SOC Manager at a real estate/law firm with 1,001-5,000 employees
Real User
Top 10
2024-02-21T08:44:36Z
Feb 21, 2024
You can choose to use Wiz if you're not looking for a container deduction and response or Kubernetes security. The solution is deployed on AWS Azure and a private cloud in our organization. The solution's compliance reporting capabilities increased the score of our security scorecard. Overall, I rate the solution an eight out of ten.
I rate Wiz nine out of 10. Before implementing Wiz, you should have all the information about your cloud environment in hand. It's straightforward once you get started. The challenge is getting connected to the environment. It will be difficult if you don't have the keys to the environment. Make sure you have a list of all your tenants for AWS, Azure, GCP, etc., so you don't miss anything. You're always going to have a lot of alerts in this business, but Wiz has the flexibility to tailor your controls to your company's specific needs. That will reduce the amount of alerts.
Sr. Manager AVP - Vuln Management and Threat Intelligence at a computer software company with 201-500 employees
Real User
Top 20
2023-03-17T00:04:00Z
Mar 17, 2023
I give Wiz a nine out of ten. If Wiz can figure out the remediation workflow, I would put the solution close to a ten out of ten. Although we are not able to consolidate tools with Wiz yet, the solution is getting there. It is on Wiz's roadmap. We will deprecate our SaaS and SCA offerings once Wiz rolls that ability out by the end of the year. Very rarely do people truly conduct a thorough proof of concept. Analysts from Gartner or Forrester may not fully understand individual environments, as each one is unique. To get a better understanding, we need to compare side-by-side, setting up Prisma, Aqua, and Wiz. It will become clear how Wiz is a leader in the space, both from a technical standpoint and from a high-level view. Additionally, other solutions often lack up-to-date documentation, whereas Wiz takes documentation seriously and has excellent documents and revisions. Furthermore, Wiz's portal is user-friendly and prioritizes risk, making it stand out from its competitors. With any solution, we want to conduct a health check. We schedule health checks with Wiz every six months to ensure the solution is well maintained.
Senior Information Security Engineer at a financial services firm with 1,001-5,000 employees
Real User
Top 20
2023-03-15T20:04:00Z
Mar 15, 2023
I rate Wiz a nine out of ten. I recommend evaluating it with a full POC, but be prepared to set up connectors and go through the entire process. You'll know if you like the tool within a month. Try it if you have the budget. If you're concerned about getting too many alerts from multiple solutions, I would say it depends on what you can consolidate. Not everything can be consolidated into Wiz. At the same time, Wiz mainly reports actual issues, and there isn't a lot of noise or false positives. Wiz will detect specific resources that might be exposing ports to the internet and trigger an issue on that. But that's by design. In some cases, you might have network resources that a firewall needs to have exposed to the internet in that way. Wiz has accounted for everything, so you can configure it to ignore particular issues for a given resource. They've implemented a few ways to work around issues you don't want to address so you can clear from the interface and get people to focus on what's important.
Chief Information Security Officer (CISO) at a outsourcing company with 501-1,000 employees
Real User
Top 20
2023-02-23T23:36:00Z
Feb 23, 2023
I rate Wiz a ten out of ten. Take a look at competitors and make your opinion. At the same time, most people choose Wiz because of its ease of use, support, and return on investment. Those are the main reasons we selected and stayed with them.
Director Information Security at a computer software company with 501-1,000 employees
Real User
Top 20
2022-12-22T21:05:00Z
Dec 22, 2022
The biggest thing is understanding the hows of where your integration points are going to be. To someone who is looking at buying Wiz but is concerned that they already have a bunch of products that give them a lot of alerts, I would say that from an alert perspective, we haven't had a whole lot of issues related to alert fatigue from the system. We were very calculated in the implementation in terms of the things that we're seeing just for that reason. One of the things is that there could be areas where there might be overlaps in alerting. So, you can look at potentially consolidating those systems down into this single platform. Depending upon how you're doing some of the logging, alerts, and change detections in the environments, you can consolidate things like your vulnerability scanning. I would rate it an eight out of ten.
CyberSecurity Sr Manager at a retailer with 10,001+ employees
Real User
Top 20
2022-12-01T21:56:00Z
Dec 1, 2022
Initially, there was unplanned work when our cloud owners saw the risks in their environments. But because we were prioritizing what needed to be fixed first, they were able to utilize existing staff resources to address those vulnerabilities. We were not just trying to patch or fix something that might be low risk. Rather, we were always trying to identify where our critical issues were and address those first. If you're looking at Wiz but are concerned that your existing products already give you a lot of alerts, I would ask about your journey to the cloud and what you're focusing on. Are you mainly focusing on what I call CVEs and patching? Or are you looking into other areas like compliance and identity and access management pieces? If you are, then Wiz is definitely the right choice. It has to be driven based on that journey to the cloud. Visibility, once deployed, is one thing, and visibility prior to deployment is another thing. You should have a good understanding of what your requirements are and where you see the value of addressing any type of risk that is introduced into your environment. Understand what is important to you. Are you more focused on the CSPM features that are available through Wiz? Are you more focused on cloud infrastructure entitlements that are available through Wiz? Are you looking to remove existing agents that could create overlap, and how does that fit into your roadmap? Understanding your requirements for the type of information that you want to see out of the tool is going to be critical to understanding your use cases, and how your community is engaged with those use cases, regardless of how easy the tool is to integrate. Those are factors that are going to be vital to your success.
Wiz is a highly efficient solution for data security posture management (DSPM), with a 100% API-based approach that provides quick connectivity and comprehensive scans of platform configurations and workloads. The solution allows companies to automatically correlate sensitive data with relevant cloud context, such as public exposure, user identities, entitlements, and vulnerabilities.This integration enables them to understand data accessibility, configuration, usage, and movement within...
You can choose to use Wiz if you're not looking for a container deduction and response or Kubernetes security. The solution is deployed on AWS Azure and a private cloud in our organization. The solution's compliance reporting capabilities increased the score of our security scorecard. Overall, I rate the solution an eight out of ten.
I rate Wiz nine out of 10. Before implementing Wiz, you should have all the information about your cloud environment in hand. It's straightforward once you get started. The challenge is getting connected to the environment. It will be difficult if you don't have the keys to the environment. Make sure you have a list of all your tenants for AWS, Azure, GCP, etc., so you don't miss anything. You're always going to have a lot of alerts in this business, but Wiz has the flexibility to tailor your controls to your company's specific needs. That will reduce the amount of alerts.
I give Wiz a nine out of ten. If Wiz can figure out the remediation workflow, I would put the solution close to a ten out of ten. Although we are not able to consolidate tools with Wiz yet, the solution is getting there. It is on Wiz's roadmap. We will deprecate our SaaS and SCA offerings once Wiz rolls that ability out by the end of the year. Very rarely do people truly conduct a thorough proof of concept. Analysts from Gartner or Forrester may not fully understand individual environments, as each one is unique. To get a better understanding, we need to compare side-by-side, setting up Prisma, Aqua, and Wiz. It will become clear how Wiz is a leader in the space, both from a technical standpoint and from a high-level view. Additionally, other solutions often lack up-to-date documentation, whereas Wiz takes documentation seriously and has excellent documents and revisions. Furthermore, Wiz's portal is user-friendly and prioritizes risk, making it stand out from its competitors. With any solution, we want to conduct a health check. We schedule health checks with Wiz every six months to ensure the solution is well maintained.
I rate Wiz a nine out of ten. I recommend evaluating it with a full POC, but be prepared to set up connectors and go through the entire process. You'll know if you like the tool within a month. Try it if you have the budget. If you're concerned about getting too many alerts from multiple solutions, I would say it depends on what you can consolidate. Not everything can be consolidated into Wiz. At the same time, Wiz mainly reports actual issues, and there isn't a lot of noise or false positives. Wiz will detect specific resources that might be exposing ports to the internet and trigger an issue on that. But that's by design. In some cases, you might have network resources that a firewall needs to have exposed to the internet in that way. Wiz has accounted for everything, so you can configure it to ignore particular issues for a given resource. They've implemented a few ways to work around issues you don't want to address so you can clear from the interface and get people to focus on what's important.
I rate Wiz a ten out of ten. Take a look at competitors and make your opinion. At the same time, most people choose Wiz because of its ease of use, support, and return on investment. Those are the main reasons we selected and stayed with them.
The biggest thing is understanding the hows of where your integration points are going to be. To someone who is looking at buying Wiz but is concerned that they already have a bunch of products that give them a lot of alerts, I would say that from an alert perspective, we haven't had a whole lot of issues related to alert fatigue from the system. We were very calculated in the implementation in terms of the things that we're seeing just for that reason. One of the things is that there could be areas where there might be overlaps in alerting. So, you can look at potentially consolidating those systems down into this single platform. Depending upon how you're doing some of the logging, alerts, and change detections in the environments, you can consolidate things like your vulnerability scanning. I would rate it an eight out of ten.
Initially, there was unplanned work when our cloud owners saw the risks in their environments. But because we were prioritizing what needed to be fixed first, they were able to utilize existing staff resources to address those vulnerabilities. We were not just trying to patch or fix something that might be low risk. Rather, we were always trying to identify where our critical issues were and address those first. If you're looking at Wiz but are concerned that your existing products already give you a lot of alerts, I would ask about your journey to the cloud and what you're focusing on. Are you mainly focusing on what I call CVEs and patching? Or are you looking into other areas like compliance and identity and access management pieces? If you are, then Wiz is definitely the right choice. It has to be driven based on that journey to the cloud. Visibility, once deployed, is one thing, and visibility prior to deployment is another thing. You should have a good understanding of what your requirements are and where you see the value of addressing any type of risk that is introduced into your environment. Understand what is important to you. Are you more focused on the CSPM features that are available through Wiz? Are you more focused on cloud infrastructure entitlements that are available through Wiz? Are you looking to remove existing agents that could create overlap, and how does that fit into your roadmap? Understanding your requirements for the type of information that you want to see out of the tool is going to be critical to understanding your use cases, and how your community is engaged with those use cases, regardless of how easy the tool is to integrate. Those are factors that are going to be vital to your success.