Name: From Noise to Action: Unified Exposure Management
Uploaded: 2025-11-13T17:50:04.963Z
Duration: 25 min 20 s
Description: From Noise to Action: Unified Exposure Management

Transcript for "From Noise to Action: Unified Exposure Management": Hi, everyone. Welcome to today's fifteen minute live demo on Wiz for exposure management. We are so excited to have you guys join us today, and we appreciate you taking the time from your busy schedule. There are many ways that you can engage with us throughout the webinar. First is through the q and a tab, and you can throw your questions throughout the presentation right there, or you can throw them directly into the chat, and we'll be sure to get to them at the end. We also have a number of related resources on exposure management in the doc section. We have some blogs and data sheets and then also, a landing page for the up next webinar, next month on Wizz OS. So feel free to check those out. And with that, I don't wanna take up any more time. So let's get started. I'm excited to announce Shaqued, who will be through exposure Thank you, management. Alex. So hello, everyone. I'm excited to talk to you today about exposure management. I have Al Galumbic here as well from our product management team. So I'll share a few slides on, why we build exposure management, and then Golombik will show you a live demo in our environment of some of the new capabilities. I'll share my screen. Okay. Okay. So let's talk about why, with exposure management. So modern applications these days run on very complex infrastructure across different environments. So, let's take a look at this example here. We could have an application that has the front end part of it running in the cloud, back end database running on premise. We have developers writing code into our, SAS code repository. So, answering the question here of where am I exposing my ecommerce application can be very challenging because our environment is, so spread out. So how do organizations address this challenge? Of course, you deploy different security tooling across the different parts of the environment. So, from having code scanners to cloud scanners to API scanners, pen testers, and on prem scanners. So, with this approach, each one of these tools generates its own set of alerts, and this leads to having fragmented tools that have siloed ownership and essentially no context between the different tools. So, with this approach, my cloud security tool has no context into my code security, or my web app scanners don't have any context into my environment. So, not only that, but also understanding which risk that I can detect are truly exploitable in my environment is also a challenge. We want to understand what do we need to prioritize first, those risks that we would wanna detect before attackers find them. So how do we see other organizations approach this is they take all the data from these different tools, They funnel them into a centralized vulnerability management data lake, in order to try to understand how it's correlated to each other. However, there's still a lot of challenges with this type of approach. So one, manual triage is required in order to correlate the different, findings. We could be seeing a lot of the, duplicated findings across the different tools, and we would lose a lot of critical context that we would get, from the environment as well by taking out the findings and sending them to a separate data lake. And it would also be hard to understand who is the owner of each finding, etcetera. So with this challenge in mind, I'm excited to introduce the approach that we take on exposure management that we'll show you today, which essentially, we take all the security, context from your entire environment. So, of course, cloud, but now also on premise and bringing in the code security and runtime to a single unified exposure management platform that allows you to understand how risks correlate between these different environments. So what it looks like here and what we'll cover today, I'll start on the left. So as part of our exposure management platform, of course, we have the Wiz native scanners that we've had until now. So scanning the cloud environment for risk, scanning code for finding security risks, and gaining more context into where is the root cause of a specific risk. But now, we're excited to talk about the new capability. So on the left here, you'll see all the external scanners. So these are some examples, of new, type of scanners that you can bring into Wiz with our Wiz UVM solution, which we'll demo today. So now you can bring in findings from your on premise environment, vulnerability scanners, secret scanners, or even on the ASVM side, your code scanners into Wiz to centrally manage it. But not only that. Wiz takes all that data. We normalize it, correlate it to all the other context that Wiz has in order to help you truly prioritize exposure. So you're not just looking at vulnerabilities, but now you're looking at complete attack paths with all the context that Waze has. And another new capability we'll show you today is Wiz ASM. So we're able to validate specific risks. So, validate its exploitability from the outside in with Wiz ASM and, discover exposures as well, in your on prem environment and cloud. And with all this, this allows you to truly prioritize exposures and be able to actually remediate with all the capabilities that the Wizz platform offers, from many, many different integrations, AI power remediation guidance. We have new AI agents that can help you investigate different issues. And all of this helps you truly prioritize and respond to critical risk quickly. And with that, I'll pass it on to Eyal, our product manager, to demo the new capabilities in the environment. Thanks, Shaked. Yeah. So very excited to share with you all, about all of these capabilities. So sharing my screen. Great. So as Shaked said, obviously, part of this exposure management is the ability to bring in more data into WIS and be able to integrate with other environments to, bring in risks and and insert them into the WIS graph for full exposure management analysis. So, obviously, WIS today already can connect, scan, integrate with a wide variety of tools. What we are, introducing is the ability to also integrate now with other types of scanners in your environment. So you can see a few here, some common vulnerability management, scanners that you might have in your environment, some application security scanners that might be scanning your code alongside, obviously, with scanning your cloud. And with this new capability, we're now able to bring in the findings and assets from these tools to the full graph of WIS for a much deeper analysis of where where we're exposed, what is the total attack path, that can be breached. So I wanna show you how these data points are being brought into Wiz. So let's jump into what happens after we connect the tool, let's say, like a Qualys or like a Snyk or Quadstrike. So the first thing is that Wiz starts importing these assets into our platform. And you can see that in this environment, I have, four tools connected to expand the, exposure that we can analyze. You can see that we have Snyk, Quality ServiceNow, and Rapid7 connected in this particular environment. And what we do is we we bring in all these assets, what we call imported assets, and we invest a lot in correlating them with all the other context that Wiz has on the environment. So just to see a couple of examples here, we have a particular machine. This one is actually not from the public cloud. It's actually from a private cloud, from a VMware vSphere environment, so a data center. We can bring in that information coming in from Qualys, from ServiceNow, correlate them using our ability to correlate the different assets with our correlation rules. And what you get at the end of the day is a full context of all of the vulnerabilities detected on this machine, all the metadata such as ownership, as you can see here that is brought in from ServiceNow records, as well as all the analysis that Wiz is doing on this, VMware environment, such as identifying misconfiguration issues. So you get the full exposure analysis combining the different sources. So this is one example from the world of, private clouds. Let's see another example from the world of the public cloud. Right? Obviously, this example from an e c two machine, we see that, obviously, Wiz is scanning this machine, providing a ton of context, as you all know. But now we're also able to bring in the information from Qualysone scans, vulnerability scans, and all the tags and metadata there, correlate them all together into this, final view. Now let's see what happens, from vulnerability perspective, how we're able to correlate all of that information together. So let's jump over to see all the vulnerabilities that this particular machine has. You can see that, in this case now under vulnerability page, we have a mixture between vulnerabilities detected by Wiza's own scanners and now also by third party scanners such as Qualys. And the key thing to understand when we analyze exposure is that at the end of the day, all of these data points such as these findings that come from Qualys, they get enriched with Wizz' own threat intelligence feeds and analysis. But the key part is that they all end up in our graph, right, which is the bread and butter of how Wiz does toxic combination analysis or attack path analysis. Right? So all of the findings that we bring in from these extra sources end up on our Wiz graph. So what you see here is an example of a machine in our cloud, which, has vulnerabilities on it. But then WIS added the extra layer of understanding that this machine is actually Internet exposed. Right? So all the findings on this machine that you can see on the right hand side include both Qualys findings, right, brought in from third party tools, as well as with his own findings scanning this machine. So we deduplicate all of that together into one coherent issue, which you can now obviously take action on. We can identify who owns this issue based on tagging, based on various other methods that we have for ownership discovery. We can associate that with an owner and assign this issue. And, obviously, we support, as you all know, a variety of actions for ticketing, for engagement with those owners to close the loop. But I think the key thing to understand here is that taking those findings from these third party sources like Equalities, Attenible, CrowdStrike, Snyk, and many, many more, we added that extra layer of, exposure analysis. So here we see how we're able to add that extra layer of analysis for Internet exposure, which validates from the perimeter whether this, application endpoint, as we call them in Wiz, whether they're exposed to the Internet. And what's exciting about this new launch of of exposure management is that we also go deeper and not only verify it's Internet exposed, we actually go and add extra layers of context on what other attack surface issues might exist on that particular endpoint on top of what is provided by these third party tools. So we've released the ability to do deep attack surface analysis. And maybe let's let's see, a little bit more in-depth on how deep can we go with this new attack surface, analysis. Basically, Wiz is now scanning from the perimeter, from the Internet, all of the assets that Wiz is aware of, whether those are assets that Wiz detected on its own, whether those are assets imported from all of these integrations that we just discussed. And now Wiz can validate from the perimeter as if an attacker would, you know, try to perform that same action. Wiz can validate whether a certain issue can be exploited directly from the Internet. So let's see let's see an example of exactly that. That ability to from the Internet to validate those, things, you can see it very well here where Wiz has validated from the Internet that there's a remote code execution issue on a certain virtual machine. Right? And not only that, this virtual machine has sensitive data. So what's the big difference than what we we were able to do before? Right? We can now not only identify that this this machine is exposed to the Internet, which is super important, but that's just the first step. We're now able to actively from the perimeter, from the Internet, with actively probes this application endpoints and, see that they actually have those exploits available. So you can think of it as with validating that the exploit can be done from the public Internet. So this is such an example of with performing that scan, identifying that, this can be exploited from the Internet, and giving us the full, understanding that this issue is much more critical because not only is it exposed to the Internet, but we validate it and it's exploitable. So this level of depth works in ways on top of resources in the cloud that we've detected on its own. But now as part of this exposure management, offering, this can also be done to, actually resources and assets that don't necessarily, come from the cloud. We now offer the ability to bring your own IP addresses, bring your own domains, and add them into the attack surface, scans that Wiz performs so you can add your own environments. As well as when integrating Wiz with other, scanning tools like the Qualys example we saw earlier, this also gets covered by our, attack surface management extra context edit. And lastly, I wanna share with you that, obviously, this spends in the world of cloud. We've talked about private cloud like, VMware environment. But this this also goes deep into the code environment. Right? Code repositories can also be part of our exposure, can also be part of our, risks. And so this exposure management offering also goes deep into bringing even more context to the code side of the house. So I wanna show you one quick example before we wrap up for today about how we're able to bring in more context on the code side, integrate with other vendors in this domain for this open security platform mentality that we're now, introducing with this exposure management. So this last example is of a code repository, which has code injection vulnerabilities in it. And what Wiz is doing is that Wiz correlates between that code repository and the fact that this ends up building container images that end up running in privileged environments. Right? So very complicated scenario. But at the end of the day, you can see how Wiz, on the left hand side, sees the code. Here, we have identified a finding on this code, which introduced risks. But, actually, this finding was detected by a third party vendor. It was detected by one of our partners, by Snyk in this case. In the exposure management, we're pulling these findings into Wiz, but then enrich them with so much more context on where this particular code vulnerability ends up running in our Kubernetes clusters, whether it's exposed, what sensitive data it has. So, this showcases how we're able to bring in more context in also on the code side as much as we can do on the cloud side as you've seen earlier. So just to wrap it up, we've seen how we're able to bring in more, findings into WIS by integrating with a lot of our partners. And we've seen how WIS can then correlate all of that data into the WIS graph for a much better context, as well as the ability to, perform attack surface scans from the perimeter in order to validate what's exploited and provide a much better prioritization, for our users. Alright. So I think we're right at time. We can move for questions. Alright. Well, thank you. Short and sweet, but that is the point of these webinars. So a couple of questions have been coming in. So, I'm gonna just start rattling some off. Is Wiz analyzing integrating layer three devices, routers, firewalls, etcetera, to validate this exposure? That's a great question. So, obviously, there are various types of integrations we do with, firewalls. We actually just announced integration with Checkpoint to analyze CloudGuard devices, and we have plans to go even deeper on that front. So we have some people that is in that area, and we plan to go, even deeper. Okay. Great. I wanna use it as an alternative to, s a s t or s c a. Is this possible? I'm gonna share it on the screen just so I'm getting the acronyms correct. Yeah. So so SAST or SCA, right, those are code scans. So what we've we just shared today is how we're able to integrate with, if you have existing scanners in your environment, integrate them into Wizz, right, and then enrich the context that's what we've discussed today. But on a different discussion, we can share whether Wizz's own offerings in the world of SCA and SaaS, and they can be great alternatives if if that's interesting. Alright. Any plans to integrate third party intelligence for enrichment? Yes. Definitely. It is on our road map. I believe we're about to release some of our initial integrations, even, towards the early of next year. Alright. Is there a way to find true external devices? So, definitely, the part of this, attack surface management or exposure management performs validation of what's truly exposed to the Internet from the Internet. That's what we do in our, attack surface management solution. So definitely, Wiz validates, what is actually exposed. So that is that is a key part of what we're we're focused on here. Okay. We have a lot of questions coming in. Okay. I'm gonna share this one just so you can see it. I don't wanna it's a long one. So if I'm on a team in charge of fixing hundreds of findings from a scanner like Rapid7, how can I track work assigned to various members of my team? Yeah. Great question. So, definitely, as part of this unified exposure management, the workflow process, like tracking ownership, tracking assignment is a key part. Right? So we touched on it briefly on the demo, but, obviously, it's much deeper than that. So we now support assigning issues to individual owners. We have workflow management to automatically assigning them. And, obviously, there's a big part in whiz around dashboarding where you can see and track how many issues are assigned to each member. Maybe you wanna delegate the issues from one member to another. So, definitely, there are a lot of capabilities, for workflow management now in Wiz as well. Alright. So another one, is this unified exposure a separate module or included with current WIS subscriptions? Yep. So these new offerings that we've just shared are included in, Wiz advanced, offering of Wiz. There is, depending on the size of the environment, it does increase, the amount of licenses needed, but it is part of the core module of Wiz. I'll give a quick shout out to our preview hub. If you go in for ASM for, for example, you can very easily enable it in the preview hub, and start using it and seeing the licenses that it consumes in your environment and then, like, the value that you get out of the tool itself. So it's very easy setup. Okay. Here's another long one. So currently, the Wiz toxic combinations also tries to hit some endpoints to identify any public exposure and attack path. What is the difference between existing issues, toxic combinations, and ASM EM other than the additional data ingestions? Sure. Yeah. So that's a great question. So first of all, with the additional data ingestion is key as mentioned here. But aside from that, the ASM now actively validates, certain vulnerabilities. So before, you know, Wiz were verifying Internet exposure, which is extremely important. But now Wiz actively probes those assets, checks certain paths, checks the responses that we get from these, API endpoints, and actually validates that not only is it exposed to the Internet, but the particular exploit can be reached from the Internet. So it's a much deeper level of understanding and validating that the exploit can be executed by an attacker. Okay. And allow the all the findings that, ASM generates for these, like, exploitability validation, they're all added to the attack paths. So now in Wiz, you'll see the specific Wiz issues that are validated to be, like, externally facing, marked in red and on top of all the issues. So everything is brought back to, the Wiz issues attack path analysis. Okay. Can the scanner source be configured to come from US hosts other than our GCC high limits connectivity to US only? So our our scanners can be configured and modified, and you can control and and, either aid or, you know, ignore certain, addresses. I think this definitely entitles a deeper discussion, so feel free to to reach out for your WIS team and kinda dive a little bit deeper. We have another third party question. So any plans to integrate third party data scanning tools if we already have a tool other than Wiz for data scanning? Yes. A 100%. So we actually already support a bunch of vendors in this space. You're welcome to check out our our website, vendors like Sierra, for example, but we do plan to expand that even further. If you have a specific vendor in mind, feel free, again, to to share with your risk team, and we'll we'll make sure to prioritize those. Alright. A couple more. So is the third party vulnerability data normalized by Wiz for sending to ticketing systems? For example, Tenable finding use plug in ID as a unique identifier. Does Wiz dedupe and map those to a single vulnerability via CVE? Great question. You know, very much in in-depth here, but, yes, definitely, Wiz performs the normalization, of the data. We analyze the data coming in from Tenable to your point. We truly understands every plug in and inside these. We keep the information of the Tenable plug ins, But, also, we break it down to the underlying CVEs for comparison with with its own scans or other scanners. So, definitely, we have that ability to deduplicate, correlate, and analyze back to the fundamental security building blocks. You mentioned Wizz own, partner scanners. Are those partner scanners included, or do we need separate subscriptions from those partners from our partners? Yeah. So this, what we shared about those integrations are meant to help our users that already have, existing partner vendors that are scanning their environment like the ones I've mentioned. So if you already have subscriptions with them, the offering here is to integrate the tools together for you to get that broader exposure management offering. If you'd rather you know, if you don't have partner vendors working with today, then, obviously, you're welcome to see what we Any plans to support run zero? yes. So in general, this category of tools we plan to support, somewhere, in 2026. So on the road map. Alright. One more question, and then we will wrap up here. Does Wiz have a comparison of its current SAST and SCA capabilities versus the competitors you support? We prefer best in suite Wiz, but wanna understand the gap in capabilities. Sure. That's a great question. I think, definitely, we either areas that with SAST and SCA are very good. There are areas that we know, we need to improve, so we we can definitely share that. And, again, we feel free to reach out to your with, team and kinda schedule a more in-depth, specifically on SAST and SCA. Alright. Great. Well, with that, I would like to wrap up today's live demo session. We went a little bit over, but thank you all for sticking with us. Thank you all for joining us today. We truly do appreciate your time. And like I mentioned earlier at the beginning, we'll see you next month, for the fifteen minute demo series on Wizz OS. So we hope to see all of you guys there. Thank you guys again, and have a great rest of your day. Bye, everyone. Fine.