Research The top cloud security threats to be aware of in 2022 As more organizations move to the cloud, so do hackers. What can you do to better protect your cloud environment in 2022? Wiz Research has compiled the most pressing cloud
Customers Blackstone tackles advanced cloud-native security with Wiz Blackstone is the world’s largest alternative asset manager, with $731 billion in assets under management. As Blackstone’s Technology team started their digital transformation journey, a major focus was
Customers How Yotpo gets visibility into their AWS environment and cloud risks Learn how Yotpo creates a DevSecOps culture and gets visibility into their AWS environment
Security Towards a better cloud vulnerability response model Who is responsible for doing what when a new cloud vulnerability is disclosed? Right now, it can be hard to know.
Log4Shell Log4Shell: Wrap all your Log4j fixes before the holidays The main challenge with Log4j is understanding your existing infrastructure, and identifying the location of all vulnerable Log4j libraries. Follow Wiz's recommendations to wrap it all before the Holidays!
Log4Shell Log4Shell impact and remediation strategy A conversation with Igor Tsyganskiy, CTO at Bridgewater Associates and Yinon Costica, Co-founder & VP of Product at Wiz, discussing the immediate dangers and issues with Log4Shell, strategies for remediation, and its long-term impact on cybersecurity as a whole.
Research NotLegit: Azure App Service vulnerability exposed hundreds of source code repositories Read about the NotLegit vulnerability discovered by the Wiz Research Team, where the Azure App Service exposed hundreds of source code repositories
Research Log4Shell 10 days later: Enterprises halfway through patching Wiz and EY (Ernest & Young) analyzed more than 200 enterprise cloud environments with thousands of cloud accounts. The results were striking: While 93% of all cloud environments are at risk from Log4Shell, on average organizations have patched 45% of their vulnerable cloud resources by Day 10.
Security Log4Shell Meltdown: How to protect your cloud from this critical RCE threat ** Updated 12/21 **Security teams worldwide are racing to contain the fallout from a critical vulnerability in the widely-used, open source logging library Log4j. The vulnerability, called Log4Shell, affects a
Product Wiz magic shifts left Fixing vulnerabilities and misconfigurations in the pipeline before deployment makes perfect sense - it reduces the overall threat footprint and saves time. Wiz offers customers a straightforward way to operationalize a Shift Left strategy.
Product Assess your cloud compliance posture in minutes With Wiz, you can assess your compliance posture across industry standards and business units at a glance to immediately pinpoint your weak spots. Assessing your organization’s compliance posture is
Wiz Wiz integrates with the new Amazon Inspector for enhanced security insights, context, and accuracy Wiz is excited to announce it is a launch partner for the new Amazon Inspector, bringing Amazon Inspector findings together with Wiz insights to give our customers actionable, prioritized and contextually rich security insights.
Security Security industry call to action: we need a cloud vulnerability database In the pre-cloud era, the responsibility for security was fully in the hands of the users. As we uncover new types of vulnerabilities, we discover more and more issues that do not fit the current model. Solution: we need a centralized cloud vulnerabilities database.
Research ChaosDB Explained: Azure's Cosmos DB Vulnerability Walkthrough This is the full story of the Azure ChaosDB Vulnerability that was discovered and disclosed by the Wiz Research Team, where we were able to gain complete unrestricted access to
Research How we broke the cloud with two lines of code: the full story of ChaosDB In August, 2021 the Wiz Research Team disclosed ChaosDB – a severe vulnerability in the popular Azure Cosmos DB database solution that allowed for complete, unrestricted access to the accounts and
Research Protecting cloud environments from the new critical Apache HTTP Server vulnerability On October 4, 2021, Apache published a patch to CVE-2021-41773/CVE-2021-42013, a path traversal and file disclosure vulnerability, affecting Apache HTTP Server version 2.4.49. Their report also shared
Security How to Protect Your Cloud Environment from Supply Chain Attacks Recently, the Wiz research team hosted a webinar titled How to Protect Your Cloud Environment from Supply Chain Attacks. In this post, we’ll share a recap of what the
Security Agents are not enough: Why cloud security needs agentless deep scanning Cloud environments are characterized by their dynamic nature. It’s easier than ever before to spin up new resources and add new technologies, which leads to an ever-increasing number of
Research UPDATE: Everything you need to know about OMIGOD from the team that discovered it With the news of OMIGOD breaking on September 14th, there have been many questions about what it is and how to find and fix the vulnerable agents. To help address
Research OMIGOD: Critical Vulnerabilities in OMI Affecting Countless Azure Customers The Wiz Research Team recently found four critical vulnerabilities in OMI, which is one of Azure's most ubiquitous yet least known software agents and is deployed on a large portion
Research “Secret” Agent Exposes Azure Customers To Unauthorized Code Execution Update September 18, 08:00AM EST - Microsoft updated its advisory and declared an auto-update for their PaaS service offerings that use vulnerable VM extensions by September 22, 2021. Microsoft
Wiz Wiz goes (even more) global The first half of 2021 has been incredible for Wiz. Fueled by an additional $250M in funding ($350M total) from Sequoia, Index Ventures, Insight, Salesforce, Blackstone, Advent, Greenoaks, and Aglaé
Security From the trenches: 4 cloud security lessons from Aon’s Chief Security Officer Anthony Belfiore Cloud has driven innovation and agility for organizations, but for security teams it has also brought new levels of complexity around people, processes, and technology. Today’s elastic cloud environments
Research ChaosDB: How to discover your vulnerable Azure Cosmos DBs and protect them Post updated August 30: Details on remediation for Wiz customersPost updated August 31: A new method to detect Jupyter Notebooks on Cosmos DBs, replacing the deprecated nslookup methodAs described in
Research ChaosDB: How we hacked thousands of Azure customers’ databases ** Update ** Learn how to protect your environment in our latest postNearly everything we do online these days runs through applications and databases in the cloud. While leaky storage buckets get
