Wiz Research builds upon previous “OMIGOD” findings with a presentation at RSA Conference 2022; details how cloud middleware use across cloud service providers can expose customers' virtual machines to new attack vectors

Our introduction of attack path analysis (APA) and Cloud Detection and Response (CDR) further enriches the context provided by our foundational Wiz Security Graph.

Wiz Cloud Detection and Response (CDR) enables cloud security teams to detect and respond with context and real time cloud events to quickly identify threats as they unfoldWiz also introduces Wiz Advanced Control, identifying critical risks before they become threats with the first automated, cross-cloud, cross-account attack path analysis (APA)

Fortune 500’s Avery Dennison among enterprises that operate securely on OCI and other cloud infrastructure with Wiz

We can’t wait to see many of you at RSA Conference 2022 in San Francisco, June 6-9. Check out a demo at our booth, attend a Wiz speaking session, or unwind at our SFMOMA party!

From securing cloud-native subsidiaries to covering its hybrid cloud deployment and growing cloud migration, Agoda relies on Wiz across the board. Read more.

Learn about the security risks of misconfigured Lambda function URLs and how to properly secure them

Tenant isolation is a fundamental premise of the cloud. Organizations trust that the cloud services they use, especially high value assets such as databases, are isolated from other customers. Wiz Research has discovered a chain of critical vulnerabilities in the widely used Azure Database for PostgreSQL Flexible Server. Dubbed #ExtraReplica,

Fox, the iconic company behind brands such as Fox Sports and Fox Entertainment, has shed many of its legacy approaches to technology and adopted a modern way of doing business. Such a shift has brought a new set of technological challenges to keep up with. Learn how Fox uses Wiz

Learn how to address Spring4Shell and CVE-2022-22963 RCE vulnerabilities in cloud environments

Learn how to harden your cloud environment against LAPSUS$-like threat actors

Wiz is excited to announce its new integration with ServiceNow Vulnerability Response (VR), creating a combined vulnerability management workflow that eliminates blind spots and prioritizes risks.

Over 8-12 months with Wiz, Mars was able to affect a sea change in their security posture. They got a full asset inventory of their cloud environment for the first time and were able to make measurable improvements to their security posture across the board. Read more.

For each CVE, the Wiz Research team maintains data from multiple threat intelligence sources and our own independent research. Now that we’ve added support for the new CISA KEV catalog, learn how you can use it in your cloud environment.

Learn how to achieve compliance security at scale with Wiz and RegScale, supporting a variety of compliance framework controls.

In this post, we discuss five security limitations of endpoint security agents and also explain how adding agentless solutions can improve your cloud environment security.

As more organizations move to the cloud, so do attackers. What can you do to better protect your cloud environment in 2022? Wiz Research has compiled the most pressing cloud security threats and how you can protect against them.

As Blackstone’s Security team explored cloud security solutions, they realized that to achieve the level of risk-centric security they wanted, they needed to find a tool with a deep understanding of cloud that would help them focus on key areas, not isolated issues. And then they found Wiz.

Learn how Yotpo creates a DevSecOps culture and gets visibility into their AWS environment

Who is responsible for doing what when a new cloud vulnerability is disclosed? Right now, it can be hard to know.

The main challenge with Log4j is understanding your existing infrastructure, and identifying the location of all vulnerable Log4j libraries. Follow Wiz's recommendations to wrap it all before the Holidays!

A conversation with Igor Tsyganskiy, CTO at Bridgewater Associates and Yinon Costica, Co-founder & VP of Product at Wiz, discussing the immediate dangers and issues with Log4Shell, strategies for remediation, and its long-term impact on cybersecurity as a whole.

Read about the NotLegit vulnerability discovered by the Wiz Research Team, where the Azure App Service exposed hundreds of source code repositories

Wiz and EY (Ernest & Young) analyzed more than 200 enterprise cloud environments with thousands of cloud accounts. The results were striking: While 93% of all cloud environments are at risk from Log4Shell, on average organizations have patched 45% of their vulnerable cloud resources by Day 10.

Log4Shell Meltdown: How to protect your cloud from this critical RCE threat. In this post, we’ll provide a quick overview of Log4Shell: what it is, its impact, and recommendations for security teams.

Fixing vulnerabilities and misconfigurations in the pipeline before deployment makes perfect sense - it reduces the overall threat footprint and saves time. Wiz offers customers a straightforward way to operationalize a Shift Left strategy.

With Wiz, you can assess your compliance posture across industry standards and business units at a glance to immediately pinpoint your weak spots.

Wiz is excited to announce it is a launch partner for the new Amazon Inspector, bringing Amazon Inspector findings together with Wiz insights to give our customers actionable, prioritized and contextually rich security insights.

In the pre-cloud era, the responsibility for security was fully in the hands of the users. As we uncover new types of vulnerabilities, we discover more and more issues that do not fit the current model. Solution: we need a centralized cloud vulnerabilities database.

This is the full story of the Azure ChaosDB Vulnerability that was discovered and disclosed by the Wiz Research Team, where we were able to gain complete unrestricted access to the databases of several thousand Microsoft Azure customers.

A summary and recording of Wiz's talk at BlackHat Europe 2022: the full extent of ChaosDB, the impact it had, and the questions it raises about security in managed cloud services.

Customers have come to realize ignorance isn’t bliss. Cloud has gotten too big and unwieldy for most companies to effectively manage on their own. That’s where Wiz comes in.

Learn how to protect cloud environments from the new critical Apache HTTP Server vulnerability.

Learn how to protect your cloud environment from supply chain attacks.

In this post, we’re going to dive into the role and limitations of security agents in the cloud, and put forth a different approach for cloud infrastructure security: agentless deep scanning.

Wiz Research discovered OMIGOD and has put together a video explaining everything you need to know about it.

Wiz Research recently found 4 critical vulnerabilities in OMI, which is one of Azure's most ubiquitous yet least known software agents and is deployed on a large portion of Linux VMs in Azure.

Wiz Research recently discovered a series of alarming vulnerabilities that highlight the supply chain risk of open source code, particularly for customers of cloud computing services.

The first half of 2021 has been incredible for Wiz. Fueled by an additional $250M in funding ($350M total) from Sequoia, Index Ventures, Insight, Salesforce, Blackstone, Advent, Greenoaks, and Aglaé Wiz has grown at a blistering pace, going from 25 employees at the start of the year to 120 today.

Cloud has driven innovation and agility for organizations, but for security teams it has also brought new levels of complexity around people, processes, and technology. Today’s elastic cloud environments have introduced new risks that security must develop approaches to address. Recently, CxO hosted a webinar and security executive roundtable

Wiz Research found an unprecedented critical vulnerability in Azure Cosmos DB. The vulnerability gives any Azure user full admin access (read, write, delete) to another customers Cosmos DB instances without authorization.

As part of building a market-leading CNAPP, Wiz Research is constantly looking for new attack surfaces in the cloud. Two weeks ago we discovered an unprecedented breach that affects Azure’s flagship database service, Cosmos DB.

CNAPP stands for Cloud-Native Application Protection Platform. The term was coined by Gartner, who recognized the expanding needs that go into securing applications in the cloud.

At Black Hat on Wednesday, Wiz researchers disclosed a vulnerability in DNS hosting services that affects millions of corporate endpoints.

Last November, Wiz Research mapped all the services in AWS that allow access from other accounts to see if any of them might inadvertently expose customers and discovered 3 vulnerabilities in different AWS services that allowed anyone to read or write into the accounts of other AWS customers.

Wiz CTO Ami Luttwak discusses a new class of vulnerabilities discovered by Wiz Research, which exposed valuable dynamic DNS data from millions of endpoints worldwide.

The 10 must-attend sessions at Black Hat 2021

Last week Wiz closed its Series B, which we had previously announced in March, with an additional $120 million investment from Salesforce Ventures and Blackstone with participation from Aglaé Ventures.

The report breaks down the current state of the cloud security market and provides an analysis of Wiz’s product strategy, technology, competitors, and more. It’s essential reading for anyone looking for an objective third-party perspective on Wiz and the rapidly developing cloud security market.

Wiz becomes fastest growing security startup ever with new $1.7B valuation

With an estimated 90% of cloud workloads running Linux based OS, with sudo being common across distributions, many Linux cloud assets are at risk and may be affected. Versions released as far back as 2011 are affected by this vulnerability.

Cloud identity permissions are complex. So complex that innocent looking permissions provided to 3rd party vendors can lead to unintended exposure of all of your data.

SolarWinds attack explained by Wiz CTO Ami Luttwak

Today, we’re announcing a milestone in that journey: a $100M Series A funding round led by Index Ventures, Sequoia Capital, Insight Partners, and Cyberstarts.