Wiz CSPM

Wiz CSPM addresses the core challenge of maintaining a robust security posture in complex, dynamic cloud environments by providing real-time visibility, automated risk assessment, and proactive remediation. Here’s a breakdown of its technical architecture and approach:

Wiz CSPM employs an agentless scanning methodology, integrating with cloud providers via APIs to gather comprehensive information on all cloud resources, including virtual machines, containers, serverless functions, and identity configurations. This real-time scanning capability ensures that newly created resources are immediately added to the inventory, providing a continuous and up-to-date map of the cloud environment.

The platform leverages a graph-based network and identity engine to contextualize misconfigurations, focusing on resources that are actually exposed and pose a significant risk. This approach reduces alert fatigue by prioritizing misconfigurations based on operational, business, cloud, and data context. For instance, Wiz can identify and remediate critical issues such as publicly accessible cloud storage buckets or OpenSearch domains with inappropriate access permissions in real-time.

Wiz CSPM includes over 2,300 cloud misconfiguration rules and continuous monitoring for compliance across more than 150 frameworks, including CIS and custom OPA-based rules. The platform also supports Infrastructure as Code (IaC) scanning and auto-remediations, ensuring that cloud configurations adhere to security best practices and regulatory requirements from build time to runtime.

Key operational considerations include the need for integration with existing cloud services and the ability to handle scale without significant performance degradation. Wiz’s architecture is designed to support multi-cloud environments, including AWS, GCP, Azure, OCI, Alibaba Cloud, and VMware vSphere, making it versatile for hybrid cloud setups.

However, there are limitations to consider, such as the potential for initial setup complexity, especially in highly customized or complex cloud environments. Additionally, while Wiz reduces noise through contextual risk assessment, the sheer volume of data and rules can still require significant resources for effective management and customization.

In terms of specific technical details, Wiz CSPM offers real-time scanning with sub-minute granularity, automated remediation flows, and support for various security frameworks like CIEM, DSPM, KSPM, CWPP, and CDR. The platform also provides AI-driven attack path analysis and effective network and identity exposure management, enhancing the overall security posture of cloud environments.