A scan can find risks, but without context, it is impossible to know which ones truly matter. A vulnerability may look critical, but if it is not accessible from the internet, it is not as significant as it seems. At the same time, a truly exposed critical vulnerability can slip past the noise and put your business at risk. The challenge for security teams is maintaining visibility: knowing which risks are real and which have already been contained.
Wiz already connects context across code, cloud, and runtime, providing teams with a simple and accurate way to focus on the issues that matter most. Now, through our partnership with Check Point, we are extending that context to include the network defenses customers already use to protect their environments.
Through this integration, Wiz surfaces cloud risks and shares them with Check Point where CloudGuard and Infinity Threat Exposure Management (CTEM) validate existing protections and apply prevention where needed. At the same time, Wiz ingests Check Point's firewall context and brings it into the Wiz Security Graph. This shows which resources are already protected and how rules shape exposure paths. The result is a clearer view of risks and defenses, prioritized by real exposure.
Network context meets cloud security
Wiz provides teams with the clearest picture of cloud exposure, validating which risks are truly exploitable and which are not with our Dynamic Scanner. With the Check Point integration, that visibility now extends to the CloudGuard firewalls our mutual customers rely on. By bringing this context into the Wiz Security Graph, teams can see which resources are protected by CloudGuard policies and which remain exposed to the internet.
Extended visibility: Wiz ingests CloudGuard appliances and rule configurations into the Wiz Security Graph. Customers see CloudGuard devices and rules next to cloud resources and risks, giving clear context on how those network controls relate to each asset.
Validated exposure: Wiz adds CloudGuard network addresses to its internet-facing validation process and scans from the internet with our Dynamic scanner to confirm reachability. This validation step ensures teams know not only where a finding exists, but whether it’s actually reachable from the internet.
Safer remediation: Wiz forwards discovered vulnerabilities to Check Point so Infinity has the data it needs to analyze risk. Infinity evaluates those vulnerabilities against CloudGuard policies and, when appropriate, can recommend or apply protections such as virtual patching through CloudGuard IPS. That enforcement helps block exploit attempts while engineers safely remediate the root cause.
The result is stronger, more precise prioritization built on Wiz’s existing visibility and prioritization with the extended context of Check Point network appliances.
How Wiz and Check Point close the loop
The Wiz and Check Point integration creates a workflow that helps teams act faster and with more confidence. Here is how the integration works today:
Wiz identifies risk and maps defenses: Wiz continuously scans cloud environments, from code to runtime, surfacing misconfigurations, vulnerabilities, and toxic combinations. Wiz also detects where CloudGuard firewall are deployed and ingests their configuration into the Security Graph, so those devices and rules are included in attack path analysis. Wiz then validates exposures from the internet using our Dynamic Scanner.
Check Point evaluates and enforces: Wiz forwards discovered vulnerabilities to Check Point Infinity, which evaluates those vulnerabilities against CloudGuard firewall and IPS policies and, when appropriate, recommends or applies protections such as enabling IPS signatures or adjusting rules. Those protections are enforced in CloudGuard to reduce exploitability quickly.
The result is a unified view of cloud risks and network defenses, with the ability to quickly apply protections when they are most critical.
Faster fixes, fewer blind spots
This integration makes cloud security simpler and more effective, allowing teams to focus on what truly matters.
Reduced friction between cloud and network teams: Instead of manual handoffs and guesswork, Wiz shows CloudGuard configuration next to cloud assets and forwards vulnerabilities to Check Point for rapid evaluation. That shared context reduces coordination overhead and duplicated effort.
Smarter decisions with more context: By combining CloudGuard configuration in the Security Graph with internet-facing validation, teams have more context to understand how network controls map to cloud assets.
Faster, safer remediation: When Check Point Infinity determines a vulnerability is exploitable, it can enable protections such as virtual patching through CloudGuard IPS to block exploit attempts while engineering teams fix the root cause. That gives teams breathing room without risky, last-minute changes.
Adaptive protection at scale: CloudGuard applies adaptive network controls across public, private, and hybrid environments. Combined with Wiz’s continuous risk scanning and exposure analysis, customers get protection that scales as their cloud footprint changes.
Turning shared context into stronger security
The Wiz and Check Point integration combines Wiz’s visibility across code, cloud, and runtime with Check Point’s network defenses. By combining network context with cloud visibility in the Wiz Security Graph, customers can distinguish between issues already protected and those that may leave assets exposed.
With shared context and automated protections, security teams can prioritize risks faster, fix issues with confidence, and scale security alongside their growing cloud footprint. Mutual customers can enable this integration today to reduce blind spots and strengthen defenses across every layer of their environment. Want to see the integration in action? Join our webinar, or explore the integration docs to dive into the details.
