Wiz
Secure Your Cloud in Real-Time with...

Wiz Runtime Sensor

Organizations need a defense-in-depth strategy. The Wiz Runtime Sensor complements the proactive capabilities of the Wiz platform to include:

  • Real-time monitoring and threat detection 

  • Runtime protection

  • Real-time response capabilities

Trusted by the most innovative companies in the world

The Challenge

Life Before CNAPP

Before cloud-native application protection platforms (CNAPP), organizations looking to proactively shrink attack surfaces, monitor for threats, and respond swiftly to breaches required juggling multiple, disconnected tools. This meant continually wrestling with challenges like:

Blind Spots icon

Blind Spots

Traditional tools only protect workloads with deployed agents, leaving gaps in control planes and serverless functions. Limited visibility means more time finding vulnerabilities instead of fixing them.

Incomplete, Noisy Assessments icon

Incomplete, Noisy Assessments

Agent-based solutions lacked cloud context, producing noisy alerts and obscuring crucial attack paths spanning both cloud and workloads.

Performance Impact icon

Performance Impact

Agent-based solutions require constant maintenance and can hinder workload performance, creating friction with developers and adding workload for security teams.

The Solution

Unified Protection From Runtime to Real-Time

As a part of Wiz's CNAPP Solution, the Runtime Sensor enables organizations to create a defense in depth strategy that covers prevention, monitoring, and response for the full protection of cloud workloads. Organizations no longer have to choose between siloed technologies, they can now have the best visibility, risk assessment, and real-time protection and threat detection in a single platform.

Get a demo
Sensor FAQs

How It Works

The Wiz Runtime Sensor is a lightweight eBPF-based agent that can be deployed on Linux hosts and in Kubernetes clusters to provide real-time visibility and monitoring of running processes, network connections, file activity, system calls, and more to detect malicious behavior affecting the workload.

The Sensor in Action

How Wiz Detected a Novel Cryptomining Attack

Using the Runtime Sensor, Wiz detected a new fileless attack targeting cloud workloads called Pyloose. The attack consisted of Python code that loads an XMRig Miner directly into memory using memfd, a known Linux fileless technique.

The Wiz Runtime Sensor can detect these types of fileless threats as the adversary moves through the attack chain, from the initial payload delivery (“Ingress tool was executed”​) and fileless payload (“Fileless execution was detected”) execution to the final intended cryptomining activities (“Connection to a known cryptomining pool”).

Read the Threat Research team's full breakdown of Pyloose ->

Customer Success

"The Wiz Sensor adds deep coverage quickly"

"Wiz's agentless solution provides us broad coverage of our environment and the Wiz Sensor adds deep coverage quickly. This enables us to launch and rapidly scale mission-critical products that drive our business growth with a complete cloud security platform that frees up our security team to focus on strategic initiatives."

-E Siu, CISO, RelationalAI

Learn More About the Sensor

Expanding coverage with Linux runtime

Wiz announces its Runtime Sensor for Linux, expanding coverage of threat detection and response for cloud workloads.
Read more

Wiz enhances real-time threat detection and response capabilities to stop threats from becoming incidents

The Wiz Runtime Sensor for Kubernetes graduates to general availability with proven ability to detect cloud attacks, greater customization for detections, and new cloud-native response capabilities
Read more

Ta-da! Wiz launches Runtime Sensor to provide real-time detection and response

Agentless visibility and risk assessment paired with Wiz Runtime Sensor real-time detection for the best of both worlds
Read more

CTO Point of View: Why Wiz is launching a Runtime Sensor

Today we are excited to announce the Wiz Runtime Sensor. The sensor collects signals in real-time from the workload runtime to simplify threat detection and response in the cloud as part of our Cloud Detection and Response (CDR) capabilities.
Read more

Unveiling eBPF: Harnessing Its Power to Solve Real-World Issues

Dive in a Kubernetes attack and see how eBPF and other security best practices can prevent these attacks.
Read more

Container Runtime Security

Container runtime security is the combination of measures and technology implemented to protect containerized applications at the runtime stage.
Read more
    Get a personalized demo

    Ready to see Wiz in action?

    “Best User Experience I have ever seen, provides full visibility to cloud workloads.”
    David EstlickCISO
    “Wiz provides a single pane of glass to see what is going on in our cloud environments.”
    Adam FletcherChief Security Officer
    “We know that if Wiz identifies something as critical, it actually is.”
    Greg PoniatowskiHead of Threat and Vulnerability Management
    Get a demo