For years, cloud security has centered around infrastructure. Tools surface risk in terms of resources, clusters, subscriptions, and accounts. That lens is powerful — it gives security teams visibility into the full blast radius of an issue. But it misses important context into the applications and services that development teams actually build and own.
Modern cloud applications are made up of distributed microservices, APIs, containers, and ephemeral components. When security findings are tied to infrastructure, it’s hard for developers to understand and manage the security posture of services they own, and hard for security to identify the right owners for fixes. That disconnect creates friction across teams:
Developers are on the hook for remediation, but ownership is unclear
The same security issue shows up on dozens of resources with no clear grouping, leading to duplicate work
Teams are overwhelmed with noise –ephemeral resources, duplicate issues, false priorities—instead of seeing patterns and root causes
What’s been missing is a shared view of risk that aligns security to the way applications are built and maintained.
That’s where the Wiz Service Catalog comes in.
Get a service-centric view of cloud risk
The Wiz Service Catalog gives security teams, platform teams, and developers a shared view into cloud risk — organized by the services they own.
It works by automatically grouping related cloud resources into services: logical units that reflect how teams build and run applications. Each service includes the resources it depends on, the environment it runs in, who owns it, and all the relevant security findings tied to it.
This means developers get a complete picture of their service’s security posture and can proactively monitor and address risk.
A service can include:
Cloud resources (VMs, containers, storage)
Environment tags (like staging or production)
Ownership metadata
Linked issues and vulnerabilities
Developers can visualize a service in the security graph to see relationships between the resources, risks, and attack paths for the service they own.
Define once, scale everywhere
You can use Wiz’s built-in service discovery rules to automatically detect services based on best practices tagging convention and support for tools like Helm and ArgoCD. Or, define custom service discovery rules using tags, annotations, or patterns that match your internal taxonomy.
Once set, Wiz scales those definitions, identifying services across your entire environment. Suggested services are automatically surfaced for review, making it easy to accept and add them to service catalog. Services can even span across projects while inheriting the right environment context.
Democratize security ownership
When ownership is clear, remediation gets faster. Service Catalog makes it easier for cloud security and platform teams to identify the service owner for an issue, so they know exactly who to assign for a fix.
What’s more, developers can proactively take charge of the security posture of the services they own and maintain. With a unified view of all issues and vulnerabilities for their service, they can self-serve to understand and resolve issues — no back-and-forth needed with the security team. They can automate how they are notified about issues related to their service so that they can get tickets or messages in their own workflows. Everyone sees the same picture of the service, minimizing friction between teams.
Minimize noise and focus on what matters
Wiz helps teams spot patterns across resources by automatically grouping repeated issues into a single service issue. Instead of fixing the same misconfiguration 20 times, you fix it once — at the source.
This approach:
Shows how widespread an issue is
Helps teams address root causes
Keeps the service issue open until it’s fully resolved across the board
Wiz takes a similarly developer-friendly approach to vulnerabilities, grouping them by component. Developers can see all the vulnerabilities associated with a component, the number of resources that use the component, and the update version required for a fix. This enables developers to prioritize updates for the most vulnerable and widely used components in their service.
The result: less noise, smarter remediation, and no wasted effort.
Lay the foundation for a new approach to cloud security
Wiz Service Catalog lays the foundation for an application and service-centric approach to cloud security. This approach democratizes security by empowering developers to own the security posture of the services they are responsible for.
In the coming months, we plan to enhance the service catalog with new features that will further enable this approach at scale. These include:
Related resources: Automatically discover new resources related to your services, so you can easily keep services up to date.
Service Ownership: Automatic service owner suggestions based on code and cloud ownership context and 3rd party integrations.
Code to cloud service visibility: Expand the graph view for each service to map relationships between services, infrastructure, and the underlying application code.
Available today
Wiz Service Catalog is now in public preview for all customers. No extra licensing or setup required — just log in and start defining services to see your environment in a new light.
