Wiz

About Wiz

Wiz is a cloud-native application protection platform (CNAPP) that provides unified visibility into the security posture of cloud infrastructure without requiring agents or network sensors. By connecting directly to cloud provider APIs, Wiz builds a dynamic graph of all cloud resources, identities, data assets, and their relationships, enabling security teams to understand their entire cloud attack surface within minutes of deployment. The platform covers infrastructure as code (IaC) security, container and Kubernetes scanning, secrets detection, cloud entitlement analysis (CIEM), and runtime threat detection. The platform's AI capabilities, branded as Wiz AI, use large language models to generate human-readable explanations of complex security findings, suggest remediation steps, and enable natural-language querying of the cloud environment. Security analysts can ask questions such as 'which internet-exposed VMs contain sensitive data and have critical CVEs?' and receive answers drawn directly from the Wiz Security Graph, dramatically reducing investigation time. For compliance teams, Wiz ships with more than 80 built-in compliance frameworks including CIS benchmarks, NIST CSF, ISO 27001, SOC 2, PCI DSS, HIPAA, GDPR, and cloud-specific standards. The platform continuously assesses cloud resources against these frameworks, generates audit-ready reports, and tracks remediation progress. Custom policies can be authored using Wiz Query Language (WQL) to address organisation-specific or regulator-specific control requirements. Wiz holds SOC 2 Type II and ISO 27001 certifications and offers flexible data residency with tenant isolation hosted on the customer's preferred cloud region. Data Processing Agreements are available for GDPR compliance. Wiz does not store customer workload data; it processes cloud metadata only, which significantly reduces the data exposure surface compared to agent-based solutions. Adopted by more than 45% of the Fortune 100, Wiz has become the leading cloud security platform for enterprises with strict compliance requirements. Its breadth of supported frameworks, continuous posture monitoring, and AI-accelerated investigation workflow make it a strong fit for regulated industries including financial services, healthcare, and technology companies operating under DORA, SOX, or PCI DSS obligations.