Secure Your Cloud in Real-Time with...

Wiz Runtime Sensor

Organizations need a defense-in-depth strategy. The Wiz Runtime Sensor complements the proactive capabilities of the Wiz platform to include:

  • Real-time monitoring and threat detection 

  • Runtime protection

  • Real-time response capabilities

Trusted by the most innovative companies in the world

The Challenge

Life Before CNAPP

Before cloud-native application protection platforms (CNAPP), organizations looking to proactively shrink attack surfaces, monitor for threats, and respond swiftly to breaches required juggling multiple, disconnected tools. This meant continually wrestling with challenges like:

Blind Spots icon

Blind Spots

Traditional tools only protect workloads with deployed agents, leaving gaps in control planes and serverless functions. Limited visibility means more time finding vulnerabilities instead of fixing them.

Incomplete, Noisy Assessments icon

Incomplete, Noisy Assessments

Agent-based solutions lacked cloud context, producing noisy alerts and obscuring crucial attack paths spanning both cloud and workloads.

Performance Impact icon

Performance Impact

Agent-based solutions require constant maintenance and can hinder workload performance, creating friction with developers and adding workload for security teams.

The Solution

Unified Protection From Runtime to Real-Time

As a part of Wiz's CNAPP Solution, the Runtime Sensor enables organizations to create a defense in depth strategy that covers prevention, monitoring, and response for the full protection of cloud workloads. Organizations no longer have to choose between siloed technologies, they can now have the best visibility, risk assessment, and real-time protection and threat detection in a single platform.

Sensor FAQs

How It Works

The Wiz Runtime Sensor is a lightweight eBPF-based agent that can be deployed on Linux hosts and in Kubernetes clusters to provide real-time visibility and monitoring of running processes, network connections, file activity, system calls, and more to detect malicious behavior affecting the workload.

The Sensor in Action

How Wiz Detected a Novel Cryptomining Attack

Using the Runtime Sensor, Wiz detected a new fileless attack targeting cloud workloads called Pyloose. The attack consisted of Python code that loads an XMRig Miner directly into memory using memfd, a known Linux fileless technique.

The Wiz Runtime Sensor can detect these types of fileless threats as the adversary moves through the attack chain, from the initial payload delivery (“Ingress tool was executed”​) and fileless payload (“Fileless execution was detected”) execution to the final intended cryptomining activities (“Connection to a known cryptomining pool”).

Read the Threat Research team's full breakdown of Pyloose ->

Customer Success

"The Wiz Sensor adds deep coverage quickly"

"Wiz's agentless solution provides us broad coverage of our environment and the Wiz Sensor adds deep coverage quickly. This enables us to launch and rapidly scale mission-critical products that drive our business growth with a complete cloud security platform that frees up our security team to focus on strategic initiatives."

-E Siu, CISO, RelationalAI

Get a personalized demo

Ready to see Wiz in action?

“Best User Experience I have ever seen, provides full visibility to cloud workloads.”
David EstlickCISO
“Wiz provides a single pane of glass to see what is going on in our cloud environments.”
Adam FletcherChief Security Officer
“We know that if Wiz identifies something as critical, it actually is.”
Greg PoniatowskiHead of Threat and Vulnerability Management