Wiz | Blog

How Agoda secures its subsidiaries and migration to the cloud

From securing cloud-native subsidiaries to covering its hybrid cloud deployment and growing cloud migration, Agoda relies on Wiz across the board. Read more.

Security

Securing AWS Lambda function URLs

Learn about the security risks of misconfigured Lambda function URLs and how to properly secure them

Research

Wiz Research discovers "ExtraReplica"— a cross-account database vulnerability in Azure PostgreSQL

Tenant isolation is a fundamental premise of the cloud. Organizations trust that the cloud services they use, especially high value assets such as databases, are isolated from other customers. Wiz Research has discovered a chain of critical vulnerabilities in the widely used Azure Database for PostgreSQL Flexible Server. Dubbed #ExtraReplica,

Customers

Fox democratizes security with Wiz

Fox, the iconic company behind brands such as Fox Sports and Fox Entertainment, has shed many of its legacy approaches to technology and adopted a modern way of doing business. Such a shift has brought a new set of technological challenges to keep up with. Learn how Fox uses Wiz

Security

Addressing the Spring4Shell and CVE-2022-22963 RCE vulnerabilities in cloud environments

Learn how to address Spring4Shell and CVE-2022-22963 RCE vulnerabilities in cloud environments

Research

Hardening your cloud environment against LAPSUS$-like threat actors

Learn how to harden your cloud environment against LAPSUS$-like threat actors

Product

Wiz and ServiceNow VR: Prioritize and respond to cloud vulnerabilities faster

Wiz is excited to announce its new integration with ServiceNow Vulnerability Response (VR), creating a combined vulnerability management workflow that eliminates blind spots and prioritizes risks.

Customers

How Mars affected a sea change in their cloud security

Over 8-12 months with Wiz, Mars was able to affect a sea change in their security posture. They got a full asset inventory of their cloud environment for the first time and were able to make measurable improvements to their security posture across the board. Read more.

Product

Detect and prioritize CISA Known Exploited Vulnerabilities in the cloud with Wiz

For each CVE, the Wiz Research team maintains data from multiple threat intelligence sources and our own independent research. Now that we’ve added support for the new CISA KEV catalog, learn how you can use it in your cloud environment.

Product

Wiz and RegScale: Cloud security compliance management at scale

Learn how to achieve compliance security at scale with Wiz and RegScale, supporting a variety of compliance framework controls.

Security

5 reasons endpoint security agents are not enough

In this post, we discuss five security limitations of endpoint security agents and also explain how adding agentless solutions can improve your cloud environment security.

Research

The top cloud security threats to be aware of in 2022

As more organizations move to the cloud, so do attackers. What can you do to better protect your cloud environment in 2022? Wiz Research has compiled the most pressing cloud security threats and how you can protect against them.

Customers

Blackstone tackles advanced cloud-native security with Wiz

As Blackstone’s Security team explored cloud security solutions, they realized that to achieve the level of risk-centric security they wanted, they needed to find a tool with a deep understanding of cloud that would help them focus on key areas, not isolated issues. And then they found Wiz.

Customers

How Yotpo gets visibility into their AWS environment and cloud risks

Learn how Yotpo creates a DevSecOps culture and gets visibility into their AWS environment

Security

Towards a better cloud vulnerability response model

Who is responsible for doing what when a new cloud vulnerability is disclosed? Right now, it can be hard to know.

Log4Shell

Log4Shell: Wrap all your Log4j fixes before the holidays

The main challenge with Log4j is understanding your existing infrastructure, and identifying the location of all vulnerable Log4j libraries. Follow Wiz's recommendations to wrap it all before the Holidays!

Log4Shell

Log4Shell impact and remediation strategy

A conversation with Igor Tsyganskiy, CTO at Bridgewater Associates and Yinon Costica, Co-founder & VP of Product at Wiz, discussing the immediate dangers and issues with Log4Shell, strategies for remediation, and its long-term impact on cybersecurity as a whole.

Research

NotLegit: Azure App Service vulnerability exposed hundreds of source code repositories

Read about the NotLegit vulnerability discovered by the Wiz Research Team, where the Azure App Service exposed hundreds of source code repositories

Research

Log4Shell 10 days later: Enterprises halfway through patching

Wiz and EY (Ernest & Young) analyzed more than 200 enterprise cloud environments with thousands of cloud accounts. The results were striking: While 93% of all cloud environments are at risk from Log4Shell, on average organizations have patched 45% of their vulnerable cloud resources by Day 10.

Security

Log4Shell Meltdown: How to protect your cloud from this critical RCE threat

Log4Shell Meltdown: How to protect your cloud from this critical RCE threat. In this post, we’ll provide a quick overview of Log4Shell: what it is, its impact, and recommendations for security teams.

Product

Wiz magic shifts left

Fixing vulnerabilities and misconfigurations in the pipeline before deployment makes perfect sense - it reduces the overall threat footprint and saves time. Wiz offers customers a straightforward way to operationalize a Shift Left strategy.

Product

Assess your cloud compliance posture in minutes

With Wiz, you can assess your compliance posture across industry standards and business units at a glance to immediately pinpoint your weak spots.

News

Wiz integrates with the new Amazon Inspector for enhanced security insights, context, and accuracy

Wiz is excited to announce it is a launch partner for the new Amazon Inspector, bringing Amazon Inspector findings together with Wiz insights to give our customers actionable, prioritized and contextually rich security insights.

Security

Security industry call to action: we need a cloud vulnerability database

In the pre-cloud era, the responsibility for security was fully in the hands of the users. As we uncover new types of vulnerabilities, we discover more and more issues that do not fit the current model. Solution: we need a centralized cloud vulnerabilities database.

Research

ChaosDB explained: Azure's Cosmos DB vulnerability walkthrough

This is the full story of the Azure ChaosDB Vulnerability that was discovered and disclosed by the Wiz Research Team, where we were able to gain complete unrestricted access to the databases of several thousand Microsoft Azure customers.