Item: Wiz
Rating: 10
Author: Andy Hebert

Overall Satisfaction with Wiz

Use Cases and Deployment Scope

* Brings together 2-3 cloud environments into a single pane of glass
* Supports (although we would like to see better support) segmentation of cloud resources based on tags or resource tag enrichment. This allows our product teams in the organization to focus on the resources they are responsible for.
* It will help our ISO focus on what matters through Wiz's issue generation through toxic combinations. Right now, it is hard for our ISO to focus on what matters. They squirrel away whenever there is an audit or some perceived security threat. I am hoping Wiz will help our office reach a maturity level that takes a more pragmatic approach to security, one that allows us to make steady gains and push the security forward in the organization.

Pros and Cons

Pros

It seems to be a very open. The platform exposes as little or as much detail you want. Most things can be boiled down to a security graph query. So a user of Wiz can see how the graph data is really the nucleus of the platform.
The API console and the API explorer are super valuable for API integrators like ourselves.
The role/permission based controls are pretty robust and has allows us to define the workflows that we want our end users to engage with.

Cons

I would like to see the modification of the issue status to be wrapped in some form of a permission
I would like to be able to show filtered queries on the Identity Entitlements screen also on the security graph.
I wish I didn't have to create an automation rule (when the rule does just about the same thing in each) for each project (in Wiz).

Return on Investment

We haven't completed a full rollout yet, but the goal is to shift left security to all of our product teams so that security is a shared effort across the organization.
We want to be able to demonstrate fast remediations, corrective action plans with tangibles from Wiz in response to audits or red team findings.
We would like to also use information from Wiz to substantiate answers to security questionnaires that customers requires us to fill out in order to do business with them.

Via an agentless, API-centered approach, Wiz is designed to be rolled out in minutes to easily scan workloads and get full visibility into cloud environments. Please describe your experience with this aspect of the product.

The agent lens approach that Wiz uses is really solid—it's been very stable. What I appreciate most is that it eliminates the operational burden of managing agents across various nodes within a cloud platform. You don’t have to worry about versioning, resource requirements, or the security concerns related to egress and ingress traffic. One limitation with the current scanning method, however, is its periodic nature. It can sometimes be tricky to determine whether a specific resource was synced and whether an ad hoc-initiated sync actually processed the resource. This might be an area for me to dig deeper, as I know Wiz provides data indicating sync timestamps. I also believe there's a log available that shows which resources were synced and when.

Wiz leverages a security graph at the core of the product that is designed to accurately detect and define security risks. How does your company utilize the Wiz security graph for risk assessment?

Every view in Wiz is backed by the Security Graph, making it essential for delivering the visibility we need from a security observability perspective—period. The last time we leveraged the Security Graph was to identify all super admin accounts in our Azure environment. The Cloud Entitlements view in Wiz didn’t fully meet our needs, so we had to create a custom Security Graph query, similar to those available in the Entitlements page, to get the precise results

Usability

Honestly, I think Wiz’s usability is outstanding. Coming from a software engineering background, I really appreciate that the Security Graph is the backbone of the entire platform. It’s powerful to see how different pages and features are essentially varied lenses into the same underlying data, offering multiple perspectives on that core graph. What stands out to me most is the transparency of data in Wiz. Everything feels very open and accessible, which is not always the case with other security platforms. That said, I do think the learning curve could be steep for standard users—especially those without a technical or engineering background. Understanding the relationships and abstractions that Wiz defines requires a certain level of technical thinking. But once that mental model clicks, the value delivered through the Wiz UI becomes incredibly compelling.

Alternatives Considered

Palo Alto Networks Cortex XDR

As someone relatively new to the security space, coming from a software engineering background in identity, I don’t have deep experience across a wide range of security tools. That said, based on the products I have used—such as Palo Alto’s Cortex XDR, Panorama, GlobalProtect, and their related tenant tooling—the user experience feels quite dated. These tools often fall short in guiding users to what matters most. The interfaces tend to be complex, and it's not always clear where attention should be focused or what actions should be prioritized. In contrast, platforms like Wiz really stand out for their intuitive design and data-driven clarity, helping users focus on the most impactful security concerns.

Key Insights

Do you think Wiz delivers good value for the price?

Yes

Are you happy with Wiz's feature set?

Yes

Did Wiz live up to sales and marketing promises?

I wasn't involved with the selection/purchase process

Did implementation of Wiz go as expected?

Yes

Would you buy Wiz again?

Yes

Other Software Used

Palo Alto Networks Cortex XDR, Palo Alto Networks Prisma Access, Qualis

Likelihood to Recommend

* Wiz is particularly well suited for multi-cloud. The abstractions that it has defined allows for leveraging of knowledge pertinent to all three platforms in a single taxonomy. That's really powerful.
* The work that the wiz team does for defining and keeping up on cloud configuration rules, vulnerabilities, policy composition would be absolutely impossible for an organization to undertake themselves. Super valuable.
* If you're an organization that sees the security landscape as constantly evolving, and you want to make sure you are working on the most important things to move your security posture forward, Wiz is definitely the way to go.
* Security engineers that are new to wiz and have a more legacy operations background may struggle with Wiz. They would really need to lean into the security graph and an understanding of how to query it. I think this would take an approach that is open to seeing issues as relationships and a willingness to understand technical details in order to effectively query the security graph.

Wiz Feature Ratings

Comments

Please log in to join the conversation

Enjoying the Wiz Journey