Overview
Product Information on Wiz CNAPP
What is Wiz CNAPP?
Wiz CNAPP Pricing
Overall experience with Wiz CNAPP
“Phased Setup Approach Enables Gradual Feature Rollout and Coverage for Wiz Users”
“Centralized Cloud Visibility Offers Value But Alert Overload Requires Careful Tuning”
Badges
Cloud Security Posture Management Tools
About Company
Company Description
Wiz is a company that aids organizations across various sizes and sectors to swiftly detect and eliminate crucial risks in AWS, Azure, GCP, OCI, Alibaba Cloud, and Kubernetes. This enables these organizations to develop quicker and with enhanced security.
Company Details
Do You Manage Peer Insights at Wiz?
Access Vendor Portal to update and manage your profile.
Key Insights
A Snapshot of What Matters - Based on Validated User Reviews
User Sentiment About Wiz CNAPP
Reviewer Insights for: Wiz CNAPP
Deciding Factors: Wiz CNAPP Vs. Market Average
Performance of Wiz CNAPP Across Market Features
Wiz CNAPP Likes & Dislikes
The API first nature of the product allows us to build and maintain the system in IaC which allows us to keep our configuration up to date, and the context aware severity ensures we're only alerting teams to issues that are relevant and require their attention to resolve. The setup process allows us to take a phased approach, initially ensuring we have coverage across our estate, and then enabling additional features as our maturity grows. The code to cloud feature helps us discover the right level of the tech stack to implement the resolution, and as we gain further confidence in the product, the ability to set up auto-remediation via pull requests looks like it will be a big win for us.
Wiz gives you a single pane of glass view of your cloud environments, plus code repos. It's a great capability to bring all your alerting and intelligence into one place. Bonus features like cloud cost visibility add to the value.
The features we like most are the IAC code scanning that enabled us to check Terraform, CF and K8s manifests files and the ability to identify open-source libraries that are vulnerable and another feature we like most is its secret detection in the code repos and container images which helps us to prevent accidental exposure of API keys and tokens.
Ignoring issues outside of the global ignore rules (i.e. using a .wiz file) feels very immature compared to the rest of the product. The IDE integration also lacks some basic features like the ability to see rule IDs to build out the aforementioned ignore rules. Ownership of repos again could do with some work, it's not easy to map repos to projects without jumping through hoops such as resource tagging rules.
There's a long learning curve to mastering alerting - until then you can easily be bombarded with thousands of alarms. It's easy to get lost in all the alerts, and as a smaller company you will need to be very pragmatic about your strategy and invest time in tuning things to get the right signal to noise ratio.
One of the main dislikes is its price. Also, the interface, while clean, is so dense with telemetry and features that it takes a few months to understand and master.
Top Wiz CNAPP Alternatives
Peer Discussions
Wiz CNAPP Reviews and Ratings
- IT Security & Risk Management Associate1B-10B USDEnergy and UtilitiesReview Source
Phased Setup Approach Enables Gradual Feature Rollout and Coverage for Wiz Users
Overall we've been very happy with our partnership with Wiz. The roll out has been a big win for us and we're we've had issues or suggestions we've had access to the team to help drive the direction of Wiz - Associate Consultant50M-1B USDBankingReview Source
WIZ CNAPP: Complex Interface Present Challenges Despite Strong Scanning Capabilities
Wiz CNAPP helps us secure everything we build and run in the cloud. Because it is agent-less, we don't have to worry about agent installation or issues where the agent prevents something from reporting correctly. We are using it to scan the resources running on AWS and it has performed exceptionally well under our current demand. Its support for IAC scanning is a standout feature which allows us to check the manifests for any misconfiguration. Since moving to microservices, we particularly value its ability to identify vulnerable open-source libraries and dependencies in our code. - IT SECURITY & RISK MANAGEMENT ASSOCIATE<50M USDSoftwareReview Source
Cloud Security Platform Eases Compliance but Faces Cost and Alert Challenges
Wiz is the most comprehensive cloud-native security platform I have worked with. The agentless design enables smooth deployment across multi-cloud environments, eliminating the overhead of traditional agents. Overall it makes it easier for engineers and security teams to understand context quickly. - IT SECURITY & RISK MANAGEMENT ASSOCIATE50M-1B USDSoftwareReview Source
Efficient Multi-Cloud Security Hampered by Scalability and Configuration Complexity
Powerful Cloud Security platform with Deep visibility of threats and vulnerabilities on the organization's exposed surface - Director, IT Security and Risk Management1B-10B USDBankingReview Source
Game Changing Success in the Cloud Security Visibility and Container Runtime Realm
My organization has had game-changing success with WIZ. The amount of clear and easily digestible cloud visibility we were able to gain has provided much better insight into the questions, "what is our cloud security posture" and "what truly poses a risk to our organization".