Wiz Defend is Here: Threat detection and response for cloud

Wiz becomes the first CNAPP to provide end-to-end cloud forensics experience

Wiz helps simplify incident response in the cloud for faster investigation of security incidents.

2 minutes read

In today's fast-paced digital landscape, as businesses of all sizes are moving to the cloud, cloud security becomes a top priority for organizations worldwide. With the ever-evolving threats and sophisticated cyber-attacks, it is crucial to have both robust measures in place to protect the crown jewels in your environment and the tools to respond effectively if such incident occurs. Once an environment is compromised, security and incident response teams need to quickly understand what the incident root cause was and the potential blast radius. Without the right tools and processes, this can be a very manual and time-consuming process, especially across different accounts and permissions. This need was recently emphasized in Gartner’s emerging technology report, citing that product leaders should adopt emerging cloud technologies such as Cloud Investigation and Response Automation (CIRA) to address demand for expanding data collection, analysis, collaboration and future business models. 

Today, we’re excited to launch our Digital Forensics capabilities, helping organizations respond quickly to threats in modern cloud environments by gaining forensic-level detail on incidents automatically using a cloud-native approach

After a security incident occurs, having the relevant data quickly and accurately is top priority, and it is crucial to not interrupt business continuity. When an organization is alerted on a potential incident, either from cloud detection & response or from an EDR solution, security and incident response teams can easily use Wiz Digital Forensics to copy volumes of the potentially compromised workload to a dedicated forensic account and then mount them for a deeper forensic investigation. This process that usually takes hours or even days can now be triggered at the click of a button with no overhead and maintenance needed from these teams. Using an agentless approach for copying volumes helps the teams avoid running intrusive scripts based on the different cloud provider APIs and does not impact the performance of running workloads. 

Wiz Digital Forensics also allows those teams to immediately access the important security logs and artifacts of the potentially compromised machine directly by downloading a forensic investigation package that includes the information needed for the incident first triage. The forensics package is collected agentlessly without needing to run any collection tools or self-developed scripts on the compromised workload. Organizations that use our newly launched Runtime Sensor can also receive a runtime forensic package that includes information on running processes, commands executed, and IPs used for network connectivity. 

Incident response in the cloud doesn’t have to be complicated or time consuming. Wiz Digital Forensics helps narrow the scope of the investigation significantly and automates the evidence collection process so security teams can move quicker to containment, eradication, and recovery. 

Copy machine volumes and download Forensics investigation package directly from the Wiz platform.

In short, Wiz Digital Forensics provides you with: 

  • Faster incident investigation: Enable security and incident response teams to collect the necessary information and collaborate over one platform to immediately start analyzing the root cause of an incident. 

  • Seamless data capture across clouds: Gain forensic-level details into cloud and containerized environments by downloading forensic packages and on-demand copy volumes to any forensic accounts of compromised workloads. 

  • Secure chain of custody: Provide organizations peace of mind by maintaining the relevant logs and artifacts in a raw and unprocessed form.  

Our new Digital Forensics capabilities help security and incident response teams to investigate incidents faster with end-to-end forensics experience. You can learn more about Forensics in the Wiz docs (login needed). If you prefer a live demo, we would love to connect with you. 

Continue reading

Wiz at Re:Inforce 2023

See what is new with Wiz at Re:Inforce and learn about how Wiz and AWS continue to strengthen a strategic relationship to secure customers’ AWS environments.

Get a personalized demo

Ready to see Wiz in action?

“Best User Experience I have ever seen, provides full visibility to cloud workloads.”
David EstlickCISO
“Wiz provides a single pane of glass to see what is going on in our cloud environments.”
Adam FletcherChief Security Officer
“We know that if Wiz identifies something as critical, it actually is.”
Greg PoniatowskiHead of Threat and Vulnerability Management