Full Report
Wiz’s new Chrome browser extension brings cloud security to your fingertips and streamlines access to Wiz from your cloud console.
Analysis Summary
# Tool/Technique: Wiz Extension
## Overview
The Wiz Extension is an innovative web browser extension developed by Wiz designed to provide a cloud security overlay directly within the user's cloud service provider (CSP) console, specifically targeting the AWS console in this initial release. Its purpose is to streamline cloud security monitoring and risk assessment by embedding security insights directly into the user's existing workflow, thus reducing context switching and improving workflow efficiency.
## Technical Details
- Type: Tool (Security Overlay/Browser Extension)
- Platform: Web Browser (Chrome initially mentioned), integrating with AWS Console.
- Capabilities: Displays cloud security insights, monitors major cloud resources (VMs, storage buckets, Kubernetes clusters, Serverless functions), allows quick navigation to the full Wiz dashboard for deeper investigation.
- First Seen: Not explicitly mentioned in the text, but launched with the article.
## MITRE ATT&CK Mapping
*Note: Since this is a defensive security tool designed to *improve* security posture and integrate risk monitoring, it does not map to typical offensive TTPs. Instead, its function relates to defensive capabilities.*
- **TA0001 - Initial Access** (Not directly applicable, but provides visibility into resources being accessed)
- **T1547.003 - Boot or Logon Autostart Execution: Browser Extensions** (If analyzed from an adversary perspective trying to hide their activity, but this tool is legitimate)
- **TA0005 - Defensive Evasion** (Not applicable)
- **TA0007 - Discovery** (Provides visibility into discovered cloud resources and their security posture)
- **T1595 - Active Scanning** (N/A - Monitoring, not active scanning)
## Functionality
### Core Capabilities
- **Workflow Integration:** Embeds security information directly into the AWS console interface.
- **Resource Monitoring:** Monitors the security state of key cloud resources, including VMs, storage buckets, Kubernetes clusters, and Serverless functions.
- **Context Preservation:** Allows users to maintain focus on their primary tasks while viewing relevant security status.
### Advanced Features
- **Seamless Navigation:** Provides a quick link to jump from the in-console overlay to the full Wiz dashboard for detailed investigation.
- **Efficiency:** Aims to make the "secure path the easiest path" by integrating security seamlessly.
## Indicators of Compromise
- This is a legitimate third-party security tool. Indicators of Compromise (IoCs) are not provided as it is not malware.
- File Hashes: N/A
- File Names: N/A
- Registry Keys: N/A
- Network Indicators: N/A (Communication routes to the Wiz service itself are internal to the extension's function and are not malicious C2)
- Behavioral Indicators: N/A
## Associated Threat Actors
- Associated with the cloud security vendor **Wiz**. Not associated with malicious threat actors.
## Detection Methods
- As a legitimate browser extension, detection focuses on proper organizational management of extensions.
- Signature-based detection: Not applicable for standard malware detection.
- Behavioral detection: Focused on configuration management and ensuring only authorized extensions are installed.
- YARA rules: Not applicable.
## Mitigation Strategies
- **Policy Enforcement:** Organizations should implement policies restricting the installation of unauthorized browser extensions, especially those requiring elevated permissions or access to cloud console environments.
- **Vetting:** For approved extensions like Wiz, ensure the extension source (Chrome Web Store link provided: `https://chromewebstore.google.com/detail/wiz-cloud-security-at-you/koellablckildiakdjcchdfnagjfbpbh...`) is reputable and security-vetted.
- **Principle of Least Privilege:** Ensure the extension only has the minimum necessary permissions required for its operation within the browser context.
## Related Tools/Techniques
- Other security posture management tools that offer integrated workflow experiences.
- Browser extensions designed for security monitoring or workflow enhancement within developer/operations portals.