Wiz collects cloud events and alerts from multiple providers, including AWS CloudTrail, Azure Activity Logs, Google Cloud Audit Logs, Amazon GuardDuty, and Google Cloud's Security Command Center. It provides context for the risks identified by the Wiz Security Graph and detects suspicious events and threats via rules continuously updated by Wiz Research. Extend the agentless malware scanning with custom feeds and collect samples, workload logs, and other forensics from cloud workloads. Built-in dynamic scanning validates external exposures, simulating what a potential attacker sees from outside your environment.
Monitor your resources, their actions, file changes, and access across the environment in order to detect and analyze threats in context so that you can prioritize, investigate, and respond quickly to the right risks.
Monitor workload events and cloud activity to rapidly detect known and unknown threats and malicious behavior.
Correlate threats across real-time signals and cloud activity in a unified view to uncover attacker movement in your cloud, so defenders can respond rapidly to limit the impact of a potential incident.
Utilize out-of-the-box response playbooks that are built to allow your team to investigate and isolate affected resources using cloud-native capabilities.
Investigate any event: Allow cloud builders to view activities and events their cloud environment, then investigate them in the context of their infrastructure. This allows security teams to easily manage and provide visibility to any team or member.
Correlate cloud resources: Wiz allows security personnel and analysts to see each cloud event directly connected to the user or machine identity who performed it and the resource it was performed on. This automatic correlation makes it much easier to analyze and understand the cloud, network, IAM, and workload context in one place.
Layer in architectural context: Inspect threats and activities based on their context instead of predefined resources that continuously change. Define the search logic, then let Wiz connect everything else.
Prioritize with risk: Overlay the detections with the underlying infrastructure and risk context. Address the threats that affect the weakest or most valuable resources to focus cloud defenders’ efforts.
Investigate with the graph: Quickly understand the impact of each detection by correlating it on the Wiz Security Graph with associated network, identity, or exposed secrets risks that may jeopardize your environment.
Respond at scale: Leverage playbooks that allow teams to act at scale across clouds to gather relevant information or isolate resources and harden the environment.
Simulate an attacker’s actions: Get a deep understanding of an attacker's behavior by analyzing external exposure from the outside. Augment your investigation with a screenshot of the attacker's view.
Validate risks and prioritize issues: The dynamic scanner can be used to validate the exposure status of ports and IP addresses that have been identified as exposed based on your cloud network configurations. Rapidly prioritize and remediate the most critical issues with more risk context.
Identify misconfigured APIs: Reduce your attack surface with detection and alerting for misconfigured APIs, including those that allow unauthenticated requests, expose secrets, or expose sensitive data.