Improved our security posture thanks to comprehensive visibility
What is our primary use case?
We are delighted to have Wiz Cloud revealing our cloud security posture across our development, QA and production systems for both Azure and AWS. We share access to the results widely with our technical staff. It's great that Wiz permits unlimited user accounts. Our professional services and support can use Wiz to demonstrate to individual customers the security posture of the systems we are hosting for them.
Mika, the built-in AI, is easy to use. The query creation is intuitive.
How has it helped my organization?
The attack surface findings initially revealed numerous vulnerable systems. Upon investigation we learned that 100% of them were stale DNS entries. We deleted those but this gave us confidence that our security posture is better than the general industry. If we were to have a vulnerable system, we're confident that Wiz will quickly surface the finding.
What is most valuable?
To someone who is looking at buying Wiz but concerned they already have too many products that give them a lot of alerts, the overview dashboard does a great job of raising the issues that matter. It intelligently filters the signal from the noise. Interns on our team were immediately as productive with Wiz as experienced security experts.
Wiz allowed us to cancel two other tools with noticeably superior results.
What needs improvement?
Our Technical Account Manager set up weekly meetings, but we have switched it to monthly. We dove into self-training with Wiz Academy so there wasn't much value for us in the meetings. Anytime we need something, we open a support ticket and they are responsive.
For how long have I used the solution?
We acquired Wiz Cloud in September, 4 months ago.
What do I think about the stability of the solution?
As for stability, we have seen some issues where our results changed radically from one day to the next, but we had not made radical changes, so we opened a case with support. It didn't cause us any downtime.
What do I think about the scalability of the solution?
Scalability is not an issue for us because we have a constant load. It quickly took on our substantially large workload.
How are customer service and support?
I have contacted Wiz technical support frequently.
The support is excellent. We contact via an in-application portal. We can see the support cases we personally open, and also the cases that other people have opened from our company. I appreciate that feature. Generally, support gets back to us within a few days with a good answer. There was one fellow in particular who has been knocking it out of the park. He is a great support person to deal with. We are happy with the support experience.
If I were to put Wiz support on a scale from one to ten, I would give them a ten.
Which solution did I use previously and why did I switch?
Wiz distinguished itself immediately in the PoC, surfacing important issues that were entirely missed by both the products we were already using and other CNAPP's that we tested. We dropped both products.
For configuration management we had been using another product that we were happy with that was much cheaper, but it did not do any of the other things Wiz does. We also had what was formerly a leading CNAPP that was priced similar to Wiz, but the support and upgrades declined rapidly. In head to head comparison Wiz stood out as the superior solution.
How was the initial setup?
The initial deployment of Wiz was super easy. It only took a few hours, so we were getting results the next day. There are still a few minor settings that Wiz scripts don't handle so we have to manually apply and then we will be fully deployed.
What about the implementation team?
The deployment of Wiz is spread across different teams with different areas of responsibility on AWS and Azure.
What was our ROI?
Quickly identified around $40K in unneeded annual expenses that we were able to drop.
What's my experience with pricing, setup cost, and licensing?
Wiz is expensive, but it offers good value for the money.
What other advice do I have?
I feel confident that we are learning of the issues that matter. I rate Wiz nine out of ten.
Exceptional Cloud Visibility and Effortless Integration
What do you like best about the product?
Wiz provides exceptional visibility across cloud environments, making it easy to identify misconfigurations, vulnerabilities, and compliance gaps in real time. The platform’s agentless architecture is a huge advantage it deploys quickly without impacting performance. The dashboard is intuitive, and the contextual risk prioritisation helps security teams focus on what truly matters. Integration with existing workflows is seamless, which saves time and reduces complexity.
What do you dislike about the product?
While Wiz is powerful, the pricing can be a barrier for smaller organisations. Some advanced features require additional configuration, which can be time-consuming for teams without dedicated cloud security expertise. The alert volume can feel overwhelming at first, and tuning policies to reduce noise takes effort. Reporting capabilities, although good, could benefit from more customisation options for executive-level summaries.
What problems is the product solving and how is that benefiting you?
Faster incident triage , earlier identity‑risk detection, lightweight audit readiness via scheduled reports, and better threat‑led prioritisation all of which reduce operational overhead while strengthening our cloud security posture.
Cloud security Swiss army knife
What do you like best about the product?
In-depth cloud asset configuration visibility, code-to-cloud capabilities, vulnerability management, ITSM tool integration, trends and reporting dashboards.
What do you dislike about the product?
Menus are sometimes cluttered, findings can get overwhelming and you would need good prioritization procedures, naming conventions are a bit difficult to explain to security auditors looking for overall vulnerabilities in a system (between findings and issues)
What problems is the product solving and how is that benefiting you?
Cloud vulnerability management
Comprehensive, Actionable Security Insights Made Simple
What do you like best about the product?
Wiz offers comprehensive, agentless visibility and excels at turning complex data into clear, actionable, and prioritized security insights.
What do you dislike about the product?
I appreciate everything about Wiz and the range of capabilities it offers.
What problems is the product solving and how is that benefiting you?
The issues that Wiz addresses—such as removing security blind spots, automating the correlation of threats, and delivering actionable insights—help make the entire technology ecosystem more secure. When the cloud environment is safer, it results in higher-quality and more secure information being accessible to users everywhere. This, in turn, directly supports my ability to offer reliable and accurate answers.
Wiz: A Comprehensive Cloud Security Visibility Platform
What do you like best about the product?
A clear map of all interconnected resources, illustrating how an attack could propagate. This capability is missing in AWS Security Hub and is a key strength of Wiz
What do you dislike about the product?
One drawback is that the platform has a learning curve. It takes some time to fully understand the interface and make the most of all the features
What problems is the product solving and how is that benefiting you?
Wiz centralizes our AWS configuration data, enabling rapid identification of misconfigurations such as overly permissive security groups and outdated Lambda runtimes. Its dashboards save significant time by providing a clear view of priorities and risk levels.
Clear Results and Tailored Guidance with Effortless Configuration
What do you like best about the product?
The results are clear, accurate, and prioritized. The remediation guidance is clear, concise, and can be tailored to the specific resource. And the configuration/setup as well as integration points, was simple and broad without being overly permissive. The company vision is ambitious and they deliver. The support team is extremely available and has not seen the usual turnover.
What do you dislike about the product?
The interface is not always intuitive, and updates are pushed very frequently often breaking documentation links and changing processes with little to no notice.
What problems is the product solving and how is that benefiting you?
Wiz is giving us a clear picture of what we have in our environments and how secure our applications are. When we need to assure compliance, either for clients or for certification, its findings are reliable and present without additional effort. And when cloud/app events and incidents inevitably happen, we can swarm and resolve the underlying risks much quicker than before.
Outstanding Cloud Visibility Platform
What do you like best about the product?
It is a really great SAAS paltform giving complete visibility of your cloud environment
What do you dislike about the product?
can be a bit complex to understand in the beginning
What problems is the product solving and how is that benefiting you?
It provides us with comprehensive visibility into our cloud environment.
Democratizing Security Through Attack Path Visualization
What do you like best about the product?
The attack path visualization feature allows engineers to grasp and prioritize genuine risks, rather than relying solely on abstract CVSS scores. The platform provides clear explanations of risks, which helps secure engineer buy-in and encourages independent remediation. This has led to real security democratization, easing the burden on security leadership and reducing bottlenecks.
What do you dislike about the product?
The input validation for connector credentials is weak, which creates unnecessary friction when first integrating with the cloud. Additionally, the user experience is clearly designed with enterprises in mind, resulting in a steep learning curve that can be challenging for smaller teams.
What problems is the product solving and how is that benefiting you?
Benefits of Implementing Wiz
Background
In our company, I was the sole person with specialized security expertise. As the business expanded and our product offerings grew, the attack surface increased, and security audits began to take up a significant portion of my time. This made it difficult for me to concentrate on my primary responsibilities as CTO.
Previous Challenges
To tackle this, I aimed to make security a shared responsibility throughout the organization. However, with tools from other vendors, although we could track security issues as inventory items, we were unable to give our engineers the autonomy to proactively resolve these issues themselves.
Results from Wiz Implementation
Wiz stands out by offering thorough attack path visualization with Wiz Security Graph, clear explanations of the risks associated with each issue, and practical remediation guidance.
Thanks to these features, our engineering teams are now able to independently resolve most security issues. Consequently, we have improved our overall security posture and greatly reduced the amount of time I personally need to dedicate to security operations.
Effortless Remediation Steps Make It a Standout
What do you like best about the product?
The remediation steps are actually actionable - not just 'fix this' but showing you exactly how. Also, the multi-cloud coverage means I'm not juggling different tools for our various portfolio companies' infrastructure.
What do you dislike about the product?
Takes a bit to learn their UX language, but once you get it, it makes sense. Sometimes the alert noise can be high until you tune it properly.
What problems is the product solving and how is that benefiting you?
We're dealing with patient health data, so any cloud misconfiguration could mean a HIPAA breach. Wiz catches stuff like exposed S3 buckets or overly permissive access before it becomes a problem. The continuous monitoring means I'm not constantly manually checking if PHI is actually protected. Also makes compliance audits way easier - I can actually show what controls we have in place instead of just saying 'trust me, it's secure.
Cloud security has improved and detects vulnerabilities across multi-account environments
What is our primary use case?
Wiz serves as our enterprise tool for securing our cloud platform. We use AWS as our cloud platform and have Wiz integrated across multiple accounts for IT, engineering, and other departments. Within IT itself, we have different environments including development, production, and stage accounts. In every account, we have Wiz integrated and use policies based on the environment. For example, the dev environment has a less secure policy while production has a high-security policy. Technically, we use Wiz for securing our cloud platform.
What is most valuable?
The best feature of Wiz is the ability to detect any security violations across multi-cloud platforms and the ability to integrate for creating security incidents and vulnerability incidents. It works very well for scanning the environment, detecting vulnerabilities, and reporting them based on our requirements. It can generate reports via email or create ServiceNow incidents. It has helped me identify threats more easily. When it comes to the Kubernetes cluster, we do not have any other option for detecting vulnerabilities. This is the only way we observe our Kubernetes clusters to determine whether they are secured or not. Regarding speed, I cannot compare it with other solutions, but so far, we are happy with the way it works.
Wiz has improved our business in many ways. While I do not know in numbers how it has helped the business gain more profit, as a technical expert and part of our IT architect team, I would say Wiz has helped tremendously to secure our cloud platform. There were many security vulnerabilities existing before we implemented this solution that were not at all in our attention because there was nothing to scan and report what was wrong. After implementing Wiz, it has helped significantly. There was a program for implementing high-security measures in our environment, and Wiz has contributed substantially to that program.
What needs improvement?
I feel there is a delay in detection, though I am uncertain whether this is due to our implementation disadvantage. Wiz can detect all the issues, threats, and security vulnerabilities, but the delay may be due to the time taken for running a scan because we have a 24-hour scan cycle. When I checked with the team, there was no on-demand scanning possibility. We still see improvement scopes in this area. It does the work, but we are not seeing the changes very fast. Once you get a threat and fix it, to see that fix reflected in Wiz, you have to wait 24 hours. That is something I am not happy with.
One improvement that I am looking for in Wiz is the capability for on-demand scanning. That should be available. Second, we should be able to see the fixes faster. Once a threat is detected and we apply the fix, we want to see that result updated in the dashboard or portal as soon as possible. If Wiz can detect it faster and update it in the portal, that would be beneficial.
For how long have I used the solution?
I have been using Wiz for more than two years, approximately two years and four months.
What do I think about the stability of the solution?
Regarding stability, it is stable. I would rate it nine out of ten.
What do I think about the scalability of the solution?
Regarding scalability, I would also rate it nine out of ten.
How are customer service and support?
I would rate the technical support of Wiz eight out of ten on a scale from one to ten, with ten being the best.
Which solution did I use previously and why did I switch?
When comparing Wiz with other software, I did not use any other software similar to Wiz for the same purpose. A similar tool was Qualys, but we used Qualys for a different use case. We used it for vulnerability scanning of our servers, not end-user devices. For securing or detecting threats from cloud accounts, I do not have any other tool that I am aware of. Qualys is another vulnerability management tool, but the use cases are different, so I do not have the expertise to compare.
How was the initial setup?
Deployment took approximately three months.
What about the implementation team?
From one to ten, with one being cheap and ten being expensive, I would rate the implementation cost a seven.
What was our ROI?
Wiz does require some maintenance.
What's my experience with pricing, setup cost, and licensing?
Wiz does require some maintenance.
Which other solutions did I evaluate?
My thoughts on the pricing of Wiz are that it is not cheap, but it is cost-efficient. From one to ten, with one being cheap and ten being expensive, I would rate it a seven.
What other advice do I have?
I would recommend Wiz to anyone. If anyone wants to secure their infrastructure, cloud environment, or Kubernetes cluster, I would strongly recommend Wiz as a tool because it is easy to use and user-friendly. It has tight integration with many tools out-of-the-box for sending alerts, creating emails, and creating incidents.
My advice to others looking to implement Wiz is that when you implement Wiz, if your hybrid environment is not managed properly, it will be difficult to implement. It is better to make some cleanup and ensure that the environment you are going to implement meets Wiz standards. If you do not take care of that and simply implement Wiz, you will encounter many issues being reported by the system. It is better to follow the prerequisite standards of your cloud account and then implement the solution. Otherwise, you will see many issues being reported.
Regarding whether Wiz has helped reduce alert fatigue, I do not have a definitive answer because we do not see that much decrease in the alerts. Initially, when we implemented Wiz, since we were not using any tool like that before, there were too many alerts. Because it was the first implementation, it started sending too many alerts. Later on, the alerts decreased, but this decrease was not because of Wiz itself. Rather, it was because we implemented security fixes wherever Wiz reported threats or vulnerabilities. That is how the number of alerts got reduced. I feel we can also customize the Wiz policy to reduce the number of alerts, but I am not at that level here, so I do not have that expertise.
My overall rating for this solution is eight out of ten.
