Black Box Wizard Multimedia Extender Quad Video/Stereo Audio Transmitter - video/audio extender
Mfg # AVU5004A
CDW # 1098866
Know your gear
Black Box is a leading worldwide provider of infrastructure services, communications equipment, and technical support. The company's success is firmly rooted in the original vision: to create a "central, reliable source for hard-to-find products and technical skill". Black Box is unique, distinguished by its superior technical and customer services. With plans to continue expanding its services, Black Box is poised for excellence well into the future.
PRODUCT FEATURES:
Allows to extend video and stereo audio up to 984.2 feet. (300 m);
Plug-and-play operation.
PRODUCT FEATURES:
Allows to extend video and stereo audio up to 984.2 feet. (300 m);
Plug-and-play operation.
Add to Compare
Enhance your purchase
Black Box Wizard Multimedia Extender Quad Video/Stereo Audio Transmitter is rated
4.80 out of
5 by
11.
Rated 5 out of
5 by
Eric Acosta from
It's easy to do queries to find out how many servers we have and the applications installed on each
What is our primary use case?
I have worked in security for a while, but I'm new to the cloud security world, and Wiz helps me understand how to secure cloud environments like AWS and Azure on the backend. We have about 50 Wiz users, including four admins and the SOC team. About 10 members of the CloudOps team have access.
How has it helped my organization?
Wiz's biggest benefit is visibility. My organization acquired a few other companies, and we didn't know what we had. With Wiz, we only needed to create a service account and add new accounts to gain visibility into how they are configured, what security holes they have, and how to fix their vulnerabilities.
Visibility into critical risks is essential to our security team's job. You need to know what's out there to protect the environment. Wiz helps us reduce blind spots in our remediation, and we're constantly working on that. Our cloud security team is relatively small, so we're still seeing several servers with vulnerabilities.
We're still refining our remediation process. Now, when we see a vulnerability, we open a ticket with CloudOps to remedy it. However, the company recently made some acquisitions, and the other organizations we bought have their own processes.
We've been able to consolidate a few tools. For example, we had another product that we were using to pull reports from AMIs, but we recently started doing that in Wiz, so we don't need it anymore. It's easier to use one tool with a single pane of glass instead of logging into multiple tools to get some information, you can do it from the Wiz platform.
What is most valuable?
I like Wiz's reporting, and it's easy to do queries. For example, it's pretty simple to find out how many servers we have and the applications installed on each. I like Wiz's security graph because you can use it to see the whole organization even if you have multiple accounts. We can sort it by a specific account or see them all in one place. I can't imagine logging in to each AWS account every time I need to see something with it. It's making things much easier.
What needs improvement?
Given the level of visibility into all the cloud environments Wiz provides, it would be nice if they could integrate some kind of mechanism to better manage tenants on multiple platforms. For example, let's say that some servers don't have an application they need, such as an antivirus. Wiz could include an API or something to push those applications out to the servers. It would be great if you could remedy these issues directly from the Wiz platform.
For how long have I used the solution?
I have used Wiz for about a year.
What do I think about the stability of the solution?
I'm impressed with the stability. We've only had downtime from maintenance and updates, and they notify us in advance, so we aren't impacted.
What do I think about the scalability of the solution?
We haven't needed to scale anything. It's a SaaS solution, so everything happens in the background. I haven't noticed any issues.
How are customer service and support?
I've never contacted tech support directly, but I meet with our account managers weekly, and they help me when I have issues. They open the case for me and provide a solution. At the next meeting, they follow up with me, and it's usually resolved pretty fast.
What was our ROI?
We realized value immediately after implementing Wiz.
What other advice do I have?
I rate Wiz nine out of 10. Before implementing Wiz, you should have all the information about your cloud environment in hand. It's straightforward once you get started. The challenge is getting connected to the environment. It will be difficult if you don't have the keys to the environment. Make sure you have a list of all your tenants for AWS, Azure, GCP, etc., so you don't miss anything.
You're always going to have a lot of alerts in this business, but Wiz has the flexibility to tailor your controls to your company's specific needs. That will reduce the amount of alerts.
Disclaimer: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Date published: 2023-04-13T00:00:00-04:00
Rated 5 out of
5 by
reviewer2130933 from
Cloud security posture management, visibility, comprehensiveness, depth, and agentless connectivity without any impact to your environment is an absolute no brainer when it comes to reducing risk.
What is our primary use case?
I lead and manage our vulnerability management and threat intelligence program so relying on having quick visibility, coverage, comprehensiveness, and depth is an absolute benefit; Wiz agentless deployment and scaling give us that quick use CVE-based vulnerability scanning, detection, continuous monitoring, threat intelligence, and risk prioritization with little to no downtime or impact to availability. Lastly, the CSPM, threat-intelligence, and dashboard capability within Wiz gives leadership quick and efficient reporting on our overall risk in the cloud.
How has it helped my organization?
I believe the genius of Wiz is that, as we move towards a more zero-trust approach to cybersecurity, we can avoid using agents, which can be intrusive and difficult to manage. Furthermore, granting an agent full read rights access to our endpoint is not always the most secure, least privileged approach. I appreciate how Wiz can take a snapshot, scan it, and deliver results without affecting our workloads. Working with Wiz is great because it eliminates the need for staging and production environments. When we can't pick a snapshot-like reproduction environment right away, it does not have any impact.
We went from 1,000 to 10,000 employees after merging with a large company and purchasing another. Prior to this, it was like the Wild West. With Wiz, we were able to set up quickly and have visibility into our cloud workloads and environment. This has been incredibly helpful in reducing our attack surface and allowing us to prioritize risks. Wiz significantly lowered our risk and caused little to no disruption which is quite amazing.
It is extremely important for our organization to have visibility into our risk detection with a contextual view for prioritizing potential critical risks. When companies try to approach this single pane of glass from a risk perspective, it is essential to be able to share this information with stakeholders and non-technical people, such as the president, CFO, or other C-level personnel. I believe it is possible to share our cloud posture and risk overall within a five-minute presentation.
With the deep coverage and visibility that Wiz provides, we need more resources. It's clear that we have a lot of issues to address and we need to be careful and strategic in how we roll out solutions so that we don't overwhelm the business. Wiz has been helpful in determining our needs and getting us the resources and people we need.
Remediation is currently a manual process. Because the automation workflow within the tool is lacking, we have a remediation webinar to help. I still recommend and suggest that Wiz build it within the tool itself and not depend on manual processes. I have created an SOP to review and share findings, but it is a tedious process and can take up a lot of time. We are not yet in an optimized automated state and the tool and procedure are not there yet. However, Wiz does help and I have set up projects to help with organization and remediation workflow. The security personnel I work with have been pleased with the results, as I can provide a link to the issue and we can review it together. I usually have biweekly remediation calls and internal SLAs to track the ticket creation of the finding to when it is remediated. I find it useful to use that feature within the solution. Wiz allows us to go into the issue and assign a due date, which is very helpful. It would be great to have our own remediation board within Wiz, more like a dashboard.
What is most valuable?
There are many different features within Wiz that are valuable in their own right. I believe the best features are cloud security posture management, threat intelligence, and risk prioritization. This combination is my favorite aspect of Wiz. There are very few false positives. Wiz does an excellent job of leveraging their threat intelligence and distinguishing issues from findings to prioritize their risk. Having threat intelligence as part of our overall cloud posture management, cloud configurations, CVEs, and CWEs helps to prioritize our inherent and residual risk to the business. Wiz does not try to make actions overly complex, so even a non-technical person can take a webinar and understand the basics of how it works. The solution is very user-friendly.
I like the security graph feature, and being able to start with a dashboard. I am a fan of drilling into the dashboard, and I love how the solution handles different technologies. If we go to Wiz's inventory, they have their work, visibility, and coverage of technologies, as well as how they prioritize external exposures, cloud entitlements, containers, overall vulnerabilities, malware findings, and so on.
I really appreciate the visibility and the way the security graph lays out the risks. When we join the security graph, we can get very detailed and granular information. I like how I can drill into an issue, for example, if I want to look at a critical finding. I can look up fields in my query for all the hits and interact with the security graph and those expressions easily. It's a very digital footprint, root cause analysis type of interaction. I like that element of the security graph. We can get very specific, elaborate, and add to it. Whether we just want to look at the security graph level or drill into the issue specifically, it gives us a detailed footprint of the attack. It's pretty cool.
What needs improvement?
Wiz is trying to get into File Integrity Monitoring and it would be nice to set up what they call 'alert profiles' in their dashboard. For instance, if they had a threshold of a hundred images or files within a Docker container, image, or files within a particular workload that has been deleted within one minute, this could be an Indicator of a compromise of ransomware or something else. We typically don't think of this in the cloud, but the same rules apply as they would on-premise. It would be beneficial for Wiz to expand into this space and set up alert profiles for thresholds that indicate areas of compromise.
The remediation workflow within Wiz could be improved. For example, Rapid7 has done this well with InsightVM, which they call goals, SLAs, and projects in their remediation workflow. It would be beneficial to have a remediation tab that focuses on the visibility and coverage of findings, as well as an automated remediation workflow. This would save time, as it would not require creating tickets in Jira or going to another place. If these two can be done, it will be very helpful for the user, the person administering the tool, and the developers who need to fix the findings and issues.
For how long have I used the solution?
I have been using Wiz for almost one year. Six months of that was proof of concept, and now in my current role, four to five months.
What do I think about the stability of the solution?
We have not encountered any issues with Wiz since I have been here, and it remained stable with no downtime or changes required. I give the stability a ten out of ten.
What do I think about the scalability of the solution?
I am a great admirer of scalability. Wiz scales very well. The only potential obstacle to perfect scalability is probably in the remediation workflow space. The product's availability is excellent. The scalability is almost there. However, by focusing on the remediation automation workflow, goals, SLAs, and projects, we can get Wiz to scale quite well. I give the scalability a nine out of ten.
How are customer service and support?
The technical support is good. The only improvement I would suggest is that Wiz should make their information more publicly accessible, rather than requiring users to have a console account in order to access the portal. This can be an extra step for SREs who do not need to use the tool but still need to access the documentation. It would be helpful to have public documentation that can be accessed by anyone associated with the domain.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
At my previous company, I used Aquasec and Prisma. When I joined my current organization, they were using Wiz.
How was the initial setup?
The initial setup could not be more straightforward.
We saw the value of Wiz right away. We had onboarded a company we had purchased within three weeks and set up Terraform, AWS, Kubernetes connectors, and BS connectors. We also created a staging environment and a production environment. I was working with SRE to manage posture and address CV-based vulnerabilities that we were seeing. Thankfully, Wiz had a great zero-trust approach and the solution was really good.
The deployment was completed by myself, an SRE engineer, and an SME from Wiz.
We have three different business units. Within those three business units, we have 341 containerized application endpoints. Our next step is to get these onboarded into Wiz, which will be a big project due to the number of applications and workloads. For Prism, the resources we have for both Azure and AWS for our core applications and Namely a...
Disclaimer: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Date published: 2023-03-22T00:00:00-04:00
Rated 5 out of
5 by
Kamran Siddique from
Enables us to quickly identify the problem, solution, and how severe the issue is
What is our primary use case?
We use the solution as our cloud security platform.
We use Wiz across all of our GCP environments. We have approximately nine projects, around five thousand instances, and five thousand containers. As for AWS, it is relatively small; it consists of a few VPCs with around five hundred assets.
How has it helped my organization?
Wiz is the only security solution we use for our cloud platform. It scans data activity, potential exposures, and any efforts with overly wide permissions, especially when they involve semi-exposed ports of sensitive data. Wiz also tracks vulnerabilities, including zero-day vulnerabilities, and logs. We are taking advantage of the security graph and all its features to make it easier to track security across the board.
Wiz's ability to scan every layer of our cloud environment without any agents is why we have the ease of deployment that we can provide on the order level and view all the products, giving us a lot of value and immediate return on investment. Agents are required for certain use cases, such as blocking features or taking action immediately if something is not right, but we did not have that requirement. We created workflows to identify where the action is needed and integrated them with our ticketing system to assign appropriate urgency tickets, so the right team can work on it immediately.
Automated attack path analysis has been beneficial to us by helping us to identify what needs to be done when a vulnerability is discovered. It allows us to trace the attack paths from a potential point of exposure to the vulnerability and how it can be exploited. We can also determine how to mitigate the vulnerability, which is of great value from a remediation perspective.
Within the first two weeks of the deployment, we were able to limit all of our security issues in our production environment. We had been using another platform, but it lacked ease of use and we were not able to get all the details we needed. We replaced this solution with Wiz, and it allowed us to take action when an alert came in. We were able to drill down to the root cause and with the knowledge base that comes with it, we were able to fix issues and get rid of all our security issues. This was a huge value.
Having visibility into our risk detection with a contextual view to prioritize potentially critical risks is very important, as we do not have a large security or development team. If we were to receive twenty alerts, we would not have the capacity to address them all at once. Knowing the context of how this would impact the organization is of great value, as it allows us to tackle the most critical issues based on external exposure, exploitable areas, and the type of data behind the vulnerability. This context helps us prioritize, as all risks are not equal.
Wiz has helped us reduce blind spots in our restriction capabilities by 100 percent. We were running a tool that scanned for vulnerabilities, but we did not have an external exposure component or any context for it. We had just deployed the DSPM and were not able to look at many past levels. The tool we were using previously was just one ready assessment tool. Wiz adds a lot of value.
Additionally, since we have both e-commerce and SaaS, it is important for us to be compliant and isolated. Wiz makes this very easy as we are a hundred percent cloud-based. We can review our compliance and see all the efforts running in our cloud environment. If there are any controls that are not compliant with ISO software, we have set up learning on that and integrated it with IT and some tooling. This allows whoever needs to take action for their control to do so immediately, ensuring that we stay compliant.
I have limited resources in my department, but if I wasn't utilizing Wiz and used our old solution, I would need to acquire two to three more resources. Therefore, with Wiz, I can do all of the above with the existing resources instead of bringing on more tools and personnel.
What is most valuable?
The first thing that stood out was the ease of installation and the quick value we got out of the solution. I compared Wiz to two other products that we were sending to other clients for cloud security. We were able to get Wiz installed within a couple of hours for all of our cloud assets and we could see insights into our security posture within a couple of hours of the installation. Our DevOps team was very excited to see what they needed to work on. We addressed all the critical issues within two weeks of installing the solution.
What needs improvement?
The only thing that needs to be improved is the number of scans per day. We need to educate our auditors and ensure that scans are done more than once a day. If there is a vulnerability that is exposed, we can update it after the scan. We are currently scanning once a day, which is acceptable for UCSB. We are trying to figure out how to increase the frequency of the scans, as some universities do not wait a day before they know if something is exposed. Knowing earlier is always better.
For how long have I used the solution?
I have been using the solution for six months.
What do I think about the stability of the solution?
We have not seen any outages with Wiz. The solution is stable.
What do I think about the scalability of the solution?
Wiz is our e-commerce platform. That means we have approximately five hundred million impressions on our website per month, with around four million users.
This solution is very scalable; if I add resources to new accounts, they are automatically monitored. When adding a new account, no additional action is required; we don't even need to consider capacity, as it is already maximized.
Which solution did I use previously and why did I switch?
Previously, we had an agent-based solution called Rapid7 which would alert us of any issues it identified. However, due to the outdated hardware, there was no context to the alerts, and we were overwhelmed. When I joined nine months ago, I noticed that the tool was being ignored and was a waste of money. Therefore, I began searching for a more effective solution that would provide context-based results without needing additional resources. We wanted something that would address real issues and provide five actionable alerts a day, with maximum outbound action taken if necessary. This is why we decided to switch to Wiz and discontinue the vulnerability assessment and API moderator tools.
How was the initial setup?
Implementing Wiz was really easy - it took us less than two hours and could have been done in half an hour if we hadn't needed to run three scripts. We were able to enable it on the cloud and view the scripts. From a user perspective, we set up SSO for our engineers and integrated it with Jira and ServiceNow. Everything else was automated, including compliance controls and processes. We had two sessions with our customer service management team to learn how to investigate critical issues, exposures, and secrets stored in files. All in all, it took about a week to process, integrate, and get the platform running.
The initial setup was straightforward; we used the CAD tooling to run the scripts and followed the steps. We examined the scripts and used the original commands to implement Wiz, which took us about two hours. We had three people from the CA team, two people from the DevOps team, and one Wiz details engineer. From the implementation perspective, we had a DevOps engineer, a studio engineer, and a Wiz details engineer.
What about the implementation team?
The implementation was completed in-house by our presales engineer and my DevOps engineer.
What was our ROI?
We have definitely seen a return on investment with Wiz. There are multiple ways that we are seeing this. Firstly, Wiz simplifies the process as we are now using one tool instead of two or three. Secondly, compliance is much easier as we can now get in-depth monitoring of controls from an ISO or software perspective. This would have previously required a full-time resource. Additionally, we now have more coverage with external exposure, cloud entitlements, vulnerability management, and malware detection. All of this is being managed with only one-quarter of a resource, whereas if we were to do all the same things without Wiz, we would have needed to add at least two team members and several different tools. This has resulted in a large return on investment, as we now have to keep up with software and ISO certification.
What's my experience with pricing, setup cost, and licensing?
The cost of the other solutions is comparable to Wiz. We have credits that we can use for whatever features we need. We bought more than we needed because I wanted a customer success manager dedicated to our account. We have meetings with them every week and they help us with our roadmap and site plan. We bought more credits to make up for the minimum buy-in, but it still didn't exceed our budget. We got results with Wiz immediately; we installed it and met our goal during the four-week trial.
Which other solutions did I evaluate?
When we began searching for a replacement for Rapid7, we looked at Wiz, Lacework, and Datadog Security. After trying all three, we decided to settle with Wiz.
What other advice do I have?
I give the solution a ten out of ten.
My self-management team is very cooperative. We have a set plan ...
Disclaimer: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Date published: 2023-03-28T00:00:00-04:00
Rated 5 out of
5 by
reviewer1534569 from
It enabled us to consolidate tools into a single pane of glass, speeding up our mean time to respond
What is our primary use case?
We use Wiz for cloud security posture management and related services, such as visibility, inventory, risk management, patch management, and framework maturity.
How has it helped my organization?
We saw benefits from day one. Wiz gives us greater visibility into S3 buckets and sensitive data that may be exposed or compromised. For example, it might show us buckets that are public but should not be or immediate areas where patching should be applied.
Wiz enabled us to consolidate tools into a single pane of glass. That sped up our meantime to respond. The single pane of glass helps our security teams identify zero-day threats and vulnerabilities to tackle first. Wiz has been a game-changer for us.
It's one of our core security tools for preventing breaches in our organization. Since we're a 100 percent cloud environment, Wiz is critical to our security toolset.
Wiz helped to reduce blind spots in our risk detection capabilities. Their dashboard has pre-populated queries for zero-day threats that take the guesswork out of building a query. Everything's simple, understandable, and pre-populated for you to customize. It offers visibility into the vulnerability and what you must do to resolve it.
I could take care of threats immediately and confirm to the executives that zero-day threats are prevalent in the industry for other organizations. It handles the security operations, governance, and risk compliance aspects of the cloud in a single solution.
Wiz also helped us avoid building a large team. We can use the team we have and scale the tool as needed because it provides visibility to multiple teams. Fewer people are needed to operate Wiz.
What is most valuable?
The CSPM module has been the most effective. It was easy to deploy and covered all our accounts through APIs, requiring no agents. Wiz provides instant visibility into high-level risks that we need to address.
It's the best tool in its class. I have used many different tools in previous environments, and this was the easiest to use. It provides the most visibility from the dashboard and highlights areas that must be addressed immediately.
Wiz can seamlessly scan every layer of our cloud environment without agents. The documentation was thorough, with screenshots and examples of what to do next.
What needs improvement?
Wiz's reporting capabilities could be refined a bit. They are making headway on that, but more executive-style dashboards would be nice. They just implemented a community aspect where you can share documents and feedback. This was something users had been requesting for a while. They are listening to customer feedback and making changes.
They could add more security functionality and visibility into EKS and Kubernetes in general. I believe that is on their roadmap. Wiz should just keep pace with the changes in the cloud and new features customers are requesting.
For how long have I used the solution?
I have used Wiz for two and a half years.
What do I think about the stability of the solution?
We've never had any issues or outages.
What do I think about the scalability of the solution?
I rate Wiz a ten out of ten for scalability.
How are customer service and support?
I rate Wiz support a ten out of ten. Their support is excellent. We can always reach our account representative when we have a problem or need to speak with technical staff to clarify things. It's easy to get help when needed.
How would you rate customer service and support?
Positive
How was the initial setup?
Setting up Wiz was straightforward. We only had two engineers on our side working on the deployment. One was responsible for documentation, and the other handled the hands-on aspects. Realistically, you only needed one person to deploy it.
Wiz is deployed in a public cloud environment. We have seven or eight different accounts, and the rollout was seamless. There were no issues. We aren't multi-regional. It's currently one region, but we are looking at expanding. The solution currently gives us the coverage we need for those environments. Wiz requires no maintenance. It runs on its own.
What about the implementation team?
We deployed Wiz using API integration through a VAR service. It was a streamlined process from a VAR perspective. Both sides understood the problems, and we made adjustments to the size of the setup we needed to meet our demands. That was a good aspect of the VAR relationship.
What's my experience with pricing, setup cost, and licensing?
The pricing is fair and comparable to their competitors. The cost seems to be going up, which is a concern. There are potential savings from consolidating tools, but we're uncertain how Wiz's pricing will change over time.
It might follow a trajectory similar to Splunk. Early adopters got an excellent deal, but it became pricey when they became the market leader. Many CISOs are concerned about the longevity of Wiz's pricing model. It's becoming a go-to product that lots of folks are shifting toward.
Which other solutions did I evaluate?
I can't talk about the other tools, but we looked at the best in the industry, and Wiz outshined all of them.
What other advice do I have?
I rate Wiz a ten out of ten. Take a look at competitors and make your opinion. At the same time, most people choose Wiz because of its ease of use, support, and return on investment. Those are the main reasons we selected and stayed with them.
Which deployment model are you using for this solution?
Public Cloud
Disclaimer: I am a real user, and this review is based on my own experience and opinions.
Date published: 2023-03-01T00:00:00-05:00
Rated 5 out of
5 by
reviewer2129682 from
The dashboards are easy to read and visually pleasing, so you can understand everything quickly
What is our primary use case?
We use it to identify vulnerabilities in our cloud environment, including misconfiguration and other issues. More recently, we've used it to identify inactive resources that we can terminate to save money.
It also helps us automate some minor tasks that we don't want to do manually, such as forwarding issues to the appropriate teams. Wiz has various workflows to route the vulnerabilities it discovers to the right teams. We integrated it with ServiceNow, enabling us to send ServiceNow incidents to the teams. We can also send Azure DevOps work items to developers. We're evaluating Jira for some teams, and Wiz can also send tickets to Jira.
How has it helped my organization?
Wiz helps us reduce and manage our issues. Six months ago, we had no idea where we had problems in the cloud. We used another tool, but we still didn't know where most of the issues were. Wiz made it so easy to see from a high level.
Before adding any projects, it showed us all the open issues we needed to fix. It started with the big ones because Wiz groups the issues by control. For example, you can see you have 100 issues under one control, so you start by trying to fix that. We can fix these 100 issues across all accounts by fixing one control.
Maybe we can put in some guardrails or prevent people from doing something problematic using CI/CD. Wiz helps us identify issues, prioritize them, and determine which ones should be resolved globally.
If something can't be fixed at the highest level, Wiz can automatically send it to the appropriate teams. Wiz enabled us to define a structure for routing issues to people. We add a set of AWS accounts to a project and make them owners, so automation rules can be defined to send tickets to all project owners. That functionality helps us get the tool to operate.
Wiz is like a blind spot detector. You don't know what you don't know, so all I know now is what Wiz tells me. We don't leverage any native AWS features, so we rely solely on Wiz now. We're heavily in the cloud, but we still get our feet wet with it and ensure it's set up correctly.
Wiz was the first tool we used to determine what we should look at and fix. We are notified when people do things they shouldn't, and employees are taking more responsibility for that. People are more conscious about what they put in their AWS accounts.
Employees know they're being monitored and are responsible for it at the end of the day. Our InfoSec team will see it and ping them about it. They'll also see it when they get a ticket for the issue that they need to fix. It helps to create a secure-by-design mindset.
Addressing blind spots gives us peace of mind because we know that what we're doing makes sense. We can implement guardrails, understand why people continue to do things wrong and discover ways to prevent the problem from happening. It helps us develop best practices.
Wiz hasn't reduced the staff we need, but it has automated many tasks. It has built-in integration with other tools we can leverage by configuring automation rules. You don't need an external automation solution or a SOAR platform because you can do everything with Wiz's native tools.
It allowed us to decommission a cloud security tool that wasn't working well. Besides that, we haven't consolidated much because we don't have many other cloud tools. I expect a tool like Wiz could replace a traditional vulnerability scanner, like Rapid7. I prefer it over something like that. However, there will always be a use case for a traditional on-prem vault scanner for desktops, firewalls, and other hardware that doesn't have agents on it.
We still need an endpoint detection tool and a traditional vault scanner. But if we were using other cloud security tools like Divvy and Lacework, we could have consolidated both of them into this.
What is most valuable?
The automation roles are essential because we ultimately want to do less work and automate more. The dashboards are easy to read and visually pleasing. You can understand things quickly, which makes it easy for our other teams. The network and infrastructure teams don't know as much about security as we do, so it helps to have a tool that's accessible and nice to look at.
It's easy to see what needs to be fixed, which is crucial for the other teams. We are trying to adopt a comprehensive governance approach. The security team isn't necessarily responsible for fixing the problems, but we are responsible for ensuring they get fixed. We need to route things to the infrastructure team, and it's straightforward for them to find everything on the dashboard.
Wiz lets you group AWS accounts logically into projects. We have AWS accounts associated with an application, so we create a project named after that application, and the project owners will receive any related incidents. It's easy to identify who's responsible. It requires some configuration, but it's handy.
They have a security graph with a point-and-click interface, so you can click the resources you want to search for. If you aren't sure what you're looking for, you can click through. You open the little browser, and it says "EC2 instance." When you click on that, it populates several other options. You see that the EC2 instance has a network interface and click it. That has a public IP, so you can start granularly filtering down using the security graph.
I can use the security graph for threat hunting and identifying resources. I can click on a virtual machine and see it has been detected. I have AWS and VMware integrated so that I can see more than just our cloud environment. It provides visibility into the VMware environment. I can drill down further based on a specific project or subscription. I can see all the VMs in a particular project if I want. If I do that on our infrastructure project, it changes the results, and now I see around 800 VMs in this project.
It helps you understand the resources associated with individual projects. You can do that at the subscription level and narrow it down. It will show you that one project uses S3 buckets and another has VMs. You can determine if assets are active or inactive. It's a valuable tool.
They have a new inventory feature that allows you to detect and classify technologies. For example, let's say a Linux server has an FTP application installed, but we're not supposed to have those on our Linux servers. You can mark it as unwanted. Wiz has controls triggered when you classify something as an unwanted technology, so it generates incident reports for your projects based on what you've specified in the inventory. If I say FTP is undesirable, it will detect that on resources and send tickets to the appropriate teams notifying them to fix it.
I like the features for managing SLAs. You can define SLAs, set due dates, and use the security graph to see if any SLAs are due soon. I also think they do an excellent job with SSO implementation. Using SAML role mappings, we can integrate Wiz with our identity provider and set it up based on different groups. It's simpler to manage user access. We don't need to do all that manual stuff no one wants to do.
The ability to scan every layer without agents is a huge selling point because we're multi-agent. We are heading in that direction, so it's vital to have something that works that way. We use agents where necessary because we've got endpoint detection and response. We have a vulnerability scanner that isn't agent-based. Reducing the number of agents, we must maintain on servers or desktops is essential. They fall a bit short when it comes to performing on-demand scans. However, I don't think that's their goal.
I don't think Wiz wants people to come in and click "scan now." In some cases, having more frequent scanning than what they currently have would be helpful. It is a little confusing to understand which scanner does what. They have disk and data security scanners that scan buckets and a dynamic scanner that scans other things. I don't know which scanner is doing what or if they all follow the same schedule. I don't think we could use it if it weren't agentless.
What needs improvement?
The reporting isn't that great. They have executive summaries, but it's only a compliance report that maps all current issues to specific controls. Whether you look at one subscription or project, regardless of the size, you will get a multipage report on how the issues in that account map to that control. Our CSO isn't going to read through that. He won't filter that out or show that to his leadership and say, "Here's what we're doing." It isn't a helpful report. They're working on it, but it's a poor executive summary.
All the other reports look great when you try to create them. I can pull a report of issues for a specific project, but it's a CSV file with findings, which isn't helpful. I expect a slick visual summary that looks like what they have on the dashboard. They spend a lot of time making the dashboard easy to understand, but you can't get that information into a report for our executive leadership. We want to show them the trends and what we're doing. It's critical for our team to demonstrate the tool's value. At the end of the year, we have to go to a meeting and show management the progress we made this year. I can only do that by going into open issues, putting them all in notepad, and taking a couple of screenshots.
I would also like the dashboards to be customizable. They have excellent dashboards, but you can't create or customize them. At the same time, Wiz seems open to that feedback, and I think they're relatively new. They're growing fast and implementing new features quickly, so I hope this will be added soon.
A third issue is that we can't provide email notifications on connector status. Everything comes into Wiz through a conne...
Disclaimer: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Date published: 2023-03-22T00:00:00-04:00
Rated 5 out of
5 by
reviewer2121129 from
Great vulnerability management with security data at all levels and excellent technical support
What is our primary use case?
Per my company’s guidelines – I am not allowed to share any information about our environment or detailed use cases. What I am sharing is at a very high level.
Overall I can share that we are using Wiz for AWS cloud discovery, identification, and remediation of misconfigurations as well as vulnerabilities.
We are considering more use cases and scenarios (as well as expanding to more teams in the org) in time. For now, these are the primary use cases that we are currently using Wiz for.
How has it helped my organization?
The solution has made a difference in the organization via:
Technical capability. It covers all our languages, frameworks, and assets on AWS with the ability to do side scanning, which reduces compute needs and agent deployment/maintenance.
Natural query language. The product supports out-of-the-box reporting with context about the asset and allows us to perform complex custom queries on UI.
Security data at all levels. Wiz supports Basic and Advanced modes, meaning Engineering and Business users can leverage the platform without being complicated or too dumbed down.
A fresh approach to Vulnerability Management. Legacy methods did not work effectively in the cloud, risk-based context-driven vulnerability identification drives real results.
The ‘Graph’ has uses beyond security. Leveraging centralized cloud asset information enables teams to query in one place their architecture for operational success.
What is most valuable?
The Security Graph is the power of Wiz. This, teamed with continually developed cloud configuration rules, makes Wiz a powerhouse of an application. We use this information to pull all levels of security-relevant data and also for use cases outside of security. Leveraging this technology saves us not only precious engineering time but also money developing and investing in other overlapping solutions.
We find Wiz's native integrations to be extremely useful and paramount to the operational success of the platform; from day one, we have worked on integrating Wiz into as many internal platforms as possible.
What needs improvement?
Wiz is fully aware of its areas of improvement. We are seeing huge platform releases over the next couple of quarters, which they promise and deliver on. Wiz is the first vendor I've worked with that has turnaround feature requests in less than a month.
We would like to see improvements to executive-level reporting and data reporting in general, which we understand is being rolled out to the platform. Improvements around the IaC scanning dashboards and flexibility would be nice however, this does not detract from the current usability of the tool at all.
For how long have I used the solution?
I've used the solution for more than six months.
How are customer service and support?
Technical support is excellent. It is some of the best post-sales support ever received. CSMs know the product and share the same level of passion for the solution.
How would you rate customer service and support?
Positive
How was the initial setup?
By far, the easiest part of the solution is the setup. It took all of one hour to complete, and that's with a custom Terraform.
What about the implementation team?
We handled the setup in-house
Which other solutions did I evaluate?
We evaluated six other solutions from larger and smaller vendors.
What other advice do I have?
If possible, a company needs to do a demo and a PoC. That way, they will see the value right away.
Which deployment model are you using for this solution?
Public Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Amazon Web Services (AWS)
Disclaimer: I am a real user, and this review is based on my own experience and opinions.
Date published: 2023-03-08T00:00:00-05:00
Rated 5 out of
5 by
Mihir Ashar from
Provides profound visibility into vulnerabilities across our cloud environment and outstanding customer support
What is our primary use case?
The solution provides visibility into our business integrations in the cloud environment. We have a multi-cloud environment, and the tool provides a visual representation of misconfigurations, including the risks associated with combinations of multiple misconfigurations. Additionally, we use the solution to track resources provisioned in the cloud for compliance with our organization's baseline controls. Wiz is deployed as a SaaS.
How has it helped my organization?
Wiz helped us reduce blind spots in our risk detection capabilities; the older tools we previously used did not offer the same level of visibility and capability. The solution can validate exposures, which we can then communicate to the application team, allowing the developers to configure their applications to be more secure.
What is most valuable?
Our most important features are those around entitlement, external exposure, vulnerabilities, and container security.
The Wiz Security Graph provides a single prioritized view of risks in our cloud environments. The query functionality also helps us write custom queries and quick searches, allowing us to find vulnerabilities and prioritize externally exposed servers or resources. We can then use other tools to segregate outcomes and prioritize actions between teams based on the threats.
Wiz's ability to scan every layer of our cloud environments without agents gives us profound visibility into the vulnerabilities. The scanner can search the ports and running services, detecting vulnerable packages in the server. The solution also helps in the storage of Cleartext credentials; it can see if files contain cloud or private keys, whereas an agent-based scanner cannot. This visibility allowed us to fast-track remediation by informing the relevant teams about their vulnerabilities.
Having visibility into our risk detection with a contextual view for prioritizing potentially critical risks is essential. Our environment is segregated, so it's crucial to understand what will happen if a particular resource is exposed to the internet. We need some context in the back end, including whether it's a production, nonproduction, or development resource, and it's important to attach the misconfiguration risk order.
What needs improvement?
One significant issue is that the searches are case-sensitive, so finding a misconfigured resource can become very challenging.
The second area for improvement concerns grouping resources into a set. It usually works fine but it depends on the tags configured to the cloud platform. We can group resources into the same project, but we also need the capability to run a check on, say, 15 or 20 resources by grouping them into a compliance set. That would be a welcome improvement.
For how long have I used the solution?
We've been using the solution for over a year.
What do I think about the stability of the solution?
The solution is relatively stable; over the past year or so, we faced two minor issues around logins, resulting in around an hour of downtime.
What do I think about the scalability of the solution?
The solution is highly scalable; as it's a SaaS, we don't have to manage any back-end infrastructure. We can onboard whatever we want and purchase the additional licensing if necessary.
How are customer service and support?
The technical support is quick and easy; as we were onboarded as new customers, we had Wiz representatives available for hand-holding during the deployment. Post-deployment, we faced a few issues around integrations and always got a response within a couple of hours, so I rate the customer support nine out of ten.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
We previously used a Prisma product and switched because the technology was not getting upgraded, among other issues. We also disagreed with Palo Alto's vision about where they wanted to take Prisma, and we submitted meditation reports, bug reports, and feature requests: none of which were addressed.
During our market research, we found Wiz to be superior in terms of ease of use, plus we were impressed by the company's commitment to features and functionality. We discussed changes with them during the demo period, and they had already been implemented by the time we went into the POC, which was one of the reasons we decided to go with them.
We saw that Wiz offers better visibility and builds a view based on correlated resource configurations, so we decided it was a better solution for us.
How was the initial setup?
The deployment was straightforward, as was the initial integration; we didn't have to customize many settings. We did some customization based on our integration environment, but we knew what we were rolling out as we had already carried out a POC. We integrated and onboarded all our cloud environments within a week or so.
One staff member was responsible for tool management during deployment, and as we were integrating into different environments, one to two representatives from each were also involved. Regarding maintenance, we set the rules and do some fine-tuning, but no tool maintenance is required.
We started seeing the value of Wiz within a couple of months following deployment, as it helped us rapidly gain visibility that we didn't have previously. The product allowed us to visualize which servers were exposed to the internet immediately, the associated package logs, and so on.
What about the implementation team?
We implemented the solution in-house, with on-call support from Wiz.
What's my experience with pricing, setup cost, and licensing?
I'm not involved in the pricing or licensing, so I can't speak to it.
Which other solutions did I evaluate?
We tested the capabilities of several cloud providers.
What other advice do I have?
I rate the solution nine out of ten.
We have yet to explore the product's newer features, but we will conduct that exploration and enrollment very soon.
We attempted to consolidate tools using Wiz, but we have yet to be able to due to our organizational level of adoption, not because of any limitation with the product. We have both cloud and on-prem areas in our environment, so if we were to consolidate tools in the cloud, we would also have to replicate that in our data center.
To someone looking into buying Wiz but concerned that they already have a bunch of products that give them many alerts, I recommend the product because it significantly helps with prioritization. Not every alert is critical, but when it comes to combinations of multiple misconfigurations, these can be, and the solution highlights them as such. You can then start fixing the configurations step by step. At the same time, Wiz reprioritizes the vulnerabilities, meaning you can always be focused on the most pressing concerns, regardless of the number of alerts received.
Additionally, whether someone implements Wiz or not depends on their technology. If they already have a product that does scanning and vulnerability correlation, then a product focused on handling the number of alerts is a consideration. For those using older Cloud Security Posture Management (CSPM) tools, I recommend they switch to Wiz, but if they have a newer one and are determined to stick with it, the switch is a more complicated case to make.
Disclaimer: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Date published: 2023-04-02T00:00:00-04:00
Rated 5 out of
5 by
reviewer2059842 from
Provides complete visibility, scans every layer of our cloud environment without agents, and has agentless implementation
What is our primary use case?
Our adoption has primarily been centered around understanding vulnerabilities in the environment and the configuration landscape in terms of creating hardening rules, policies, and other components like that. We're also able to see what the true risk landscape looks like by vulnerability tracking.
How has it helped my organization?
It simplified our ability to respond to new issues that are happening in the environment. Previously, in a scenario where a vulnerability could be a problem, or where there was a high-profile vulnerability and we needed to look at the overall impact, it was normally spread across multiple teams doing the analysis for that. We had to coordinate with all of the teams that manage their own infrastructure. Now, my team is able to provide that analysis upfront without having to take cycles away from development and other discovery components. We're able to have that single view into the entire organization.
It scans every layer of our cloud environment without agents. One of the primary reasons we looked at the platform was its agentless integration. When we look at the deployment models and have to go through an agent-based model, we have to write the components, and there's still that touchpoint on all of the cloud assets. We have to stand up infrastructure, and there's a lot of deployment overhead, whereas agentless implementations are very quick. Because it's doing the site scanning, after we have it integrated into the organization, within 24 hours of the new account being integrated, we have analytics on it.
It helped to reduce blind spots in our risk detection capabilities. It has added a lot of visibility into areas that we otherwise have been lacking. One of the aspects that are cool about it's that it looks at things in terms of inheritance, which I call "shadows." There might be a permission set or a network path that might be inheriting something that you wouldn't know by looking at it from a model, but they show that in their platform. It has simplified the areas around analyzing our permissions and analyzing the exposure points on systems. We're not having to comb through every security group and every security policy to see what exposure points are. We can see that it's inheriting something that we didn't realize in one of the other security groups or other permission sets.
It has simplified the remediation components and how we're performing analysis on the security pieces. It hasn't reduced the number of people, but it has reduced cycles. We're now able to consolidate the cycles, which were necessary but were spread across all of the different areas of the organization, into my team to be able to perform a lot of the analytics and functions that were taking those cycles away. So, engineering is more able to focus on being engineering and not having security go, "Hey, can you look into and investigate this item for me?"
What is most valuable?
The vulnerability management modules and the discovery and inventory are the most valuable features. Before using Wiz, it was a very manual process for both. After implementing it, we're able to get all of the analytics into a single platform that gives us visibility across all the systems in our cloud. We're able to correspond and understand what the vulnerability landscape looks like a lot faster.
Wiz Security Graph is awesome because it tells us exactly what the exposure looks like and how to be able to get to it. So, we know what areas along the way we may need to look at for external exposures and other things that we may not have been aware of.
What needs improvement?
The only small pain point has been around some of the logging integrations. Some of the complexities of the script integrations aren't supported with some of the more automated infrastructure components. So, it's not as universal. For example, they have great support for cloud formation and other services, but if you're using another type of management utility or governance language for your infrastructure-as-code automation components, it becomes a little bit trickier to navigate that.
For how long have I used the solution?
We implemented it in September.
What do I think about the stability of the solution?
From a stability standpoint, we've not seen any issues.
What do I think about the scalability of the solution?
We have a cloud environment. One of the key components and a huge decision-maker in going with the platform was that we're able to scale into it. So, if we add cloud assets, it's very easy for the system to scale with us.
How are customer service and support?
We haven't had any experience directly with them. Most of everything that we've been working through has been with the implementation team, and that has been great.
Which solution did I use previously and why did I switch?
We didn't use any other solution in this company, but I have used Orca Security and Prisma Cloud in previous companies.
In terms of consolidation of tools, it didn't allow us to consolidate tools because we were in a net-new component, but it was one of the first tools that we started putting in within our security program for visibility just because of the necessity around that.
How was the initial setup?
I oversaw the deployment. My team was the one that did most of the work.
The initial setup was very straightforward. It was just working within our enterprise cloud account and then everything populated underneath that, and off we went.
After the deployment, we were seeing value in the first week. We were able to look at some of the analytics and other components and put some of that data together. It helped us to understand the inventory landscape and to be able to comb through that. I've written a lot of manual tools to do that. They go through and do the scanning of the environment and other things, but it ends up getting pretty gnarly and complex. To be able to plug a system in and then see all of my cloud assets and any issues that were associated with them right off the bat was huge.
What about the implementation team?
We did not use an integrator, reseller, or consultant. We have just been working with the Wiz account team's implementation services.
For the phase one implementation, we had one engineer on security and probably one part-time engineer on the infrastructure side helping to troubleshoot. From my team, I had one FTE assigned to the project, and we were able to implement it.
What was our ROI?
The biggest return is the fact that a lot of the things that were decentralized while doing investigations and analysis can now be pulled into a single individual running some report queries to determine the impact and gauge that. We're now able to do that in real-time versus a multi-day turnaround across all of the different engineering groups.
What's my experience with pricing, setup cost, and licensing?
The pricing is fair. Some of the more advanced features and functionalities and how the tiers are split can be somewhat confusing.
What other advice do I have?
The biggest thing is understanding the hows of where your integration points are going to be.
To someone who is looking at buying Wiz but is concerned that they already have a bunch of products that give them a lot of alerts, I would say that from an alert perspective, we haven't had a whole lot of issues related to alert fatigue from the system. We were very calculated in the implementation in terms of the things that we're seeing just for that reason. One of the things is that there could be areas where there might be overlaps in alerting. So, you can look at potentially consolidating those systems down into this single platform. Depending upon how you're doing some of the logging, alerts, and change detections in the environments, you can consolidate things like your vulnerability scanning.
I would rate it an eight out of ten.
Disclaimer: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Date published: 2023-01-11T00:00:00-05:00
Rated 5 out of
5 by
reviewer2041074 from
Multiple features help us prioritize remediation, and agentless implementation reduces overhead
What is our primary use case?
Most of our use cases are within cloud security posture management, in which we identify misconfigurations and any type of what they call "toxic combinations" of risk and vulnerabilities that are affecting our cloud deployments.
How has it helped my organization?
We don't consider Wiz just a cyber security tool. What we have done is opened up the visibility to our cloud users. Now, our cloud users are able to see for themselves what is affecting their assets. It helps enable a shared model of responsibility for security. With the visibility that Wiz enables, our users are no longer receiving a report in the form of a spreadsheet. They're able to quickly see and navigate, and drill into anything, if they need to, to see what is affecting their environments.
Now that we have given them visibility into what's running in production, through some of the capabilities available in Wiz, we are investing in how we can shift things and identify some of those issues earlier in the pipeline so that they don't have to worry about things after going to production.
In addition, the fact that Wiz is agentless and that it's leveraging APIs to give us visibility at the organizational or the account level, are factors that have definitely reduced some of the overhead that come with other technologies that use agents to attain the same results.
Another benefit is that it consolidates tools. We now have one tool that is capable of giving us vulnerabilities, not just on modern services or cloud-ready services, but also on traditional instances in which we would have been using an agent to be able to pull the information we need. The fact that Wiz is agentless and is capable of looking at traditional compute as well as modern compute has reduced the need for additional tools that are agent-based.
What is most valuable?
Out of all the features, the one item that has been most valuable is the fact that Wiz puts into context all the pieces that create an issue, and applies a particular risk evaluation that helps us prioritize when we need to address a misconfiguration, vulnerability, or any issue that would put our environment into risk. The fact that it's able to reveal those toxic combinations has been really key for us in prioritizing what to fix first.
Having visibility with a contextual view for prioritizing potentially critical risks has been quite important. Especially in the cloud, it's no longer about applying a particular patch or applying particular updates to address a CVE. It's more about, for example, how a combination of a misconfiguration with the fact that it's externally facing allows us to prioritize that to be addressed first. There's a higher risk for an externally facing asset that has a vulnerability with, potentially, a service account that has high privileges. We're able to say, "Hey, we need to fix that first," and not worry so much about a compute engine that might be vulnerable, but is still protected by some other security controls that are in place. Knowing where we gain the most value, from a security perspective, and where we can reduce the most risk, has been a critical piece of our adoption of Wiz.
The solution's Security Graph has been key as well. One of the things that Wiz provides is out-of-the-box dashboards, but the Security Graph allows us to pinpoint things by creating custom reports to target specific vulnerabilities. We have multiple use cases in which we can target, for example
* a subscription ID that we are after, and that we are trying to prioritize for remediation
* if a particular CVE is part of our environment.
Through the Security Graph, we're able to quickly determine those types of things. It also enables us to start looking at our assets and our inventory. It's almost human-readable. I don't have to write any type of RQL code. Rather, it allows me to quickly select, through the UI, the pieces that I'm interested in and build a report or query for it.
In addition, the automated attack path analysis is one of the factors that we use when we're prioritizing where we should focus first in our remediation. Understanding any type of lateral movement within an attack path helps us determine the type of urgency involved, as we try to prioritize what to address first. It has been very important in detecting assets that we consider valuable and quickly identifying if they are well protected.
What needs improvement?
Something that we're starting to look into is identifying vulnerabilities for which we potentially need to delay the remediation. We wish there were a way, beyond providing visibility and automated remediation, to wait on a given remediation, due to a critical aspect, such as the cost associated with a particular upgrade. We don't have remediation prevention capabilities available through Wiz. We would like to see preventive controls that can be applied through Wiz to protect against vulnerabilities that we're not going to be able to remediate immediately.
For how long have I used the solution?
We've been using Wiz for about a year and a half.
What do I think about the stability of the solution?
It is pretty stable. We initially had some problems with timeouts, but they addressed them and the platform has been quite stable.
What do I think about the scalability of the solution?
We have not had any problems with being able to scale to meet our demands.
Which solution did I use previously and why did I switch?
We did not have a previous solution for the cloud.
How was the initial setup?
It was straightforward. We did it in partnership with Wiz.
We have it deployed across multiple public clouds and it's deployed at the organization level. All of our application teams and our 250-plus cloud users are able to see the data through Wiz.
We started with one FTE on Wiz and, since then, we have grown the team to three FTEs.
In terms of maintenance, no solution is perfect. We have been able to identify issues on the platform and to engage support to either address the bugs and issues that we see, or to enable a feature enhancement for a particular use case.
What was our ROI?
We have seen ROI from Wiz and we continued to see value in Wiz. Although we have been using Wiz for close to two years, one of the key items that we are still driving is adoption. The more cloud users that adopt the tool, the more value we gain from it. We still continue to see value added.
In terms of immediate benefits, the first major benefit was asset management. We got a better understanding of the type of workloads or services that were being run in our cloud. The second benefit was around vulnerabilities. Wiz quickly proved that a lot of our application teams were not following best practices related to patching. We were able to quickly tell a story: although you are using a modern service in the form of a container, you are not maintaining the container image in a way that prevents vulnerabilities.
One of the main values that we see is that as a SaaS platform, Wiz continues to deploy new features. As those new features are enabled, more value is being gained by us and by our community.
What's my experience with pricing, setup cost, and licensing?
I believe they're moving to a different licensing model. We are still grandfathered to the initial pricing models. What I do like is that the pricing seems pretty simple. We don't have to do a lot of calculations to figure out what the components are. They do it by enabling specific features, either basics or advanced, which makes it easy to select. But I'll have to see how the new pricing model will work for us.
Which other solutions did I evaluate?
We evaluated Aqua Cloud Security Posture Management, Prisma Cloud, and Orca Security. Wiz seems to be more user-friendly. It enables a user to quickly identify risks with minimal intervention. That was definitely a positive factor and a welcome one because it's less hands-on than some of the other tools.
Also, the fact that Wiz is able to see and contextualize multiple components or issues, provides a richer way of looking at risk. It takes into account not just a particular vulnerability that is CVE-driven, but also items like misconfigurations, over-privileged service accounts, and other factors that help us better prioritize our risk.
What other advice do I have?
Initially, there was unplanned work when our cloud owners saw the risks in their environments. But because we were prioritizing what needed to be fixed first, they were able to utilize existing staff resources to address those vulnerabilities. We were not just trying to patch or fix something that might be low risk. Rather, we were always trying to identify where our critical issues were and address those first.
If you're looking at Wiz but are concerned that your existing products already give you a lot of alerts, I would ask about your journey to the cloud and what you're focusing on. Are you mainly focusing on what I call CVEs and patching? Or are you looking into other areas like compliance and identity and access management pieces? If you are, then Wiz is definitely the right choice. It has to be driven based on that journey to the cloud. Visibility, once deployed, is one thing, and visibility prior to deployment is another thing. You should have a good understanding of what your requirements are and where you see the value of addressing any type of risk that is introduced into your environment.
Understa...
Disclaimer: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Date published: 2022-12-06T00:00:00-05:00
Rated 5 out of
5 by
Sathya M from
Provides container security and security from external attacks and vulnerabilities
What is our primary use case?
We use the solution for security from external attacks and vulnerabilities and for container security.
What is most valuable?
With Wiz, we get timely alerts for leaked data or any vulnerabilities already existing in our environment.
What needs improvement?
The solution's container security could be improved. We have to install an agent. We need an agent that can be installed, or that can overview all the containers and Kubernetes so that it can detect malicious activities that are happening in them. If it happens, we need to have an option to take a remote from one console, like we do in EDR, and remediate all those activities.
For how long have I used the solution?
I have been using Wiz for one year.
What do I think about the stability of the solution?
Wiz is a stable solution, and we haven't faced any breakdowns.
What do I think about the scalability of the solution?
Around 10 to 15 users are using the solution in our organization. The solution is not in a place to take up scalability requests.
How are customer service and support?
The solution's technical support was timely.
How was the initial setup?
The solution's initial setup was easy, and the onboarding was very simple.
What about the implementation team?
The solution is deployed pretty fast. We deployed the solution last year, and it was on boarded and in production in less than a week.
What's my experience with pricing, setup cost, and licensing?
Wiz is a moderately priced solution, where it is neither cheap nor costly.
Which other solutions did I evaluate?
Before choosing Wiz, we evaluated and did a POC with Prisma Cloud And Tenable. We chose Wiz because Prisma Cloud was costly and out of our budget, and Tenable did not satisfy most of our requirements.
What other advice do I have?
You can choose to use Wiz if you're not looking for a container deduction and response or Kubernetes security. The solution is deployed on AWS Azure and a private cloud in our organization. The solution's compliance reporting capabilities increased the score of our security scorecard.
Overall, I rate the solution an eight out of ten.
Disclaimer: I am a real user, and this review is based on my own experience and opinions.
Date published: 2024-02-22T00:00:00-05:00
Rated 5 out of
5 by
Jon Buckley from
An unified cloud security platform for cloud security and development teams that includes prevention, active detection and response
What is our primary use case?
We are evaluating security configuration and compliance. We also use it to scan for security vulnerabilities in our pipelines.
What is most valuable?
The security baseline and vulnerability assessments are a very valuable feature.
What needs improvement?
We're looking at some of the data compliance stuff that they've got on offer. I know they're looking at container security, which we gonna be looking at next.
For how long have I used the solution?
I have been using Wiz for four months.
What do I think about the stability of the solution?
The stability is a nine out of ten.
What do I think about the scalability of the solution?
Five users are using the solution. The scalability is a ten out of ten.
How was the initial setup?
The initial setup is straightforward. The deployment takes five hours. So scanning storage accounts, storage account compliance, public endpoint scanning, you know, all of the usual things that we would be looking at as part of deployment.
What other advice do I have?
Overall, I rate the solution a ten out of ten.
Which deployment model are you using for this solution?
Public Cloud
Disclaimer: I am a real user, and this review is based on my own experience and opinions.
Date published: 2024-02-28T00:00:00-05:00