Comparisec
Submit reviewFor vendors
Vulnerability ManagementWiz (Vulnerability Management)
StrongLimitedStrongStrong
4.7

VendorsVulnerability ManagementWiz (Vulnerability Management)

Wiz (Vulnerability Management) logo

Wiz (Vulnerability Management)

Wiz

Founded 2020·US·VC-backed
4.7

Combined score

G2
4.7680
Gartner
4.7296

Editorial verdict

Wiz applies its Security Graph attack path analysis to vulnerability management, making it the strongest tool for understanding which cloud vulnerabilities are actually dangerous in the context of a specific environment rather than in the abstract. The 90% alert fatigue reduction that Wiz customers report reflects the genuine operational value of this approach.

Like Orca, the scope is cloud workloads only and native patch management is absent. Wiz is the right cloud vulnerability tool for organisations already using Wiz for CSPM, where vulnerability management is built into the same platform. It is not a standalone VM replacement.

The verdict: Wiz vulnerability management is right for existing Wiz CSPM customers wanting integrated cloud vulnerability visibility without adding a separate product. Organisations needing comprehensive multi-environment VM should evaluate Tenable or Qualys.

Last reviewed: May 2026

G2

4.7680 reviews

Gartner

4.7296 reviews
Gartner MQ: Leader (CNAPP)

Vulnerability Management assessment

PROTECTIONStrong
Asset & exposure coverage
3 / 5

Agentless cloud coverage across AWS, Azure, GCP, OCI, Alibaba — containers, serverless, IaC. Scored 3 because on-premises and traditional infrastructure are not covered.

Sources: Wiz documentation

Risk prioritisation
5 / 5

Security Graph attack-path context applied to vulnerabilities — only surfaces exploitable vulns with blast radius. Scored 5 for the most context-aware cloud vulnerability prioritisation available.

Sources: Wiz documentation

OPERATIONSLimited
Remediation workflows
2 / 5

Scored 2 because no patch management integration and cloud-only scope limits workflow breadth.

Sources: Wiz documentation

ANALYTICSStrong
Vuln metrics & KPIs
4 / 5

Cloud-focused metrics integrated with CSPM posture reporting. Scored 4 because combined CSPM+VM metrics give a complete cloud risk picture.

Sources: Wiz documentation

TRUST & ECOSYSTEMStrong
Scan performance
5 / 5

Agentless snapshot-based — zero production impact. Scored 5.

Sources: Wiz documentation

Strongest: Risk prioritisation

Watch out for: Remediation workflows

Strengths & limitations

Strengths

Security Graph shows attack path context for every vulnerability
Agentless multi-cloud scanning across AWS, Azure, GCP, OCI
90% alert fatigue reduction — only surfaces exploitable vulnerabilities

Watch out for

Cloud-only — not suitable for on-premises VM
Premium pricing excludes SMBs
Wiz Defend (runtime) still maturing

Best for

Cloud-first mid-market and enterprise organisations wanting vulnerability management with attack path context.

Not suitable for: On-premises infrastructure or orgs wanting cheapest VM option

Compliance coverage

Essential Eight
AU Privacy Act
SOC 2
HIPAA
NIST CSF
PCI-DSS
CMMC
GDPR
NIS2
DORA
ISO 27001
CIS Benchmarks

Switching intelligence

Switching from

Common migration paths based on review data

Also considering

Vendors typically shortlisted alongside

Also in our database

Wiz also appears in:

← Back to Vulnerability ManagementCompare with other Vulnerability Management vendors →

Quick facts

Pricing modelper cloud resource; agentless
Pricing rangeEnterprise quote; typically $5,000+/month
Free trialNo
Min seatsNo minimum
Deployment time< 1 week
Complexity1 / 5
Pricing transparency1 / 5
AU presenceYes
IRAP assessedNo
Open sourceProprietary

Deployment

ModelsSaaS
OS supportCloud-native (agentless)
CloudAWS, Azure, GCP, OCI, Alibaba
SupportEmail, Dedicated CSM, Slack
Data residencyUS, EU, AU

Company

Wiz

Founded 2020 · 1,500-2,000 employees · VC-backed

HQ: US

$500M+ ARR

Certifications

SOC 2 Type II, ISO 27001, PCI-DSS, HIPAA

Integrations

JiraServiceNowSlackPagerDutyMicrosoft SentinelSplunkGitHubGitLab