Full Report
Empowerment and speed for security teams without losing unified cloud context.
Analysis Summary
This article describes a product feature named **Wiz Lens**, which is designed to address the challenge of balancing centralized security control with decentralized team agility in cloud and AI adoption. It is not a description of malware or an adversary tool, but rather a defensive security platform feature. Therefore, the summary below will reflect this, focusing on the capabilities and objectives of this security solution.
# Tool/Technique: Wiz Lens
## Overview
Wiz Lens is a role-based viewing and scoping feature within the Wiz security platform. Its purpose is to deliver targeted, context-specific security insights tailored to the responsibilities of different security and development teams (e.g., CISO, Data Security, AppSec, SecOps), enabling faster, more focused decision-making and action within a cloud security context.
## Technical Details
- Type: Security Platform Feature (Defensive Tool)
- Platform: Cloud Environments (General scope)
- Capabilities: Provides role-specific views (Lenses) for risk prioritization, compliance monitoring, threat investigation, and security policy enforcement across cloud resources, code, and identity.
- First Seen: Context implies current release/feature of Wiz.
## MITRE ATT&CK Mapping
As Wiz Lens is a defensive security control platform feature, it does not map to adversarial TTPs directly. However, its capabilities relate to defensive tactics:
- **TA0001 - Initial Access** (Relevant as it helps monitor for initial access vectors)
- **TA0005 - Defense Evasion** (Relevant as it helps identify and mitigate evasion techniques)
- **TA0003 - Persistence** (Relevant as it helps monitor for persistent unauthorized access)
- **TA0016 - Collection** (Relevant as it helps monitor for data collection activities)
- **TA0012 - Detection**
- T1483 - Data Discovery (By providing visibility into sensitive data)
- **TA0009 - Collection**
- T1530 - Data from Information Repositories (By monitoring sensitive data locations)
## Functionality
### Core Capabilities
* **Executive Overview Lens:** Provides CISOs/Executives with a curated, high-level snapshot of trending risks, compliance status, and team performance across the security landscape.
* **Data Security Lens:** Offers visibility into the location of sensitive data, governance over data access permissions, and correlation of data exposure risks with underlying misconfigurations, vulnerabilities, and identity issues (supporting frameworks like PCI-DSS, HIPAA, GDPR).
* **Security Development Lens:** Gives AppSec teams a unified view across code repos, developer environments (identities, CI/CD), scanner findings, and SBOMs to prioritize exploitable risks.
* **Security Operations Lens (SecOps):** Filters key insights from Wiz Defend to prioritize active threats, streamline cloud threat investigations across workloads, identities, and control planes, reducing reliance on manual log correlation.
### Advanced Features
* **Role-Based Scoping:** Delivers security insights precisely tailored to the user's function, breaking down silos while maintaining connection to the global security context.
* **Policy Enforcement and Guardrails:** Allows AppSec teams to set and manage policies and CI/CD guardrails.
* **Automated Risk Assessment:** Correlates multiple data points (misconfigurations, vulnerabilities, identity exposure) to calculate true data risk.
## Indicators of Compromise
This is a security product feature, not malware. Therefore, it does not generate typical IoCs. Its function is to *identify* IoCs related to cloud misconfigurations, vulnerabilities, and active threats derived from Wiz Defend alerts.
- File Hashes: N/A
- File Names: N/A
- Registry Keys: N/A
- Network Indicators: N/A (It analyzes network traffic/configurations related to cloud resources, but does not communicate externally for malicious purposes.)
- Behavioral Indicators: N/A
## Associated Threat Actors
Wiz Lens is a defensive tool used by organizations to secure their cloud environments. It is not known to be used by threat actors.
## Detection Methods
As a defensive control, it is the detection mechanism itself rather than something requiring external detection.
- Signature-based detection: N/A
- Behavioral detection: N/A
- YARA rules if available: N/A
## Mitigation Strategies
Wiz Lens enables mitigation by:
* Facilitating faster risk prioritization across diverse teams (Security, Data, AppSec).
* Providing streamlined workflows for remediation and communicating security issues.
* Enabling policy enforcement and setting CI/CD guardrails to prevent insecure configurations from deploying.
- Prevention measures: Implementing security policies defined and monitored via the Lenses.
- Hardening recommendations: Focusing resources based on the prioritized, context-specific risk views provided by each Lens.
## Related Tools/Techniques
* Wiz Defend (The underlying platform providing the threat intelligence that SecOps Lens utilizes).
* Cloud Security Posture Management (CSPM) tools (General category).
* Cloud Workload Protection Platforms (CWPP) (General category).