WIZ Cloud Infrastructure Security Platform

I am a customer of Wiz , and we use Wiz  for container scans, image scans, and code and build scans, with most of my use cases involving container and code and build scans.

What I appreciate most about Wiz is that it has access to all project scopes. For example, in an organization where I am part of a particular workstream, if I compare Wiz with other tools such as Snyk , I could only access my part of the organization, but in Wiz, the project scope lists all the areas of the projects. If I'm interested to know what's happening across data, finance, and warehouse, I can click and understand and review their vulnerabilities and trigger points. That's quite valuable.

The other thing I find useful is the information about policies. It has graph control which lists issues based on severity, risk, external attack surface, unprotected data, and remedies, and in some cases it highlights these. Recently, they added Mika AI, which is a cool feature. I can ask anything related to my work, and it responds based on certain trends, which is quite useful.

AI security is important to me because it helps. I have found one of their AI agents which is quite effective. It scans and provides trends of anomalies or vulnerabilities across various projects while supporting remedies as part of that. It is very important for me to assess what the AI suggests based on the scan it reviews across other projects. We review this before we hook our pipeline to see if we have vulnerabilities or anomalies in a particular area. We also try to prevent these rather than cure them, so we use the stats provided by AI to prevent anomalies or vulnerabilities from being detected and our security team having to chase us to fix them.

I'm not certain if Wiz allows me to consolidate tools because we link our integrations. When I say consolidate, I mean integrating with other third-party providers. We integrate with our integrations which are run via our build scan, so my experience is limited to our domain. I am not from security; I am a user of Wiz, and I try to use Wiz to ensure that the vulnerabilities it finds and scans can be actioned by our engineers. With respect to consolidation, I'm aware of what it does in my area. We only integrate our container and build scans with Wiz, and that works pretty well for us.

I think Wiz could be improved by identifying vulnerabilities occurring in a repeated pattern in the same estate. The AI capability should scan these and warn us based on historic data before moving or running a container scan. It should suggest somewhere on the dashboard that based on the last year, I've identified these vulnerabilities in a repeated fashion, so perhaps it's time to improve.

I have been using Wiz for the last two years, probably around close to a year, but then I moved out from that engagement. I still have access to Wiz, and my account is still active with Wiz. The last time that I had hands-on experience with Wiz was three months ago.

I find Wiz to be pretty stable, and I have not heard of it going down.

In terms of scalability, it is straightforward. During our busiest period, Black Friday, I have not heard of issues with Wiz struggling to cope with the volumes we handle.

I would rate the technical support of Wiz a seven, as it is fairly decent. I can't think of anything I am not happy about with the technical support since I have not been directly involved; it is our security team. I haven't heard them complaining much, and they were responsive to our queries when we started the engagement.

Before Wiz, I used Snyk  for the same use cases. The decision to stop using Snyk and switch to Wiz was a central security decision, not mine. From what I understand, it may be related to Snyk becoming overly particular about the pricing models.

I participated in the initial setup of Wiz during a pilot conducted by our security team, where my team was chosen to run scans on some of our repos. This was around two years back. I found the initial setup of Wiz not entirely straightforward; there is a learning curve involved. I believe the Wiz team was pretty supportive during our adoption journey.

I am not certain if I utilized Wiz Defend  in my security strategy as I haven't heard of it. There is a separate security team which adds the policies and the setup, and we are asked to run the respective pipeline so that all the container scans and build scans adhere to our security guidelines. It may be done as part of our security offering by the security team, which I am not aware of.

I am not certain what Wiz Runtime Sensor is or if it is part of the offering. I think it is available as part of the explorer, but I can't remember.

I can confirm that zero criticals in our issue queues is not possible; you will get critical vulnerabilities. What we have to assess is the level of security threat based on the score that is assigned. We do have critical vulnerabilities, but what Wiz does is help identify them, and wherever possible, provide a remedy or solution for them. We try to assess and review that periodically and try to reduce the severity of the vulnerability. In some cases, Wiz suggests certain actions which could probably downgrade the critical severity to medium or high.

Wiz has reduced alert fatigue in our area to some extent. It will identify a vulnerability, send an alert, and if there is a possible fix, if I give that command, then Wiz will try to do that by itself. I can't comment on the organization as a whole, but in the project that I have access to, I can see that for the last six months, Wiz has helped reduce alert fatigue by about twenty percent over a given time period.

Regarding the pricing of Wiz, that's a question for our security team; I don't know what tenant or at what level they have been using it. From what I understand, they are quite competitive and fairly price their offering. In an area where Wiz is helping us is in endpoint management, where their RED agent provides endpoints whenever incidents are raised. I believe they are pretty flexible on the pricing since they want to enhance their footprint globally.

I rate this review eight out of ten.

Public Cloud

Amazon Web Services  (AWS )

What do you like best about the product?

What I like best about Wiz is its ability to provide risk-based visibility across our cloud environment in a way that is actionable for both security and engineering teams.

The most valuable aspect is the contextual risk prioritization. Rather than managing large volumes of findings, Wiz helps us focus on the exposures that matter most and drive remediation where it has the greatest impact.

The platform is intuitive, scales well, and provides strong executive-level visibility into cloud risk. We've also found the AI capabilities helpful in accelerating investigations and understanding complex attack paths and security findings.

What do you dislike about the product?

As with any mature security platform, there is a significant breadth of functionality, which can create a learning curve for new users. While the platform does a strong job of contextualizing risk, some of the more advanced capabilities and reporting options could be simplified further to accelerate adoption across broader technical teams.

As our cloud environment continues to evolve, I would also welcome continued investment in AI-driven recommendations and automation to further reduce investigation and remediation effort. These are relatively minor considerations, however, compared to the overall value the platform delivers.

What problems is the product solving and how is that benefiting you?

Wiz helps us address one of the biggest cloud security challenges: gaining clear visibility into risk across a rapidly evolving cloud environment while enabling teams to move quickly.

Before Wiz, it was more difficult to correlate vulnerabilities, misconfigurations, exposed assets, and identity risks to understand which issues required immediate attention. Wiz provides the context needed to prioritize remediation based on actual risk, improving collaboration between security and engineering teams and allowing us to focus resources where they have the greatest impact.

From a business perspective, this has improved our ability to manage cloud risk at scale, strengthen our security posture, and provide leadership with better visibility into our overall risk landscape. The result is a more efficient and risk-informed approach to cloud security without slowing down innovation.

I basically use it for vulnerability management, so from an admin's perspective, I am using it as an actual user of Wiz . It is for vulnerability management majorly, and to apply or review the compliances of the cloud environment.

Wiz  helps to consolidate our tools. Wiz helps to identify active threats more effectively as it does active scanning on workloads, keeps looking into logs and images of virtual machines, and upon detecting threats, it checks possible connections through events and logs, giving visibility into where the issue started and exactly where it is.

Wiz helps to achieve zero criticals in its issue queues. Wiz reduces alert fatigue overall, but there is a learning curve; out of the box, it may increase noise if there isn't a proper architecture in place.

Wiz makes cloud security visibility clear for stakeholders, allowing them to understand risk posture, and does that really well. It creates a sense of ownership, as risk factors are presented, enabling anyone, including non-security and non-engineering teams, to use the tool if they are interested.

The biggest advantages of Wiz are that we can monitor multiple environments, as it has the capability to monitor multi-cloud models or architectures, providing visibility on a single page or tool. It also has AI integrations, so if you are finding a zero-day issue, you can calculate the risk score of that particular product and utilize that score to prioritize that particular CVE. If you are unsure about the resolution, Wiz also provides solutions and can craft custom PowerShell scripts to resolve a particular issue, all within the same tool, so you do not have to look elsewhere for solutions.

Wiz only provides visibility; if you want to take any actions, Wiz requires your consent to do it, so it does not automatically fix issues until you provide feedback.

We do have Wiz Code , but it is only for visibility, and we have not integrated it into our CI/CD pipelines yet, as it just gives us the library views and reports on DevOps content.

An area of improvement is that there is a lot of data inside Wiz and the naming is confusing, as similar categories for vulnerabilities and issues sometimes duplicate issues across resources, which can be hectic. While it doesn't cost much in terms of workloads, larger environments may incur higher costs based on architecture, and Wiz does not provide pre-configured reports but rather a dashboard requiring access to the tool.

I am using Wiz for the last three years.

Wiz is stable; aside from the mentioned cons, there are no other issues from the tool's perspective, so it is about 99% stable.

There is no issue with scalability; depending on architecture, you can scale Wiz anytime, as it has ready-to-deploy workloads utilizing cloud capabilities.

Technical support is quite good; they help with configuration, cyber advisory, and provide support for any major changes needed.

I have worked with Prisma, which is Palo Alto's CSPM, and Azure  Cloud Security tools.

Deployment for Wiz is not complex; various deployment types exist depending on the desired approach, primarily requiring keys and registrations to connect to environments, though installing workloads can be complicated.

We are not using post-sales support, just the regular support for major configuration-related issues.

Wiz is worth the investment, and if everything is properly configured, it definitely offers value for money. I would say around 80% in ROI benefits. That is in terms of money and time; doing everything manually would take a lot of work and effort, and Wiz reduces both the workload and the need for manual thinking and human feedback.

Wiz is fairly priced compared to competitors and fits well within a low budget. Wiz is less expensive than Microsoft and Palo Alto.

This particular integration of AI Security  Posture Management is kind of new, introduced in one or two years, and for customers who have integrated their own LLMs or opted for special Azure  or AWS  Bedrock services, it is useful as it lets you know about security-related risks and provides visibility around AI-specific resources in the cloud, grouping risk factors, which helps present details in meetings.

The current AI integration makes Wiz good for those not using on-premises or other environments, but proprietary cloud tools like Azure or AWS  excel in features and ease of deployment.

Public Cloud

Amazon Web Services (AWS)

Wiz  is primarily used to identify risks, assert exposed workloads, identify publicly exposed resources, and prioritize vulnerabilities in our cloud environment. The main use case for Wiz  revolves around cloud security posture visibility, risk prioritization, vulnerability exposure management, misconfiguration detection, and identifying toxic combinations of risks in our cloud environments.

Our main use case for Wiz is contextual prioritization. In many environments, there are thousands or millions of vulnerabilities, but not all are equally important. Wiz helps reduce noise by enabling security teams to focus on exploitable and high-impact risks first.

One of the best features of Wiz, in my opinion, is risk prioritization and the context for visibility. Another major strength is its cloud posture visibility across environments, supporting multiple cloud environments. The attack path visualization and ability to correlate vulnerabilities, exposure, identities, and permissions into a single risk view are very helpful for our security teams.

In our day-to-day work, the contextual prioritization feature reduces our investigation effort because analysts do not need to perform manual correlations related to vulnerabilities, exposure, or cloud asset permissions. Instead of reviewing thousands of alerts individually, the team can focus on high-priority risks where exposure and business impact are clearer. Another useful aspect is visibility across multi-cloud environments and the centralized posture management, which helps our team understand risk in one place instead of depending on fragmented visibility.

Wiz helps us by identifying a publicly exposed cloud asset with critical vulnerabilities and permission-related risks. Instead of reviewing findings separately, Wiz provides contextual visibility that shows which issues were internet exposed, whether they had vulnerabilities, and the high risks from a business perspective, which accelerates our prioritization remediation instead of treating every vulnerability equally.

Wiz improves efficiency because remediation teams receive more context about why something matters. Instead of only seeing a vulnerability, teams can understand the exposure, permissions, affected assets, and the business relevance. The biggest impact Wiz has had on our organization is improved visibility and better prioritization, as previously mentioned. The security teams in our environment are able to focus on meaningful cloud risks faster rather than spending too much time manually reviewing low-priority findings.

Wiz allows us to consolidate tools, meaning we can use a single tool for vulnerability management, risk analysis, and threat management, which the SOC team utilizes. It is a flexible tool, enabling every team to use Wiz to detect and defend their organizational posture. On the consolidation aspect, Wiz integrates multiple tools; for example, we have integrated Microsoft Teams  and ServiceNow , allowing us to create tickets directly using a single tool and send notifications via Teams or Slack.

Wiz's runtime sensor provides visibility across multiple cloud environments, including AWS , Azure , GCP , and Oracle. It helps us prioritize vulnerabilities by discovering newly identified assets or vulnerabilities and has different signatures and policies compared to other CSPM tools, which proves to be very helpful.

One important area for improvement in Wiz could be customization and reporting flexibility. Sometimes organizations want deeper tailoring based on their internal workflows and governance requirements. If we can have customization for reports and dashboards, it will be helpful.

Reporting  and dashboard customization can improve further, especially for leadership reporting that can be highly customized to meet specific workflows.

I have been working in cybersecurity, particularly on vulnerability management-related tasks for around six years.

Wiz has been stable for cloud visibility and posture monitoring activities.

Wiz scales well for our enterprise cloud environment and growing workloads because visibility requirements increase significantly in a cloud-first environment.

The customer support experience typically depends on the complexity of the issues. When we raise a ticket with the support team, the deployment is handled well, and the support is generally good.

We have used McAfee MVISION in the past. As we expanded our cloud, we switched to Wiz because it offers more visibility for our fragmented security approach.

We see a return on investment primarily from improved prioritization and reduced investigation effort. Instead of spending time on thousands of findings, teams can focus on the highest risk exposures, which improves remediation efficiency.

We compared Wiz with other CNAPP  and CSPM solutions based on visibility, prioritization, cloud integration, and operational simplicity.

My advice for others looking to use Wiz is to first understand their cloud visibility gaps. If an organization struggles with prioritization, cloud posture visibility, or encounters too many findings with little context, Wiz can provide strong value in addressing those issues. I rate this product 9 out of 10.

Public Cloud

Amazon Web Services  (AWS)

What do you like best about the product?

Wiz is an incredible company. Their solutions have hit the right mark between visual representation of data, and actual technical insights. I've been incredibly impressed by it's balance of usability and powerful information. I've used a few different providers in the cloud security space, and Wiz is definately the leader for me.

What do you dislike about the product?

It can sometimes be hard to understand what new features I should be exploring. They incrementally improve the products at a fast rate, and it can be hard to keep up.

What problems is the product solving and how is that benefiting you?

Full cloud security coverage across our multiple cloud platforms.