A holistic cloud security solution
An agentless, graph-based approach that enables comprehensive risk assessment across the entire security stack.
Host VM and container images are scanned to identify vulnerabilities, malware, and exposed secrets across packages, libraries, and applications. Additionally, cluster architecture is mapped. With Wiz-cli, DevOps can prevent vulnerable images from ever running in the first place and continuously enforce container immutability by preventing drift from golden images.
Wiz discovers vulnerabilities across host OS, container images and serverless functions and details each CVE, end-of-life applications, unpatched OSs, and more. VMs and container images are also scanned for malicious software. Workload scanning is architecture agnostic and can run both in the development pipeline (via Wiz-cli) as well as in the running environment.
Wiz discovers all technologies running in your cloud estate and continuously assesses resources for misconfigurations and other risks like end-of-life software. The full stack is monitored for compliance violations, and custom frameworks enable unlimited flexibility to meet the governance requirements of any regulated organization.
Wiz determines the end-to-end network path for VMs, containers and serverless functions by calculating their true effective exposure (across ports, protocols, and IP addresses) for every cloud object based on analyses of security groups, firewall rules, routing tables, and more.
Wiz easily answers complex questions like “who has effective write access to a bucket?” or “Is the SNS available to principals outside of the organization, or to other accounts?” By calculating the net effective permissions and providing a unified view of both user and machine identities, you can easily rightsize permissions and achieve least privilege access.
Wiz identifies vulnerabilities, misconfigurations, compliance violations, and exposed secrets in Infrastructure-as-Code (IaC) templates, container and VM images. Wiz Guardrails extends a single policy framework to the entire development pipeline.
Wiz discovers several types of secrets (API keys, certificates, access/encryption keys, cleartext data, etc.) and performs lateral movement risk analysis to map pathways to access insecurely stored secrets, workloads that contain secrets that belong to privileged users, and other toxic combinations.
Cloud environments perform optimally when processes are highly automated, which requires numerous points of integration into existing workflows across different teams. Wiz offers dozens of out-of-the-box integrations for common SIEM, SOAR, ticketing, and messaging tools. It also integrates with CI/CD tools like Jenkins or Azure DevOps and offers a fully extensible API for unlimited workflow customizations.