Accelerates decision making and reduces alert fatigue with smart event consolidation
How has it helped my organization?
Wiz allows us to get a view into what's happening in our cloud environments, helping us see the gaps, how things are connected, and it aids in CVE monitoring, especially during incident response as we're able to look at what that environment or host might look like, how it connects, and how big of an issue this might be versus how small it could be, along with other indications gathered from Wiz's reporting that help us better understand what's happening and how it might have all started.
We have created a couple of custom dashboards and charts for Wiz to help keep track of specific environments. One example is when we were looking for certain types of activities; it allowed us to create a singular place to see the events in the subscriptions of interest that needed remediation, bringing it together quickly, allowing us to take action and track progress as things were fixed.
Zero Criticals is the dream for us; that's our goal, and we've made good progress, with Wiz allowing us to see everything together in an easy-to-understand way, giving us a path to have conversations with the business about what can be done from policy or user education standpoints to prevent recurring issues that need remediation, resulting in improved numbers and positively impacting our approach over time.
Wiz has enabled us to consolidate tools. Having multiple cloud providers presents challenges as each has its own versions of security products, leading to the problem of needing to monitor three different tools, which do different things. Wiz helps standardize alerting and responses while allowing us to fill in the gaps since many tools don't do CVE analysis and reporting, resulting in time savings and less effort in creating detections to fill those gaps.
Wiz helps us consolidate our alerting process. I am a strong advocate for avoiding alerts that do not add value to our environment. It's especially crucial to eliminate alerts that are single-instance or one-off occurrences. Instead, we need detections that tell a comprehensive story. Additionally, we require a way to drill down into these detections to understand them fully. Wiz has surpassed other tools across the multi-cloud landscape in alerting us to the issues that truly matter. It presents the information in a manner that allows us to address and remediate those issues effectively.
Wiz also includes excellent remediation steps within the detection, helping us understand what is happening. Our SOC team comprises individuals with varying levels of seniority and experience in the cloud, which can present challenges for skill development. Therefore, it is vital that we don’t just receive a barrage of noise in our SOC; we need information that clarifies what actually happened. Being able to communicate to the business how to resolve these issues is extremely important to us. Wiz has filled the gaps where other tools excelled in one or two areas but failed to provide a complete picture.
What is most valuable?
My favorite feature of Wiz is how it gathers information together; instead of generating a thousand independent signals, it rolls that up and shows you within that environment how all the different toxic combinations contribute to a critical alert, making it an issue worth responding to, unlike many other vendors or tools that show singular things which may appear small, but when looked at holistically, are actually part of a much bigger issue needing attention.
Wiz has significantly reduced alert fatigue in our organization. One of the key functions is that it groups together elements that can form toxic combinations. Instead of treating a policy violation and a critical CVE as separate issues that would generate two different alerts requiring two different tools, it consolidates them into a single event. This allows us to identify problems more effectively. For example, if I see a high or critical CVE alongside a policy misconfiguration tied to an account, I know I need to address both issues. This grouping enables us to take action rather than approaching it as a simple decision of whether or not to act on a single alert. Previously, I might see a policy issue and wonder if it’s significant enough to warrant attention. However, when these issues are combined, I can assess the full scope of what’s happening, allowing me to take appropriate action. I can also determine quickly whether something might be a false positive, preventing unnecessary investigations.With the critical issues we identify, we can confidently fix them and reach out to the right people without relying on a "hope" strategy or waiting for an hour of research to see if it turns into something actionable. Based on my experience with other tools, Wiz helps us bypass that frustrating process.
What needs improvement?
I believe they are on the right path. However, Wiz has a unique way of identifying issues. As part of its growth and maturity, I'm noticing that it is taking an approach where it not only detects problems but also provides solutions to fix them. This expansion into a more comprehensive ecosystem allows it to become a 360-degree product. Instead of just continuously pointing out findings and detections, it starts to integrate with existing solutions, reducing the cycle of repeated issues. We can learn from these mistakes, and ideally, they will only occur once, allowing us to address them effectively. I appreciate the continued growth in this partnership, as it aims to reduce the number of findings over time by tackling the root of the problem.
One significant area for improvement would be increasing automation. While they excel at identifying issues, we need assistance in minimizing the human hours required for tasks. Ideally, the process would become more automated, allowing us to quickly respond with steps such as: we found an issue, reached out, and fixed it immediately. In cybersecurity, if it takes several hours to address a concern and a human attacker is present, that delay can lead to severe consequences. We need more immediate measures in our response strategies.
For how long have I used the solution?
I have been using Wiz for almost two years.
What do I think about the stability of the solution?
Regarding stability, I was pleasantly surprised by the performance of this SaaS provider. We haven't encountered any outages or issues with reports not running, finishing, or data being incomplete or inaccurate.
What do I think about the scalability of the solution?
Scalability is great. We haven't faced any problems. There were no requirements like, “once you get to this point, you have to do this or that.” We were simply able to connect our accounts, and during our last round, our environment quadrupled in size. We didn’t have to make any adjustments or configuration changes; it just accommodated the growth. Even as some environments scaled back down, the service scaled back down with us, which has been a great benefit.
How are customer service and support?
Regarding technical support, we haven't needed to contact them. All the questions and issues we encountered were addressed by our account team. It was very helpful not having to open a ticket and wait for assistance; our account team was knowledgeable about the tool and could provide immediate answers. This level of support was refreshing, as we didn’t have to deal with delays or uncertainty. Overall, we were very satisfied with the support we received.
For support, I would rate them a ten out of ten. They have great documentation and excellent support from the account team, which reduces how much you have to rely on technical support. I've dealt with other tools where the account team couldn't answer any questions, and the only option was to open a ticket and wait, sometimes for a day or two, for someone to respond. However, with this service, we received answers immediately and at the level we needed. Additionally, we received plenty of training and education without having to pay for expensive classes. So, I would definitely give them a ten in that area.
How would you rate customer service and support?
How was the initial setup?
It was very easy to deploy. We were able to get everything set up quickly during a call with our Wiz account team. They walked us through the process, and once we connected the accounts, it was off and running. From that standpoint, it was great to easily tap into the different cloud providers. The experience was positive overall.
After the initial setup, the team also assisted us with health checks to ensure everything was functioning properly. They provided feedback and helped us make any necessary adjustments to permissions so that the tool would work effectively.
As for the setup time, we had a 30-minute call scheduled, and we managed to complete the setup within that timeframe. It mostly involved connecting the parent account and giving Wiz access to deploy the tool. After that, we were able to start viewing the results. So, in total, we spent about 10 to 15 minutes actually configuring it during that 30-minute window.
What's my experience with pricing, setup cost, and licensing?
I’m familiar with their pricing. I believe it aligns well with what we typically see for security tools. It’s not unreasonable or outrageous. They have a great product that works effectively and fulfills its intended purpose. I don’t think there’s anyone else out there offering the same level, scale, or efficiency. While their pricing may be a bit on the premium side, it also enables users to consolidate tools, which can offset some of those costs.
Which other solutions did I evaluate?
A significant alternative out there is AWS GuardDuty. It operates within a single scope, analyzing your logs and identifying signals of potential issues. However, this can lead to high alert fatigue because it focuses on individual events. Instead of grouping and triaging alerts, it may send you multiple separate notifications for a single host or device performing several actions.
In addition, we've utilized scanners for Common Vulnerabilities and Exposures (CVEs) like Rapid7. This tool effectively scans for CVEs, but it requires thorough configuration, continuous monitoring of output, and the creation of reports to take necessary actions. This process is not on the same level as Wiz, which consolidates all of these tools into one platform.
What other advice do I have?
We haven't used Wiz Runtime Sensor; we've seen demos and it looks really cool, but it's not something we have implemented.
I believe there isn't a perfect tool, but Wiz comes very close, continuously growing and expanding to add more value into its ecosystem, and I'm happy with it. I would rate Wiz a nine out of ten.
Which deployment model are you using for this solution?
Public Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Amazon Web Services (AWS)
A Game-Changer for Cloud Security team
What do you like best about the product?
What I like best about Wiz is its clear visibility across our entire cloud environment without requiring agents. The platform maps risks end-to-end — from infrastructure misconfigurations to vulnerabilities, secrets, and compliance gaps — in a single dashboard.
For SecOps, it’s extremely valuable that Wiz prioritizes issues by context (e.g., exposed to the internet, contains sensitive data, exploitable path), so we don’t waste time chasing noise. Integrations with existing workflows (SIEM, ticketing, etc.) make it easy to operationalize findings.
From an admin perspective, the ease of deployment and scalability stand out. It’s quick to onboard new accounts, and visibility is almost immediate, which is rare in this space.
What do you dislike about the product?
What I dislike about Wiz is that the platform is not yet truly unified in management. With the number of products and capabilities they’ve added, it feels like they could be consolidated better — today it’s more like managing three different consoles instead of a single pane of glass.
The DSPM (Data Security Posture Management) capabilities are promising but still relatively immature compared to Wiz’s core strengths. Coverage is not as deep as I’d like, and it still needs more development to give us the same confidence we have with vulnerability and misconfiguration findings.
In addition, the volume of findings can be overwhelming, especially early on, and it requires tuning and integrations to avoid alert fatigue. Wiz is improving here, but out-of-the-box prioritization can still surface too much noise for smaller teams.
What problems is the product solving and how is that benefiting you?
Wiz helps us address several critical areas in cloud security, including monitoring and analytics, detection and response, compliance, vulnerability management, exposure management, and DSPM. Providing agentless visibility across our cloud environment eliminates blind spots and gives our SecOps team clear insight into risks and misconfigurations.
Its cloud detection and response features stand out because alerts are contextualized, allowing us to focus on real threats instead of noise.
Continuous compliance checks against industry frameworks save significant time during audits, while vulnerability scanning and exposure management prioritize issues based on exploitability and exposure paths, so we can remediate what truly matters first.
The DSPM capabilities are still maturing, but already help us locate sensitive data and highlight where it may be at risk, and help us to map most of our data.
Benefits to Us:
Time savings—Instead of manually correlating risks, Wiz shows the attack path in context, which accelerates the response.
Risk reduction – Prioritized findings ensure our limited SecOps resources focus on the most dangerous issues first.
Audit readiness – Compliance reporting is much faster and less painful.
Operational efficiency – With Wiz’s agentless deployment, onboarding new cloud accounts takes minutes, not days.
Wiz: Simplifying Cloud Security Visibility and Risk Management
What do you like best about the product?
Wiz offers comprehensive visibility across cloud infrastructure without requiring agents, making it incredibly easy to deploy and scale. Its security graph provides a clear view of vulnerabilities, misconfigurations, and potential attack paths in a unified interface. The platform integrates seamlessly with major cloud providers and supports rapid detection and remediation workflows, which helps security teams respond faster.
What do you dislike about the product?
While powerful, the interface can feel overwhelming at first due to the sheer volume of data presented. Custom policy creation and fine-tuning require a learning curve. Additionally, pricing may be a concern for smaller organizations or teams with limited cloud footprints.
What problems is the product solving and how is that benefiting you?
Wiz is solving the problem of fragmented and complex cloud security by providing agentless, full-stack visibility into cloud infrastructure. It identifies vulnerabilities, misconfigurations, secrets, malware, and exposed services across virtual machines, containers, and serverless functions—all in a single, unified platform.
This benefits me by drastically reducing the time and effort required to gain security insights across multi-cloud environments. Instead of juggling multiple tools or manual audits, I get a clear risk prioritization view that helps focus on what truly matters—like exploitable paths attackers might use. It improves security posture, supports compliance efforts, and enables faster remediation with less operational overhead.
Enables efficient management of vulnerabilities and project inventories
What is our primary use case?
We are using
Wiz for many deployments in terms of vulnerability and also our Microsoft tenants, two different Microsoft tenants. We use it to manage our projects.
Wiz's automated compliance checks are the reason for our use case. I am actually working on the GCCR audit, which is the reason I was looking at it. There are still some things I need clarity on in my own meeting this morning.
What is most valuable?
I might not be able to give substantial information as I do not use the most valuable features of Wiz day-to-day in full capacity. I can check managing each of my projects and check vulnerabilities across each of those projects across each of the tenants. It allows you to manage your inventories that you have in different subscriptions or different tenants on your technology. Then you can configure different kinds of policies that you use around each of those.
What needs improvement?
I have not used Wiz in full capacity, so I cannot provide detailed improvement suggestions. I just started fully going through each feature to have a basic, comprehensive understanding of the product itself.
I cannot recommend Wiz to others until I have a clear understanding of its full capacity and benefits. In my organization, we have Rapid7, which is a vulnerability management tool, we have Wiz, and we have Microsoft Defender. I need to understand the reason for that decision in the first place to be able to look at the benefit to my organization.
For how long have I used the solution?
I started with Wiz some months ago.
What was my experience with deployment of the solution?
I do not know how long it took for us to actually deploy Wiz, as I was not within the corporation when it was deployed.
What do I think about the stability of the solution?
So far, I would say Wiz is stable to the best of my knowledge.
What do I think about the scalability of the solution?
My thoughts on the scalability of Wiz so far is that it is scalable for me and good for us.
On a scale of one to ten, I would rate the scalability of Wiz as nine.
How are customer service and support?
I rate Wiz's customer service as ten out of ten.
How would you rate customer service and support?
How was the initial setup?
I find the initial setup of Wiz straightforward in my opinion.
On a scale of one to ten, I would rate how easy it is to set up Wiz as nine, if ten is the easiest.
What about the implementation team?
I do not know how many people it took to deploy Wiz. However, it is always the vendor and probably my director that was in the position which I was before.
What was our ROI?
I do not know if Wiz has impacted our operational costs related to cloud security or any kind of return on investment or operational impact that it has for us.
Which other solutions did I evaluate?
I do not really know the main differences between Wiz and other vulnerability management solutions such as Defender, but they perform similar functions.
When comparing Wiz to Defender, I think they do almost the same thing. The only difference is that Defender will give you RISK call. However, Wiz can give you a risk call against your investment because it is not a Microsoft solution.
What other advice do I have?
I work in accounting with Wiz in a large enterprise business.
Wiz does not require a lot of maintenance on our side. It is just ease of use. Wiz maintains most of it.
I have not used Wiz's AI capabilities to enhance our security threat detection as I just started looking at it. I have not really done much with that so far.
Overall, I would rate Wiz as good. I get everything I want, just the same way it is for every other solution, so I am going to rate it nine out of ten.
I rate Wiz a nine out of ten instead of a ten until I use the solution based on use cases and exploitation of the product, and what it gives me. If I am able to do that in full capacity, then I will give it ten. This is just based on what I still see so far. Until I get to see the benefits and everything, then my rating might be different in two weeks' time. At this moment, this is how it is.
RISC call is what I mean by that, RISC (R I S K).
Empowering Cloud Security and Risk Management
What do you like best about the product?
Wiz provides the visibility that a modern cloud-based company needs when it comes to prioritizing what really matters, maximizing the risk reduction, and the overall strength of security for the organization.
What do you dislike about the product?
The dashboard reporting could be improved. Currently, it lacks the ability to report on multiple projects in a single view, which would enhance its utility for managing complex environments.
What problems is the product solving and how is that benefiting you?
Wiz is assisting me in prioritizing critical aspects, enabling enhanced risk and vulnerability management, streamlined remediation operations, and improved resource allocation.
Wiz- The Wizard! It’s wonderul
What do you like best about the product?
Wiz connects to your cloud environment and gives you complete visibility and actionable context on your most critical misconfigurations in real-time, so your teams can proactively and continuously improve your cloud security posture.
The best part about Wiz is that is provides recommendations which can be applied to address the threat
What do you dislike about the product?
When I launch Wiz , I can view threats from all the projects . In our organisation we have more than 100 subscripts so it’s cumbersome to filter. Suggest Wiz to build a capability to only display threats related to the project which I am interested in. Like SNYk
What problems is the product solving and how is that benefiting you?
Wiz identifies vulnerabilities, misconfigurations in cloud environment (all Azure resource) also scanning code to find out the risk
Visibility and addressing core issues
What do you like best about the product?
Wiz provides a single pane of glass view across all cloud environments. It only flags issues that requires immediate attention based on the exposure and criticality. There are many features that exists already and added continuosly. Security score, framework and threat impacts are taken into account. Visual understanding of the issue with suggestion of remedial action.
What do you dislike about the product?
Nothing major to call out, may be just further integrations with other security platforms
What problems is the product solving and how is that benefiting you?
Wiz provides us with a visibility of issues relating to vulnerabilities or misconfigurations that could be exploit. It helps us to identify and prioritise them. Integration with Teams and JIRA also helps us to address them swiftly.
Great security copilot
What do you like best about the product?
Wiz being Kubernetes native gives it a huge leg up in this area. It's a great copilot for monitoring security issues in the environment and simple to deploy.
What do you dislike about the product?
For them to surface thing simplistically takes complex amounts of background logic they will often miss chains of logic within. For example, failing to build a path from an ILB all the way to the backend pool it supports with a vulnerability in it. These don't happen too often.
What problems is the product solving and how is that benefiting you?
Wiz is helping us shift further left by exposing issues in the pipeline early to the committer of the code, but also helping us visually dig through existing runtime exposures with a clean UI.
