Wiz Cloud Security Platform - Full Video Demo
Summary
TLDRWhiz, a cloud security platform, empowers organizations to simplify their cloud journey by addressing security challenges with an intuitive interface built on a security graph. It offers deep visibility into cloud environments through configuration and workload analysis, identifying vulnerabilities and their actual risk with context. Whiz supports various cloud platforms, providing real-time event monitoring, custom controls, and smart remediation. Its projects and workflows foster collaboration between security and development teams, democratizing cloud security and making Whiz a standout choice for cloud protection.
Takeaways
- đĄïž Wiz is a cloud security platform trusted by over 30% of the Fortune 100 companies to protect their cloud infrastructure and simplify their cloud journey.
- đ Wiz addresses cloud security challenges with a context-aware approach, providing a simple and intuitive user interface built on a security graph.
- đ The platform offers a comprehensive view of actual risk by combining context such as workload, cloud configuration, network exposure, identity, and business teams with vulnerability data.
- đ Wiz connects to cloud APIs and supports various virtualized compute platforms like AWS, Azure, GCP, Alibaba Cloud, Oracle Cloud, and more, with an agentless connection for deeper visibility.
- đ Wiz uses a combination of configuration analysis, image scans, and snapshot scanning to provide an in-depth analysis of cloud resources without the need for agents.
- đșïž The Wiz security graph is a model of cloud architecture that maps interconnections between cloud resources and layers traditional scanning results onto the graph for a clear view of risk.
- đ Wiz identifies critical risks and provides context to understand the impact, prioritizing issues and suggesting smart remediation steps for resolution.
- đ„ Wiz supports role-based access control and projects to segment the cloud environment, enabling teams to manage their part of the infrastructure autonomously.
- đ The platform offers automated executive reports and real-time monitoring of cloud events for suspicious activities, enhancing security and compliance.
- đ ïž Wiz integrates with CI/CD pipelines, allowing security assessments during deployment by scanning infrastructure code, templates, container images, and VM images.
- đ» Wiz's user interface has been described by clients as one of the best they have ever seen for a security product, contributing to its fast growth and adoption.
Q & A
What is the primary function of Wiz?
-Wiz is a cloud security platform designed to address the security challenges of the cloud, providing a comprehensive view of actual risk with context, served in a simple and intuitive user interface built on the way security graph.
How does Wiz enhance the understanding of a vulnerability's risk to an organization?
-Wiz enhances the understanding of a vulnerability's risk by adding workload context, cloud context, and business context, which helps determine the actual risk to the organization, including why it's important and which team is responsible.
What is the significance of the 'context' in Wiz's approach to security?
-The 'context' in Wiz's approach is significant because it provides a more actionable and complete view of the actual risk by considering factors such as inventory, exposed secrets, resource configuration, network exposure, identity, and business teams.
Which cloud platforms does Wiz support?
-Wiz supports a wide range of virtualized compute platforms including AWS, Azure, GCP, Alibaba Cloud, Oracle Cloud, and more, through an agentless connection via simple API connections.
How does Wiz's snapshot scanning differ from traditional scanning methods?
-Snapshot scanning is a cloud-native approach that allows Wiz to analyze a snapshot of the disk without installing any agents, providing deeper visibility into what's running on cloud resources without the need for traditional agents.
What is the role of the Wiz graph database in the platform?
-The Wiz graph database serves as a model of the user's cloud architecture, mapping the interconnections between all cloud resources, and layering the results of traditional scanning and cloud risk engine analysis to provide a clear view of risks and their impact.
How does Wiz prioritize risks for users?
-Wiz prioritizes risks by using the security graph to surface toxic combinations and attack paths, allowing for powerful prioritization based on the context and impact of the risks identified.
What are 'controls' in the context of Wiz, and how do they work?
-Controls in Wiz are mechanisms that generate issues or alerts whenever certain conditions are met, such as a resource being exposed to the internet with sensitive data access. They can be customized and are part of Wiz's out-of-the-box compliance standards.
How does Wiz assist with compliance and regulatory standards?
-Wiz comes with hundreds of out-of-the-box controls that meet compliance standards like CIS, GDPR, HIPAA, and more than 100 other compliance frameworks, providing automated executive reports for busy executives.
What is the purpose of the 'events explorer' feature in Wiz?
-The events explorer feature in Wiz monitors cloud events and potentially harmful changes in real-time, allowing for the detection of suspicious events and providing powerful tools for investigation with the context of the security graph.
How does Wiz facilitate the integration of security into the development process?
-Wiz facilitates integration into the development process by allowing for the embedding of security practices within projects, enabling role-based access and project-level actions that connect to specific communication channels, promoting autonomous risk mitigation by development teams.
Outlines
đĄïž Cloud Security Platform Overview
The first paragraph introduces Whiz, a cloud security platform trusted by over 30% of Fortune 100 companies. Whiz addresses security challenges with a simple, intuitive user interface built on a security graph. The platform provides context-aware vulnerability assessments by considering workload, cloud, and business context. It connects to cloud APIs and uses a combination of configuration analysis, image scans, and snapshot scanning without the need for agents. The Whiz platform offers a full inventory of cloud environments, mapping resources and interconnections on the Wiz graph database, which layers traditional scanning results and advanced risk analysis to provide a comprehensive view of cloud architecture and potential security threats.
đ Advanced Risk Analysis and Issue Resolution
The second paragraph delves into Whiz's advanced risk analysis capabilities, emphasizing the importance of context in accurately identifying and prioritizing security issues. Whiz uses the security graph to understand the impact of exposed secrets and suggests smart remediation strategies, such as right-sizing unused permissions based on actual usage. The platform automates resolutions and workflows, integrating with development tools like JIRA and enabling real-time monitoring of cloud events for suspicious activities. Whiz also supports projects to segment cloud environments and assign role-based access, fostering a collaborative approach between security and development teams and promoting the democratization of cloud security.
đ Scheduling a Demo with Whiz
The final paragraph is a call to action, inviting interested parties to schedule a full demo of Whiz to explore its capabilities further. It highlights Whiz's all-inclusive approach and standout user interface, which have contributed to its rapid growth and selection by forward-thinking companies as a unified platform for cloud protection. The paragraph also hints at additional features such as container security, cloud event detection, and active threat monitoring, encouraging potential users to learn more about how Whiz can enhance their cloud protection.
Mindmap
Keywords
đĄCloud Security Platform
đĄContext-Served Security
đĄSecurity Graph
đĄConfiguration Layer
đĄWorkload Layer
đĄCloud Risk Engine
đĄCustom Controls
đĄCompliance Frameworks
đĄSmart Remediation
đĄProjects Workflow
đĄCICD Pipeline
Highlights
Wiz is a cloud security platform trusted by over 30% of the Fortune 100 companies.
The platform simplifies cloud journey by addressing security challenges.
Wiz provides a simple, intuitive user interface built on a security graph.
Context is key in understanding the actual risk to an organization from a vulnerability.
Wiz adds workload context, cloud context, and business context to vulnerabilities for better risk assessment.
The platform connects to cloud APIs of various virtualized compute platforms like AWS, Azure, and GCP.
Wiz uses an agentless approach for deeper visibility within minutes.
Snapshot scanning is a cloud-native method for analyzing workloads without installing agents.
Wiz provides a full inventory of the cloud environment, including services and what's running on them.
The Wiz graph database maps interconnections between cloud resources for a comprehensive view.
Wiz layers traditional scanning results onto the graph to identify vulnerabilities and misconfigurations.
The cloud risk engine understands advanced risks like external exposure and excessive permissions.
Wiz allows querying the security graph for anything running in the cloud.
Network exposure analysis goes beyond public IP checks to analyze full network layers.
Wiz creates custom controls to generate alerts for specific conditions, like a machine listening on an HTTP port.
Wiz comes with hundreds of out-of-the-box controls to meet compliance standards like CIS, GDPR, and HIPAA.
Automated executive reports are available for busy executives to understand detected risks.
Wiz issues provide a prioritized view of critical risks with context for easy resolution.
Smart remediation suggestions help in addressing issues without affecting ongoing activities.
Automations and workflows can be set up for issue resolution, such as opening tickets in JIRA.
The Events Explorer monitors cloud events and changes in real time for suspicious activity detection.
Projects in Wiz allow segmenting the cloud environment and assigning role-based access.
Wiz can integrate into the CI/CD pipeline, shifting security efforts to the left.
Wiz extends policies to assess infrastructure code, container images, and VM images during deployment.
Wiz is the fastest-growing software company, offering a unified platform for cloud protection.
The platform's all-inclusive approach and user-friendly UI are praised by clients.
Wiz offers more features like container security, cloud event detection, and active attack monitoring.
For a full demo and to learn more about Wiz, visit their website.
Transcripts
[Music]
hi my name is RZ hburg I'm the BP of
product strategy here at twiz my name is
zon ctia I'm a co-founder and VP of
product here at twiz and I would like to
introduce you to our platform more than
30% of the Fortune 100 companies trust
whiz to protect their cloud and simplify
their Cloud Journey whiz is a cloud
security platform built to address the
security challenges of cloud more than
anything it means presidented context
served in a simple intuitive user
interface built on the way security
graph let's see what we mean by context
take a look at this vulnerability on a
VM examining just that cve is not enough
it doesn't really tell us what the
actual risk to the organization is but
once we add the workload context like
inventory exposed Secrets once we add
the cloud context like the resource
configuration Network exposure identity
and business context like T environments
the business teams we can see that not
only are we exposed to a vulnerability
but we can see why it's important
because this resource can be accessed
from the internet and it has access to
sensitive data and production we also
know which team deployed it so we know
which team owns the alert this is much
more actionable a complete view of
actual risk we know what's important and
we know why now let's take a closer look
at how this works wh connects to the the
cloud apis we support almost any
virtualized compute platform out there
AWS Azure gcp Alibaba Cloud Oracle Cloud
c8s beware and more it's just an
agentless connection simple API
connection but when that gets Insight
you usually need agents for we first
analyze the configuration layer but then
we also use servol as scans image scans
and snapshot scanning snapshot scanning
is a cloud native approach to scanning
work
it allows us to analyze a snapshot of
the dis without installing any agents
and this allows whz to analyze the
workload layer what's running on your
Cloud resources the combination of the
configuration layer and workload layer
allows for deeper visibility within
minutes the first thing that you see in
whiz is a full inventory of your Cloud
environment that includes of course all
of the cloud services like serverless
functions buckets and virtual machines
but it also shows you what's actually
running on them like operating systems
databases your resources are then mapped
on the wi security graph Database The
Wiz graph database is a model of your
Cloud architecture that Maps the
interconnections between any and all of
your Cloud resources then we layer the
results of our traditional scanning for
vulnerabilities missing patches
misconfigurations onto the graph and we
utilize a cloud risk engine that
understands Advanced risks such as
external exposure excessive permissions
exposed Secrets sensitive data analysis
and lateral movement Pats the security
graph connects all of these dots
together to a crystal clear view that
can Surface toxic combinations and
attack paths which allows a powerful
prioritization of risk you can query the
security graph directly for anything
that runs in your cloud and you can
always switch to a table view for
example query for every virtual machine
hosting a database that is also
unpatched we can also look for a
specific severity or type of
vulnerability and see if whiz identified
some sensitive information on that
specific D adding Network exposure adds
even more context the security graph
makes whiz accurate look at the network
exposure analysis as an example it's not
just a shallow check for a public IP we
actually analyze the full Network layers
including the security groups the
routing Gres Etc then we even run an
external scanner that validates the
exposure from the outside and shows you
that outside view now you can add a
filter validating that this machine is
actively listening on an HTTP Port
whoops that's a true life toxic
combination found through the security
graph let's go ahead and create a new
control to generate an issue whenever
something like this happens
[Music]
we've just created a new custom control
that will alert you every time this
happens of course whiz comes with
hundreds outof the Box controls with
controls to meet compliance standards
like CIS gdpr Hippa and more than 100
other compliance Frameworks you can even
get automated executive reports that are
neatly packed and ready for busy
Executives for every risk detected whiz
creates an issue issues are a single
prioritized view of the critical risks
that require your attention and since wh
always spotlights the context you'll be
able to easily see what causes an issue
and what needs to happen for it to be
resolved context allows for accuracy and
accuracy saves you time for example this
issue is critical because whiz detected
a public and vulnerable resource which
has an unencrypted Cloud key left on the
disk that key allows a lateral movement
to another Cloud environment with admin
privileges this again shows the power of
the security graph a regular secret
scanner will send inent alerts about
exposed secrets you need to clean but
where do I start which one of them is
actually important using the security
graph whiz understands the impact it
analyzes which Secrets can allow
something like a role that's an admin
and can allow to achieve cross account
lateral movement and only then Market is
a critical thanks to full visibility and
context when whiz says it's critical it
actually is whiz also suggests smart
remediation for issues for example we
will suggest how to right siize unused
permissions which will show you if a
role or user has excessive access based
on analyzing its actual usage so we can
now right siiz permissions without
hurting any activities because we can
recognize excessive permissions that
were never used and cancel
them you can also automate resolutions
and workflows every time I have this
issue do one of the Dozen actions that
are available out of the box or Auto
immediate for example when this happens
whiz can open a ticket in the dev's team
preferred platform like jir once the
issue is resolved whiz will go ahead and
close a ticket to keep things tidy and
respect the developer's attention now
let's head over to the events Explorer
where whiz monitors Cloud events and
potentially harmful changes in real time
we can see for example who created a
specific resource what did they access
and so on this allows real-time
detection of suspicious events and also
gives you powerful tools for
investigation and with the security
graph context this is so much more
powerful than just using a silo seam
tool because it shows you the events
alongside with a cloud context now that
we have a clear prioritized view of true
risk we can start building that
effective Cloud security program using
projects projects let you segment your
Cloud environment based on different
accounts subscriptions tags res resource
groups commun clusters name spaces Etc
they basically allow you to group
Resources by business logic and assign
role-based access to them accordingly so
that Dev teams can get direct access
using SSO to their part of the
infrastructure with projects when you
log in in security you can see
everything but when the dev teams log in
they only see how they're impacted
and let's say one of the teams uses
slack they can perform project level
actions that will connect to their
specific slack Channel and manage the
issues without having to utilize
security team resources in the process
by embedding this approach teams
understand their risks and are motivated
to mitigate them autonomously instead of
the security teams chasing them this
allows us to really democratize and
operationalize Cloud security which
builds a strong Bridge of trust between
the security program and the development
teams and when you finally have trust
with the teams you can then integrate
Wiz your cicd pipeline and truly shift
security efforts even further to the
left whiz will extend the same policies
used to monetary running Cloud
environments and assess them during
deployment by scanning infrastructure
code templates container images and VM
images failing deployments that do not
match your security Baseline okay we've
covered four major pillar of Wiz
seamless integration to everything all
environments all layers the security
graph that gives you context and lets
you drill down to investigate the
inventory with full visibility across
all Cloud layers and the Project's
workflow that builds trust between
security and development teams and
enabled Cloud process these are only few
of the things that made some of the
world's most Forward Thinking companies
choose whiz as a unified platform of
cloud protection making whiz the fastest
growing software company ever
it's that powerful outof thebox
all-inclusive approach built into what
some of our clients described as the
best UI they have ever seen for a
security product that makes whiz stand
out there is so much more about whiz
that we want to show you we didn't even
touch on our container security
capabilities Cloud event detections and
much more or the way our research teams
monitor active attacks to surface how
the most important threats right now may
impact your infrastructure if you're
interested in learning more asking
questions and see what whz can do for
your Cloud protection go to wiiz i/d
demo to schedule a full demo
[Music]
Voir Plus de Vidéos Connexes
EP03- Arista software Overview
Who Touched My GCP Project? Understanding the Principal Part in Cloud Audit Logs - Gabriel Fried
Cloud Security is the FUTURE! - Here's Why
CompTIA Security+ SY0-701 Course - 4.1 Apply Common Security Techniques to Computing Resources
Cloud Networking Overview (Using AWS as reference)
Cloud Computing Architecture Explained in Hindi
5.0 / 5 (0 votes)