's difficult to have one view for all cloud components. Wiz can accomplish this and easily provide the total inventory in the cloud.

Wiz has helped us analyze critical issues, and it can provide guidance on how to mitigate these issues to resolve them, offering step-by-step instructions.

What needs improvement?

An area that Wiz can still continue to improve is FinOps.

For how long have I used the solution?

I have been using Wiz for almost one and a half years.

How are customer service and support?

My experience with Wiz's support has been satisfactory.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

We analyzed other options before choosing Wiz. For example, we looked at Orca, which lacks functionality such as toxic combination or resolving issues easily. Wiz can provide a better way to resolve critical issues, while Orca can show the issues but not truly resolve them.

What other advice do I have?

We use Wiz in the cloud with AWS and GCP. We use both AWS and GCP almost equally. The time frame to achieve zero criticals in our issue queues depends on the environment. While we don't achieve zero criticals, some problems can be solved in two or three weeks while others may occur. It's optimal to work toward zero critical issues, but it depends on the installation or the cloud dynamics.

Some customers achieve zero critical issues, and Wiz has a program that rewards this achievement with a puzzle. Wiz offers pricing for both huge and small environments, and customers can purchase it from the Google Marketplace. In my opinion, Wiz has a competitive price.

I rate Wiz between 9 and 10 out of 10.

Which deployment model are you using for this solution?

Public Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Amazon Web Services (AWS)
Disclosure: My company has a business relationship with this vendor other than being a customer. Partner
Last updated: Oct 12, 2025
Flag as inappropriate
PeerSpot user
reviewer2755878 - PeerSpot reviewer
Cloud Security Engineer at a tech vendor with 11-50 employees
Real User
Top 10
Sep 10, 2025
Helps eliminate critical issues and streamline threat investigation
Pros and Cons
  • "Wiz has helped my organization achieve zero criticals in its issue queues after a month."
  • "It would be better if, when you get an alert type, you are able to view the regex or alert logic without having to dig through all the different options; it is difficult to find where the alert logic is because you have to go to the investigations and then actually find and search for the individual alert."

What is our primary use case?

I use Wiz for both my own company and other companies to detect and investigate vulnerabilities and any type of alerts that pop up. 

What is most valuable?

I am really enjoying the new Threat Detection that they have set up; it is pretty nice. I appreciate the way that it lays out the data.

For some of my customers, I create custom dashboards, charts, or counters, and they're actually really helpful. It's quite easy. They have extensive technical documentation that guides you through the process. Additionally, there are short videos available in each section that demonstrate how to do things.

Wiz has helped my organization achieve zero criticals in its issue queues after a month. 

What needs improvement?

It would be better if, when you get an alert type, you are able to view the regex or alert logic without having to dig through all the different options; it is difficult to find where the alert logic is because you have to go to the investigations and then actually find and search for the individual alert. If they just showed the alert logic, that would be really nice. 

Also, if there was an easier way for threats to convert those into issues rather than having to set up a custom rule to pull those in as issues, it would be great.

For how long have I used the solution?

I have been using Wiz for just under a year.

What do I think about the stability of the solution?

I have not seen any sort of instability with Wiz; I was curious how their SRE team works because I have not seen a single downtime.

What do I think about the scalability of the solution?

Wiz scales really efficiently; I have worked with some huge companies that have multiple clouds and thousands of workflows, and it all seems to work.

How are customer service and support?

We have account executive people that we talk to for help with Wiz. We talk to them sometimes when new features come out or when we see weird things for the first time. They provide help with writing either new regex alert queries or just helping us figure out how to do something with using the product. They are very helpful and very responsive, and if they cannot get you the answer, then they will find someone to help you; it has been as quick as a turnaround time of one business day, which is really good.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

I have used CrowdStrike, Prisma, and I think that Wiz is the best out of all of them. Wiz is good at conveying the information for the active threats. The way that it shows you is easier to understand as a human. It is about the same quality of detection, but the presentation is better.

How was the initial setup?

It's really easy. It's very user-friendly, and it's very intuitive.

My team had Wiz set up already when I joined, but I have gone through the whole setup process myself; they let me reset it up. I found that to be pretty simple. It only took about an hour and a half to install Wiz because we do not have a super big system.

Once you set up Wiz, it is good to go. As a security engineer, you need to maintain the alerts and keep that stuff moving. Once we have the system in place, I have not noticed it disconnect any of our accounts. It seems once you set it, it is good to go.

What about the implementation team?

One person can deploy Wiz; they just have to have the right access.

What's my experience with pricing, setup cost, and licensing?

I don't know how much we pay, but I do know that Wiz charges a lot. However, they're offering a good product, so it might be fair. I haven't seen the exact numbers.

What other advice do I have?

I would rate Wiz a 10 out of 10. I really like it.

Which deployment model are you using for this solution?

Public Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor. The reviewer's company has a business relationship with this vendor other than being a customer: Partner
PeerSpot user
Pietro Villivà - PeerSpot reviewer
Business Line Manager at S2E
Real User
Top 10
Sep 16, 2024
Useful for security assessment and maintaining correct security posture
Pros and Cons
  • "The tool's most valuable feature is its attack path analysis."
  • "Not having an on-prem version can be an obstacle for customers who have a large workload in an on-prem environment."

What is our primary use case?

I use the solution for test and demo environments, and then we deploy the platform's last version for our customers. We use the advanced license type, so we have all the features in the platform.

The tool is used for security assessment and maintaining our customers' correct security posture. We have different types of customers, so there are different types of use cases. But in general, the main need is for the maintenance of cloud security posture.

What is most valuable?

The tool's most valuable feature is its attack path analysis. The feature of the tool for inspecting running containers and the new feature of intelligent artificial intelligence security posture is good. With the attack path analysis, I can see the perfect path of a possible attack, I can see the exposure of different types of resources, and I can stop the attack with the remediation or suggestion of the platform. Regarding the container runtime security, I can see how the container runs and what type of action the container takes during execution. I can take some action to modify the running of the container. For the artificial intelligence security posture, I can see the misconfiguration problem with the security permission that customers give to the platform, like Bedrock or OpenAI, and so on. We can help the customer resolve this problem of data security exposure and so on. All such features are effective in identifying vulnerabilities. The platform allows users to collect information without the need for an install agent. So it's totally agentless, and it is a great feature. I don't need to install an agent, so onboarding the platform is very easy and very speedy.

What needs improvement?

The tool keeps improving on a weekly basis. Wiz enters into a lot of partnerships with other technologies. I don't have any idea about the improvements needed in the tool at the moment.

For me, Wiz is a very complete product, but it is not the perfect one. Other technologies are better for our customers' specific use cases. A possible way to grow the tool is by introducing new functionality or features.

In the future, the tool can introduce an on-prem infrastructure or platform. Not having an on-prem version can be an obstacle for customers who have a large workload in an on-prem environment.

The onboarding can be done in five minutes or five to ten minutes. Then, there is the configuration, and it depends on the type of the use case of the customer. There is a customer that has simple use cases for whom the onboarding can be done in four to eight hours a day. If there are some customers with a lot of use cases and a lot of different cloud providers, more time is needed. In general, we don't need more than five days to deploy the tool, even in the case of a very complex architecture and hybrid cloud environment.

To deploy the tool, we need to have access to the account of the customer, and Wiz is a stuff that we need to make with the customer. We do the onboarding together. The customer creates the correct authorization in the cloud platform and gives us the key to connect to the platform, and then the platform connector starts and begins to collect information.

For how long have I used the solution?

I have been using Wiz since 2023. My company is a service integrator and a partner of Wiz. I use the solution's latest version.

What do I think about the stability of the solution?

It is a stable solution. Stability-wise, I rate the solution an eight to nine out of ten.

What do I think about the scalability of the solution?

Scalability-wise, I rate the solution a ten out of ten.

I don't know the exact number of users because every customer can create a user autonomously on the platform. So, I don't have availability at the moment for the total number of users. We have five customers at the moment, and we have done a lot of PoC during the last two years. I suppose that we will have around 22 different customers. If you need a number, a minimum of 60 users use the tool.

My customers are medium and large enterprises.

How are customer service and support?

The solution's technical support was excellent. We have had excellent communication and availability for any of our needs or questions. They answer quickly, and we have had a great experience with the technical support. I rate the technical support a nine out of ten.

How would you rate customer service and support?

Positive

How was the initial setup?

If one is difficult and ten is easy to set up, I rate the product's initial setup phase a nine out of ten.

The solution is deployed on the cloud. In the future, the tool can introduce an on-prem infrastructure or on-prem platform, but at the moment, it is only cloud.

What's my experience with pricing, setup cost, and licensing?

If one is cheap and ten is expensive, I rate the tool's price as a five out of ten. The pricing depends on the customer and the dimension of the environment, whether the customer is strategic or not. I suppose that it is available at a middle price. In some cases, it has a very aggressive price, so very cheap, in order it's expensive. In particular, if the workload is poor, they can't make grid cells, so the price is high, and it is not in terms of real value but in terms of the budget of the customer.

What other advice do I have?

The tool can be used for all customers who don't have a security structure or security team inside because the platform is very easy to use. It is a very useful tool for developer teams that can use the platform without having security knowledge, and the platform helps the developer of code applications. The tool adapts to a use case in which there is a SOC team because of the rich data that the SOC can correlate and manage.

I recommend the tool to companies that use cloud products. Wiz can be integrated with other customer platforms because it enriches information and makes inaction very valuable in terms of security.

I rate the tool as an eight out of ten.

Disclosure: My company has a business relationship with this vendor other than being a customer. partner
PeerSpot user
reviewer2808789 - PeerSpot reviewer
Senior Software Engineer - Security at a financial services firm with 501-1,000 employees
Real User
Top 20
Mar 19, 2026
Automation has transformed cloud and container security posture and reduced manual effort
Pros and Cons
  • "Wiz is one of the finest tools that I have used so far, and it gives visibility to all the services based resources, which other tools do not give."
  • "I choose eight out of ten because there is always room for improvement."

What is our primary use case?

My main use case for Wiz is that it identifies misconfigurations within the cloud services and misconfiguration within the Kubernetes platform. We also detect vulnerabilities within the runtime from the containers. Once we have those findings in place, we run a cron job within the GitLab pipeline wherein it pulls all vulnerabilities and misconfigurations and then creates tickets to the respective teams through Jira or through ServiceNow. Everything is totally automated. A Python function has been created which pulls all the vulnerabilities, performs data enrichment to identify the ownership, and then assigns the SLA and the SLA breach timeline, based on which it is then posted to the respective groups.

What is most valuable?

The best features Wiz offers in my experience are the collective findings that you get to see for each resource, which is called something as issues. It combines all findings, whether it is exposed to the internet, whether it has misconfigurations, whether there is encryption in place, or whether there is an IAM issue in place. You get to see all findings for a particular resource in one view, which Prisma or some other tool was not offering at this moment. Wiz is also offering ASPM at a service management level, KSPM, and AI security.

Wiz has positively impacted my organization because with the consequence model, as and when the consequence model triggers, every team goes ahead and mitigates the findings to ensure that it is not escalated to the CEO level. The automation is helping us to drive our platform to be more secure.

What needs improvement?

I choose eight out of ten because there is always room for improvement. Possibly I am not able to identify it, but definitely there would be some room for improvement. Nothing is perfect in terms of security.

We are in the process of getting to zero-day vulnerabilities.

For how long have I used the solution?

I have been using Wiz for the past two years, enabling CSPM and CWP mainly, but as of now we have also started with KSPM, which is Kubernetes security posture management and data security posture management as well in my current company.

What do I think about the stability of the solution?

Wiz is stable in my experience.

What do I think about the scalability of the solution?

Wiz's scalability is good as of now because the attributes we need in terms of identifying vulnerabilities is pretty good compared to Prisma.

How are customer service and support?

Customer support is good. They are really helpful, but it is only the management who gets to interact with the sales team.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

We did evaluate CrowdStrike, Tenable One, and Prisma Cortex.

How was the initial setup?

We create dashboards with the automation, so all the findings being pulled from Wiz are enriched first, and then we store all those findings with the SLA metrics into a Grafana dashboard.

What was our ROI?

I have seen a return on investment with Wiz, specifically in that we need fewer employees.

What other advice do I have?

I would advise others looking into using Wiz to definitely compare it with all the other tools that are in the market. Wiz is one of the finest tools that I have used so far, and it gives visibility to all the services based resources, which other tools do not give. It also helps to create custom policies based on Rego, which is one of the easiest solutions that anyone can develop. I give this product a rating of eight out of ten and would definitely recommend Wiz.

Which deployment model are you using for this solution?

Public Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Disclosure: My company does not have a business relationship with this vendor other than being a customer.
Last updated: Mar 19, 2026
Flag as inappropriate
PeerSpot user
Wellington Franham - PeerSpot reviewer
CEO at Century Data
Real User
Top 5
Oct 11, 2025
Provides detailed analysis and helps manage risks effectively
Pros and Cons
  • "Wiz has helped my organization by allowing us to analyze the critical issues and providing the best way to mitigate these issues with step-by-step guidance."
  • "FinOps is an area where Wiz needs enhancement."

What is our primary use case?

We are a Wiz user and partner. We have an environment using Wiz, and our use case is to provide risk analysis.

We have dashboards to understand and categorize the main risks. These dashboards help us generate baseline reports, and we have personalized some of these reports.

How has it helped my organization?

It can provide an inventory. When you have a large cloud database or environment, Wiz can provide you easily with the total inventory that you have in the cloud. 

Wiz has helped my organization by allowing us to analyze the critical issues and providing the best way to mitigate these issues with step-by-step guidance. We don't achieve zero criticals. This often depends on the environment, as solving some problems can lead to two or three others arising. Therefore, navigating through the critical issues is essential, but it relies on the specific installation you have or the dynamics of your cloud setup. Some customers have successfully reached a state of zero critical issues, and we have a program designed to support this. If they are interested in achieving this goal, we can provide them with materials or insights to help them.

What is most valuable?

Wiz's best features are the AI risk analysis and the compliance frameworks. We can check if frameworks are compliant, such as CCPA, and the toxic combination.

The Wiz runtime sensor identifies active threats more effectively by allowing us to run the analysis with granularity in databases, in operational systems, and some access keys. The granularity of the Wiz view is the key for this kind of risk analysis.

What needs improvement?

FinOps is an area where Wiz needs enhancement.

For how long have I used the solution?

I have been using Wiz for almost one and a half years.

How are customer service and support?

I had experience with Wiz's support, and I would rate it a nine out of ten.

How would you rate customer service and support?

Positive

What's my experience with pricing, setup cost, and licensing?

Wiz can accommodate both huge and small environments. You can purchase Wiz from Google Marketplace, for example. Wiz seems to have a competitive price.

Which other solutions did I evaluate?

We evaluated other options such as Orca before choosing Wiz. We analyzed Orca because it lacks certain functions, such as toxic combination or resolving issues easily. Wiz performs better at providing the best way to resolve critical issues, while Orca can only show the issues without resolving them.

What other advice do I have?

I would rate Wiz a nine out of ten.

Which deployment model are you using for this solution?

Public Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Amazon Web Services (AWS)
Disclosure: My company has a business relationship with this vendor other than being a customer. Partner
Last updated: Oct 11, 2025
Flag as inappropriate
PeerSpot user
Mindaugas Dailidonis - PeerSpot reviewer
Security Solutions Architect - Cloud Security Consultant at a consultancy with 10,001+ employees
Real User
Top 5
Mar 11, 2026
Advanced security insights and comprehensive risk visibility across multi-cloud environments
Pros and Cons
  • "Wiz saves time by validating a network misconfiguration by not only looking at the cloud asset configuration but also by testing if a port that is stated to be open is actually open."
  • "We noticed some capabilities that were lacking, specifically ignoring some false-positive Issue findings. The good news - with the latest update, this has been resolved."

What is our primary use case?

We use Wiz to monitor cloud security across Azure, Oracle OCI, and Google GCP cloud environments. With Wiz implementation we aim to eliminate the security team from security findings communication and triage and allow development, cloud and infrastructure teams direct access to security configuration findings - saving time for everyone involved.

The client has around over 2000 workloads in Azure, and more than 200 in Oracle OCI, as well as small cloud presence in Google GCP.

For the initial deployment, we aim to enable good visibility across all cloud platforms (width), as well as across different levels of visibility (depth) by employing CSPM, CIEM, DSPM, EASM, CDR and other capabilities offered by Wiz

Going forward, we plan to implement cloud forensics feature, as well as integrate it into our CI/CD pipelines and code repositories for preventative capabilities.

How has it helped my organization?

The integration is still in its early stages, and I will continue to update this report as we move forward. That being said, everything has been excellent so far!

Wiz helped to detect multiple virtual machines in Azure and Oracle OCI cloud environments that had problems, including crypto-miners and malware. Furthermore, Google GCP usage in the company was discovered by Wiz, which the other two CNAPP tools we've tested have missed. 

We also discovered credentials stored on the disk of a virtual machine in the test/dev environment, which could potentially provide access to parts of other cloud environments if compromised (allow lateral movement).

We can confidently say that we now see the full picture of risk across our cloud environments, including internet-exposed, vulnerable (unpatched) and misconfigured cloud assets, as well as sensitive data stored in those cloud assets.

We're currently going through the process of user onboarding to enable time savings for security team and streamline the time to take action to remediate the findings.

What is most valuable?

The time savings and the many moments of "if I was building a CNAPP, this is how I would do it" were where Wiz had already implemented what I wished for. Wiz also saves time by validating a network misconfiguration by not only looking at the cloud asset configuration but also by testing if a port that is stated to be open is actually open.

The Wiz product team recognises that the world doesn't revolve around Cyber Security teams. This is evident in their emphasis on providing clear and simple remediation advice and offering explanations of the alerts, making it easy for non-security team members to understand what’s happening and why. This was one of the key criteria why Wiz has been selected over the competitors.

My favourite is the EASM/External Exposure view and overall package - full risk visibility. It allows us to prioritize, and I mean truly prioritize, what should be addressed first. We can now see cloud workloads exposed to the internet in case of critical vulnerabilities, and if these workloads hold or can access sensitive data, we can act fast and patch these workloads first, and therefore reduce our overall risk exposure time.

Another favourite feature is the ability to give feedback and quickly raise a support case, as well as the comment option for each finding in Wiz web portal. It enables simple, yet effective collaboration between security, cloud, infrastructure and development teams.

What needs improvement?

While over the past few years Wiz has improved a lot (and I mean A LOT!), there are some areas that are still lacking.

One of them is runtime security. Coverage of serverless workloads could be improved, though knowing some of the constraints on the cloud provider's side, I do understand this may be challenging. The good news is that I see these gaps being addressed in Wiz' roadmap.

The other point that didn't improve that much is built-in reports. These still have room for improvement, especially the executive summary reports. However, this is compensated by the excellent Dashboards available in Wiz web portal.

For how long have I used the solution?

I have been using this solution since June 2024. 

With two main cloud platforms fully onboarded, the integration project is still ongoing.

What do I think about the stability of the solution?

The solution is very stable. We observed a case where some of the newly introduced built-in policies caused minor discrepancies in the alert count, but the Wiz support team promptly resolved the issue.

What do I think about the scalability of the solution?

So far, so good! No issues were observed in scalability.

How are customer service and support?

Support is excellent. We had 10 to 15 TAC cases open; most are addressed, and few that remain open have updates and a clear path towards resolution.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

Previously, I used Check Point's CloudGuard (while it was still called Dome9), Prisma Cloud by Palo Alto Networks, and Microsoft's Defender for Cloud (since 2020, when it was still called Azure Security Center). I have also tested Orca Security CNAPP solution in a PoC setting for about a month.

How was the initial setup?

The setup is straightforward. There were no issues with either cloud connector that I used (Azure, OCI and Kubernetes).

What about the implementation team?

I am a consultant working on this integration - HLD, LLD, integration itself, policy review/triage of findings, and user training/onboarding. The support team has been great! From sales to customer success - it has been a smooth ride. 

What was our ROI?

The main ROI will be the time savings from not needing to write a basic remediation advisory for the dev team and then send/track it using email.

What's my experience with pricing, setup cost, and licensing?

The sizing script provided by Wiz is fairly accurate. The support team will help you accurately identify the licensing needs. We've done it, and it is spot-on.

Which other solutions did I evaluate?

We evaluated two other CNAPP solutions.

What other advice do I have?

So far, I really like the solution and the team supporting our integration.

While it's quite early for a full review, we already have the key parts functionality deployed, and I will be updating this review once the integration is finalized next year (code security for CI/CD, cloud incident response and forensics, and automation of preventative capabilities remains on our to-do list).

Disclaimer: I received a typical customer "swag" package (jumper, backpack, thermal cup) from Wiz, but I can confidently say it had no influence on the content of my review of the CNAPP solution.

Which deployment model are you using for this solution?

Public Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Microsoft Azure
Disclosure: My company does not have a business relationship with this vendor other than being a customer.
Last updated: Mar 11, 2026
Flag as inappropriate
PeerSpot user
Manager Cybersecurity Operation at Grant Thornton (US)
Real User
Top 20
May 8, 2025
Enables efficient management of vulnerabilities and project inventories
Pros and Cons
  • "I rate Wiz's customer service as ten out of ten."
  • "I cannot recommend Wiz to others until I have a clear understanding of its full capacity and benefits."

What is our primary use case?

We are using Wiz for many deployments in terms of vulnerability and also our Microsoft tenants, two different Microsoft tenants. We use it to manage our projects.

Wiz's automated compliance checks are the reason for our use case. I am actually working on the GCCR audit, which is the reason I was looking at it. There are still some things I need clarity on in my own meeting this morning.

What is most valuable?

I might not be able to give substantial information as I do not use the most valuable features of Wiz day-to-day in full capacity. I can check managing each of my projects and check vulnerabilities across each of those projects across each of the tenants. It allows you to manage your inventories that you have in different subscriptions or different tenants on your technology. Then you can configure different kinds of policies that you use around each of those.

What needs improvement?

I have not used Wiz in full capacity, so I cannot provide detailed improvement suggestions. I just started fully going through each feature to have a basic, comprehensive understanding of the product itself.

I cannot recommend Wiz to others until I have a clear understanding of its full capacity and benefits. In my organization, we have Rapid7, which is a vulnerability management tool, we have Wiz, and we have Microsoft Defender. I need to understand the reason for that decision in the first place to be able to look at the benefit to my organization.

For how long have I used the solution?

I started with Wiz some months ago.

What was my experience with deployment of the solution?

I do not know how long it took for us to actually deploy Wiz, as I was not within the corporation when it was deployed.

What do I think about the stability of the solution?

So far, I would say Wiz is stable to the best of my knowledge.

What do I think about the scalability of the solution?

My thoughts on the scalability of Wiz so far is that it is scalable for me and good for us.

On a scale of one to ten, I would rate the scalability of Wiz as nine.

How are customer service and support?

I rate Wiz's customer service as ten out of ten.

How would you rate customer service and support?

Positive

How was the initial setup?

I find the initial setup of Wiz straightforward in my opinion.

On a scale of one to ten, I would rate how easy it is to set up Wiz as nine, if ten is the easiest.

What about the implementation team?

I do not know how many people it took to deploy Wiz. However, it is always the vendor and probably my director that was in the position which I was before.

What was our ROI?

I do not know if Wiz has impacted our operational costs related to cloud security or any kind of return on investment or operational impact that it has for us.

Which other solutions did I evaluate?

I do not really know the main differences between Wiz and other vulnerability management solutions such as Defender, but they perform similar functions.

When comparing Wiz to Defender, I think they do almost the same thing. The only difference is that Defender will give you RISK call. However, Wiz can give you a risk call against your investment because it is not a Microsoft solution.

What other advice do I have?

I work in accounting with Wiz in a large enterprise business.

Wiz does not require a lot of maintenance on our side. It is just ease of use. Wiz maintains most of it.

I have not used Wiz's AI capabilities to enhance our security threat detection as I just started looking at it. I have not really done much with that so far.

Overall, I would rate Wiz as good. I get everything I want, just the same way it is for every other solution, so I am going to rate it nine out of ten.

I rate Wiz a nine out of ten instead of a ten until I use the solution based on use cases and exploitation of the product, and what it gives me. If I am able to do that in full capacity, then I will give it ten. This is just based on what I still see so far. Until I get to see the benefits and everything, then my rating might be different in two weeks' time. At this moment, this is how it is.

RISC call is what I mean by that, RISC (R I S K).

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Disclosure: My company does not have a business relationship with this vendor other than being a customer.
PeerSpot user
reviewer2780310 - PeerSpot reviewer
Specialist - Information Security at a tech vendor with 1,001-5,000 employees
Real User
Top 20
Nov 21, 2025
Enables comprehensive visibility into cloud risks and supports tailored compliance reporting across teams
Pros and Cons
  • "What I appreciate most about Wiz is that the compliance and CSPM aspects of this cloud-native application protection offering are genuinely better than other products available in the market."
  • "I have seen some lagging or downtime a couple of times, but I am not sure why it happened."

What is our primary use case?

My use cases for Wiz mostly revolve around cloud security posture management, compliance, internal opex reporting, and shift-left security tooling, centered around compliance and cloud security shift-left.

What is most valuable?

What I appreciate most about Wiz is that the compliance and CSPM aspects of this cloud-native application protection offering are genuinely better than other products available in the market. Having worked on Prisma, Orca, and Qualys as well, when I compare Wiz with everything else, it definitely has an edge. The graph queries and graph explorer in Wiz are exceptionally well done by their team, giving me a complete view of resources, how they relate to other resources in the account or in other accounts, and how they pose an external threat or risk.

I have created boards in Wiz for internal projects and teams depending on what product line it is, and I have tried creating custom dashboards. My experience with creating custom dashboards is that it is neither easy nor difficult; it is somewhere in between. Obviously, it is not the same as Power BI or any other visualization tool, so I understand it will not be at that level, but it gets the job done. I get a high-level overview of trends of the findings or non-compliant items, and it accomplishes what I need. I also do not expect it to be at that level because that is not what it is built for.

What needs improvement?

I really cannot think of anything that Wiz can improve, because the use cases I deal with have almost all features that cater to them, so I really do not have anything in mind right now.

One thing Wiz can do better is regarding support for the open-source fork of Terraform called OpenTofu. Many organizations are moving from Terraform to OpenTofu to save costs in licensing, but their documentation does not officially state that they are supporting OpenTofu, so that would be beneficial to have. Since it is just a copy of Terraform, it should not be a difficult addition, but that would be a valuable feature.

For how long have I used the solution?

I have been using Wiz in my career for close to one and a half years.

What do I think about the stability of the solution?

I have seen some lagging or downtime a couple of times, but I am not sure why it happened. It was just a couple of times, and it did not impact what I was doing.

What do I think about the scalability of the solution?

Wiz is very scalable.

How are customer service and support?

I have contacted Wiz's technical support. The quality and speed of the support are very good; most of the time, I do get the answers I am looking for, and if not, the team works internally. If there is no feature, they raise a feature request for us, so it has been very good. On a scale from 1 to 10, I would give Wiz's support a 10.

How would you rate customer service and support?

Positive

How was the initial setup?

The initial deployment of Wiz is very easy for me. The first time I deployed Wiz, it took me approximately 10 to 20 minutes, depending on the availability of the other team. When they are available, I usually get it done within 10 or 15 minutes, or even less than that when we have all the prerequisites ready.

What about the implementation team?

Wiz does require some maintenance on my end, but it is minimal. The maintenance involves configuring connectors for Wiz, and it does require a few permissions for Wiz to scan the cloud accounts and other resources. That is the only maintenance needed, such as adding or updating the role in Wiz if other permissions or services introduced by the cloud provider are not covered.

Which other solutions did I evaluate?

I have used some alternatives and similar solutions to Wiz. I remember the names of those alternatives; one is Palo Alto's Prisma Cloud, and the other was Qualys' tool, which was kind of a makeshift tool, not a full-fledged CSPM, but they called it CSPM. When I compare Wiz to those tools, I prefer Wiz a lot more because it is definitely a couple of notches above all those tools. They have done much better with their UI, which is very organized, whereas Prisma is mostly a lot of acquisitions and a lot of tools stitched together and offered as a SaaS solution. Not saying it is bad, but Wiz does it better than what they have been doing.

What other advice do I have?

I personally have not worked on Wiz Runtime Sensor, so I cannot really comment on whether it has helped identify active threats more effectively compared to any other solutions that I have used. We have plans, but not yet. I would rate this review overall as a 9.

Disclosure: My company does not have a business relationship with this vendor other than being a customer.
Last updated: Nov 21, 2025
Flag as inappropriate
PeerSpot user
Buyer's Guide
Download our free Wiz Report and get advice and tips from experienced pros sharing their opinions.
Updated: June 2026
Buyer's Guide
Download our free Wiz Report and get advice and tips from experienced pros sharing their opinions.