![](/_next/image?url=%2Fimages%2Fclouds-top-right-back.webp&w=3840&q=75)
![](/_next/image?url=%2Fimages%2Fclouds-bottom-left-back.webp&w=3840&q=75)
Wiz Runtime Sensor
Organizations need a defense-in-depth strategy. The Wiz Runtime Sensor complements the proactive capabilities of the Wiz platform to include:
Real-time monitoring and threat detection
Runtime protection
Real-time response capabilities
Trusted by the most innovative companies in the world
Life Before CNAPP
Before cloud-native application protection platforms (CNAPP), organizations looking to proactively shrink attack surfaces, monitor for threats, and respond swiftly to breaches required juggling multiple, disconnected tools. This meant continually wrestling with challenges like:
Blind Spots
Traditional tools only protect workloads with deployed agents, leaving gaps in control planes and serverless functions. Limited visibility means more time finding vulnerabilities instead of fixing them.
Incomplete, Noisy Assessments
Agent-based solutions lacked cloud context, producing noisy alerts and obscuring crucial attack paths spanning both cloud and workloads.
Performance Impact
Agent-based solutions require constant maintenance and can hinder workload performance, creating friction with developers and adding workload for security teams.
The Solution
Unified Protection From Runtime to Real-Time
As a part of Wiz's CNAPP Solution, the Runtime Sensor enables organizations to create a defense in depth strategy that covers prevention, monitoring, and response for the full protection of cloud workloads. Organizations no longer have to choose between siloed technologies, they can now have the best visibility, risk assessment, and real-time protection and threat detection in a single platform.
Sensor FAQs
How It Works
The Wiz Runtime Sensor is a lightweight eBPF-based agent that can be deployed on Linux hosts and in Kubernetes clusters to provide real-time visibility and monitoring of running processes, network connections, file activity, system calls, and more to detect malicious behavior affecting the workload.
The Sensor in Action
How Wiz Detected a Novel Cryptomining Attack
Using the Runtime Sensor, Wiz detected a new fileless attack targeting cloud workloads called Pyloose. The attack consisted of Python code that loads an XMRig Miner directly into memory using memfd, a known Linux fileless technique.
The Wiz Runtime Sensor can detect these types of fileless threats as the adversary moves through the attack chain, from the initial payload delivery (“Ingress tool was executed”) and fileless payload (“Fileless execution was detected”) execution to the final intended cryptomining activities (“Connection to a known cryptomining pool”).
Read the Threat Research team's full breakdown of Pyloose ->
Customer Success
"The Wiz Sensor adds deep coverage quickly"
"Wiz's agentless solution provides us broad coverage of our environment and the Wiz Sensor adds deep coverage quickly. This enables us to launch and rapidly scale mission-critical products that drive our business growth with a complete cloud security platform that frees up our security team to focus on strategic initiatives."
-E Siu, CISO, RelationalAI
Learn More About the Sensor
Get a personalized demo
Ready to see Wiz in action?
“Best User Experience I have ever seen, provides full visibility to cloud workloads.”
“Wiz provides a single pane of glass to see what is going on in our cloud environments.”
“We know that if Wiz identifies something as critical, it actually is.”