Wiz Reviews

Per my company’s guidelines – I am not allowed to share any information about our environment or detailed use cases. What I am sharing is at a very high level.

Overall I can share that we are using Wiz for AWS cloud discovery, identification, and remediation of misconfigurations as well as vulnerabilities.

We are considering more use cases and scenarios (as well as expanding to more teams in the org) in time. For now, these are the primary use cases that we are currently using Wiz for.

The solution has made a difference in the organization via: 

Technical capability. It covers all our languages, frameworks, and assets on AWS with the ability to do side scanning, which reduces compute needs and agent deployment/maintenance.

Natural query language. The product supports out-of-the-box reporting with context about the asset and allows us to perform complex custom queries on UI.

Security data at all levels. Wiz supports Basic and Advanced modes, meaning Engineering and Business users can leverage the platform without being complicated or too dumbed down.

A fresh approach to Vulnerability Management. Legacy methods did not work effectively in the cloud, risk-based context-driven vulnerability identification drives real results.

The ‘Graph’ has uses beyond security. Leveraging centralized cloud asset information enables teams to query in one place their architecture for operational success.

The Security Graph is the power of Wiz. This, teamed with continually developed cloud configuration rules, makes Wiz a powerhouse of an application. We use this information to pull all levels of security-relevant data and also for use cases outside of security. Leveraging this technology saves us not only precious engineering time but also money developing and investing in other overlapping solutions.

We find Wiz's native integrations to be extremely useful and paramount to the operational success of the platform; from day one, we have worked on integrating Wiz into as many internal platforms as possible.

Wiz is fully aware of its areas of improvement. We are seeing huge platform releases over the next couple of quarters, which they promise and deliver on. Wiz is the first vendor I've worked with that has turnaround feature requests in less than a month. 

We would like to see improvements to executive-level reporting and data reporting in general, which we understand is being rolled out to the platform. Improvements around the IaC scanning dashboards and flexibility would be nice however, this does not detract from the current usability of the tool at all. 

I've used the solution for more than six months.

Technical support is excellent. It is some of the best post-sales support ever received. CSMs know the product and share the same level of passion for the solution.

By far, the easiest part of the solution is the setup. It took all of one hour to complete, and that's with a custom Terraform.

We handled the setup in-house

We evaluated six other solutions from larger and smaller vendors.

If possible, a company needs to do a demo and a PoC. That way, they will see the value right away.

We are evaluating security configuration and compliance. We also use it to scan for security vulnerabilities in our pipelines.

The security baseline and vulnerability assessments are a very valuable feature. 

We're looking at some of the data compliance stuff that they've got on offer. I know they're looking at container security, which we gonna be looking at next. 

I have been using Wiz for four months. 

The stability is a nine out of ten. 

Five users are using the solution. The scalability is a ten out of ten. 

The initial setup is straightforward. The deployment takes five hours. So scanning storage accounts, storage account compliance, public endpoint scanning, you know, all of the usual things that we would be looking at as part of deployment.

Overall, I rate the solution a ten out of ten.