The dashboards are easy to read and visually pleasing, so you can understand everything quicklyThe reporting isn't that great. They have executive summaries, but it's only a compliance report that maps all current issues to specific controls. Whether you look at one subscription or project, regardless of the size, you will get a multipage report on how the issues in that account map to that control. Our CSO isn't going to read through that. He won't filter that out or show that to his leadership and say, "Here's what we're doing." It isn't a helpful report. They're working on it, but it's a poor executive summary. All the other reports look great when you try to create them. I can pull a report of issues for a specific project, but it's a CSV file with findings, which isn't helpful. I expect a slick visual summary that looks like what they have on the dashboard. They spend a lot of time making the dashboard easy to understand, but you can't get that information into a report for our executive leadership. We want to show them the trends and what we're doing. It's critical for our team to demonstrate the tool's value. At the end of the year, we have to go to a meeting and show management the progress we made this year. I can only do that by going into open issues, putting them all in notepad, and taking a couple of screenshots. I would also like the dashboards to be customizable. They have excellent dashboards, but you can't create or customize them. At the same time, Wiz seems open to that feedback, and I think they're relatively new. They're growing fast and implementing new features quickly, so I hope this will be added soon. A third issue is that we can't provide email notifications on connector status. Everything comes into Wiz through a connector. Our AWS environment is added as a connector, and there's no way to notify anyone if an issue is detected. We could wake up the next morning and not have any data from our AWS cloud environment because there was an issue with the connector, but no one would've known about it. I think that's something that needs to be fixed. Wiz has room for improvement in terms of risk assessment. It has a severity meter with five levels: critical, high, medium, low, or informational. If I click on the highs, it sorts the issues by the control with the most total issues. They're all high, but it doesn't prioritize based on anything other than the number of issues that are impacted by that control. It's not a priority. It tells you you'll get the most bang for your buck if you fix this one. There's no risk score or anything like that. For example, if a public-facing device has a significant vulnerability, it will consider that business context and label it "critical," but that's all it does. All the severity levels have the same weight. Wiz prioritizes well in terms of sorting the issues into broad categories. However, it doesn't prioritize those. I'm looking at all the highs right now, and I don't know if one of these is more impactful to fix than the other. It helps to have an overview showing that 103 resources will be impacted if we fix this control. We can fix the control at the global level, put guardrails around it, and prevent the issue from happening in the future. You can start thinking that way, but it doesn't tell you this is more severe than other issues in the same severity category.
