Wiz
By Wiz
The agentless CNAPP that connects to cloud accounts through provider APIs and builds a security graph of resources, identities, network exposure, and data, correlating findings into attack paths rather than flat lists. Google's ~$32B acquisition of Wiz closed in March 2026; the platform continues under the Wiz brand inside Google Cloud and remains multi-cloud.
- Product type
- Software
- Deployment
- SaaS
- Organization size
- Mid-marketEnterprise
- Pricing tier
- $$$
How Wiz measures up against the full Cloud-Native Application Protection / Posture Management taxonomy.
- Misconfiguration detection (CSPM) — supported
- Flags cloud configuration drift against benchmarks like CIS and provider best practices.
- Agentless workload scanning — supported
- Scans workloads via cloud provider APIs or snapshots without deploying agents.
- Cloud entitlement management (CIEM) — supported
- Identifies excessive or unused permissions across cloud identities.
- Attack path analysis — supported
- Correlates findings across identity, network, and data exposure to surface exploitable attack paths.
- Infrastructure-as-code scanning — supported
- Catches misconfigurations in Terraform and CloudFormation before they're deployed.
- Vulnerability prioritization — supported
- Finds and ranks OS and package CVEs across cloud workloads by real-world exploitability.
- Compliance benchmark mapping — supported
- Continuously maps posture to frameworks like CIS, SOC 2, and PCI.
Alternatives
Other Cloud-Native Application Protection / Posture Management tools with overlapping capabilities, sized for similar teams.
Appears in stacks
Real-world stacks that include Wiz.
Enterprise defense-in-depth
A multi-thousand-employee enterprise operating across regions, with dedicated security engineering teams, regulatory obligations, and enough staff to run overlapping controls from several vendors.
Cloud-native DevSecOps
An engineering-led technology company running its product entirely on containers, Kubernetes, and public cloud infrastructure, where a small platform or security engineering team embeds controls directly into CI/CD pipelines rather than running a traditional SOC, and developers are expected to fix what their own pipeline flags.