Name: How Wiz Transforms Cloud Security with CNAPP
Uploaded: 2025-05-22T16:50:49.326Z
Duration: 14 min 24 s
Description: How Wiz Transforms Cloud Security with CNAPP

Transcript for "How Wiz Transforms Cloud Security with CNAPP": Hi, everyone. My name is Snegha, and I'm on the product marketing team here at Wiz. Please get settled in. Let us know if you have any questions, and we're gonna do a fifteen minute overview and demo today, and we're really excited and appreciative of the time you've given us. So let's get started. Wiz's vision is really to protect everything you build and run-in the cloud. Let's take a look at how. One of the things we see today is the ever changing world we live in with cloud. Cloud's really changed how we do things. Development is really agile and continuous now. But how has this changed what we look at and what an attack vector is looking at? When we go through this, you'll see that attackers are targeting your cloud, and they don't really care about the different org structures or different processes or steps in what's happening. In this ex example here, the attacker is looking at a vulnerable exposure, looking at what keys are being scanned for, and then also looking at elevated privileges to really get to where your actual sensitive information and crown rules are. But how do we tackle this today? How do we solve this today? The traditional model that we've all worked on has typically been in silos, which is a vertical model for security. You look at code, and we're looking at having code scanners to really surface what's happening there. In the pipeline, the DevSecOps team are looking at pipeline scanners the same way cloud scanners and runtime scanners. And we're generating this information and alerts from different parts of our cycle that are all meant being managed in vertical security model. So what this ends up doing is the set of alerts is then reaching the same teams. The security teams are then overworked, don't have the context they need to know which do I act on, do I have the information I need to respond, and really struggling to help the developers prioritize what's a real risk versus what's just another ask from another team, really making it hard to collaborate as well. So what does this mean, and what does this new cloud model look like? We need a new operating model, which is what we'll be introducing today. What we need is cloud horizontal security that really leads with context. So taking a piece of information, not just in itself, but really combining it with several different layers of input and insight to really project what an attack path, what the probability and priority of this should be. This is then surfaced to make sure it has the right context to focus on the critical attack paths as well as the right context to say, how do we prevent this as well as how do we respond this Going back to the code owner and the source in itself. When we start looking at this, this alert is then able to reach the right teams. In this example, a publicly exposed VM is vulnerable. Now having the information as to if this is actually critical is only possible because of that context. In this case, we're going to be alerting the data security team who's looking at the sensitive data, the cloud security team that's looking at the risk overall with the public code repo and the keys and the sensitive data, as well as the dev team that's looking at how did this misconfiguration or problem enter the system in the first place, and how do we resolve that. This brings us to a quick introduction of our cloud security operating model and our platform. We have our core product with cloud, which really focuses on agentless visibility and risk prioritization that helps you proactively reduce your attack surface area. We then shift left and start to ask ourselves, how do we prevent this from ever introducing risk into your environment with Wiz? Last but not the least, we do have to still think about real time threat with a combination of our Wiz defendant sensor. We're able to make sure your SecOps teams are also prepared for what needs to be done to tackle real time threat. So how does all this work before we get into a demo? The first thing is we do complete agentless scanning of your environment. We're able to do this really quick, and you're able to set this up in a matter of minutes. We look across your cloud and really place all these things to give you the visibility you need. The second thing is starting to identify risk. You know, we talked about vertical to horizontal security, but really starting to bring in those individual pieces of information, but starting to put it on our graph to make sense of what's actually happening. This includes everything from misconfigurations, sensitive data, external exposure, identity and access, lateral movement, and so much more. And recently, of course, there's been a huge focus on the AI aspect of your risk and security as well. Once that's been completed, all this information is in Wiz on our core part of the product, the security graph. We're able to start to say what is the risk? What is the attack path actually like? And help you truly visualize this to then say, what should you tackle first? And then say, who is supposed to respond to this? So we talked about different teams, different teams collaborating. We have a model built into with where you're able to truly say, this is the team that's looking at this part of the cloud surface area who needs to be notified, who needs to respond, really democratizing security in a way that each team feels empowered to both own the risk and respond to the risk. When we think about how these automations work, we make sure that not only do you have built in systems within Wiz to respond, act, and surface insights, but you're also able to integrate with as many third party vendors as you need to operationalize this into your environment. As we move into the demo, a quick view into the cloud maturity framework, We start with gaining visibility, reducing critical risk. This is really getting to that zero criticals. Agentless code to cloud scan, having a common policy model and framework model across the board, prioritizing attack path, and having clear context and guidance to fix this. Next, really being able to democratize security. So automating who the alerts go to, who's able to be proactive, who needs to respond, and being able to monitor this on a score and trend basis. The last two, not but not the least, is code and defend, really starting to shift left, thinking about developing securely as well as starting to tackle real time threats and preparing your teams to be ready. With that, let's jump into a quick demo. We are here on the this dashboard. On quick glance, you're able to surface a lot of the key insights about what's happening in the environment. Now we'll take a look here and you'll notice that when we say something is an issue, we're not necessarily saying it's one type of risk or one resource. This is really painting a picture of something that's a high risk, needs attention because of the attack path that you're looking at. There's a few ways that you can look at this dashboard. You're able to surface key insights, but you're also able to say, okay. I actually maybe need to look at this from an exact perspective or data security, for example, where you can really just focus on the data security focused insights, really making sure that all the teams in your business have what they need. We then take a look at an issue itself. When we look at an individual issue, let's take an example, publicly readable bucket contains sensitive data. When you click into this, you'll on first glance be able to see the security graph itself. In this case, you're able to see the attack path, and you'll notice that on first glance, there's already key information that you're able to see. You're able to see a cloud configuration finding here, which is talking about what's actually happening with the customer managed key. It gives you insights to dig into. You're also able to surface the sensitive data that the issue has been mentioning, and you're able to draw the path completely to see where the attack path is sourced from. On this issue, not only can you dig into the findings itself, but really make it very actionable. Our investigation is able to summarize for you exactly what's happening with this issue. And when it comes to how you want to act on this, you have a bouquet of options. This includes running an action with the integrations that I mentioned as well as being able to automate your policies and response. In this case, as an example, if you wanted to block the public access that was there, and an issue also comes with the customization of being able to manage this in your business. So if you'd like to mark it manually as in progress or resolved or ignored, even mark something as a false positive if it was like a data issue, you can surface that and manage that all directly from here. The second thing that we look at here is our champion center. So when we look at so many different problems and things that you want to surface, we wanna make it as easy to use as possible. The way you're able to do that is you come into these modules. We'll take an example for vulnerability management, and we're able to guide you through the steps you need to take to be able to make sure that you're doing what you need to to complete and move forward on this journey. We then move to threats. When we think about threat investigation, it's really important to know what we're surfacing and how to use it. Not only do you have threats based on patterns and what's happening in your environment, we also offer a threat intel center, which is driven by our threat team that surfaces key insights and action items that you need to look at for threats that are happening in the real world. This is that's being exploited in the wild and critical risk that you need to look at. Really coming together for you to make sure that there's one place for you to go to action and click into these. Now sometimes customers ask us, where are all the different pieces of my technology in the cloud? What am I looking at? The technology's place is a great place to come and look at just an inventory. We do offer, you know, a full asset visibility into your bill of materials and software and able to click into what's happening with each of these. Even within an individual data store, you can click in to understand what's happening individually. It just comes down to what aspect you want a question and answer for. We then move to a very common use case, which is starting to think about governance. How do you make sure you're compliant? How do you make sure you have what you need to report out? So we'll take a look at our compliance posture. There's a few things I would highlight here. First, we make sure that out of the box, you're able to have the frameworks and tools you need to really be able to start to act on it without having to worry about visibility. I'll give you an example. A very common one recently that customers have been talking about in the data space has been DORA. You can click in here, and it'll tell you where you are, why we're calculating this, and really double click into the action items that you need to take to dig into this. Another aspect of compliance is also you can look at these overall, really put that together in a heat map and start to really understand what's happening and how you want to act on these, visualize these, report out on these so that it comes together. Last but not the least, we'll start to talk about the ease here with everything you need for individual rules. So you'll notice the issues really surface for you the insights you need to know what to act on. And what you're able to do here then is say what aspect of it you'd like to double click into, how you'd like to automate that, as well as start to really think about operationalizing this, be it in governance, response, or reporting. I'll show you a sample report here where we, again, make sure that you have the built in reports to need to answer the needs of your business, but you're also able to create custom reports of your choice completely built for you to use to surface the insights that you need to understand and view. I will start to close this out with starting to remind you, you know, customers ask us, that looks great. How long is it gonna take? How are we going to do this? The great thing is it's very simple to use with and deploy with. We can get into a meeting or even do this yourself where you have guided flows as well as completely agent deployments, and you can make sure that this agentless deployment is done in a matter of minutes as long as you have the right rules. You can come in here, choose a provider of your choice, and you're able to guide this through and configure this. The time to value aspect is critical to make sure that you have what you need to make the most of Wiz. With that, I'll leave you right back on the overview page, which is really starting to say, we wanna make sure you have the information you need, not only to understand where your risk is, but make sure your risk is actionable, prioritized, and making sure that your teams are empowered. Please let us know if you have questions, and there's so much more to dig into here, be it AI or data security, code, or defend, and we'd love to chat with you more. Ask us questions or ask us for resources, and we'd be happy to chat. Thank you so much for your time today. Have a good one.