Full Report
Prioritize critical vulnerabilities based on business impact with Wiz’s agentless Vulnerability Management solution.
Analysis Summary
# Tool/Technique: Wiz (Agentless Cloud Vulnerability Management Solution)
## Overview
Wiz is presented as a comprehensive, agentless vulnerability management solution designed to provide complete visibility across complex cloud environments (VMs, serverless functions, containers). Its primary purpose is to identify, prioritize, and contextualize risks, including vulnerabilities, misconfigurations, malware, and identity issues, to reveal potential attack paths that traditional, agent-based VM tools might miss.
## Technical Details
- Type: Tool (Vulnerability Risk Management Platform)
- Platform: Cloud Environments (Virtual Machines, Serverless Functions, Containers)
- Capabilities: Agentless scanning, deep cloud risk analysis, attack path modeling, high-fidelity alerting, prioritization based on business context.
- First Seen: Not specified in context, but reference is made to Forrester's Q2 2023 report related to its functionality.
## MITRE ATT&CK Mapping
The description focuses on vulnerability management and risk assessment rather than specific adversary actions. However, the identification of potential attack paths relates to understanding adversary capabilities:
- **TA0001 - Initial Access**
- T1190 - Exploit Public-Facing Application (Detecting vulnerabilities that could enable this)
- **TA0006 - Credential Access** (By modeling paths resulting in high permissions)
- Contextualizing findings around public exposure and high permissions helps prioritize remediation for techniques used in this tactic.
## Functionality
### Core Capabilities
- **Agentless Scanning:** Ensures full coverage across cloud workloads without side effects or maintenance overhead associated with agents.
- **Vulnerability Identification:** Locates vulnerabilities across various cloud assets.
- **Contextualization:** Incorporates business context and asset criticality beyond standard CVSS scores.
### Advanced Features
- **Deep Cloud Risk Analysis:** Analyzes combinations of risks, including misconfigurations, network exposure, secrets, vulnerabilities, malware, and identities.
- **Attack Path Modeling (Wiz Security Graph):** Maps asset relationships to visualize and prioritize complete attack paths leading to high-value assets ("crown jewels").
- **High-Fidelity Alerting:** Reduces alert fatigue by focusing remediation efforts only on critical, exploitable risks within the environment context.
## Indicators of Compromise
This section is not applicable as Wiz is a defensive tool focused on posture management, not malware or an adversarial tool.
- File Hashes: N/A
- File Names: N/A
- Registry Keys: N/A
- Network Indicators: N/A
- Behavioral Indicators: N/A
## Associated Threat Actors
Wiz is a commercial product used by security teams to prevent exploitation by threat actors. No specific threat actors are mentioned as using Wiz itself.
## Detection Methods
Wiz is a detection and remediation guidance tool, not an adversary tool subject to traditional detection methods.
- Signature-based detection: N/A
- Behavioral detection: N/A
- YARA rules if available: N/A
## Mitigation Strategies
The core function of Wiz is to facilitate mitigation:
- **Prioritized Remediation:** Focus efforts on vulnerabilities that are publicly exposed, have known exploits, and lead to high-impact pathways (e.g., full admin access).
- **Contextual Risk Assessment:** Utilize tool outputs to prioritize remediation based on business impact rather than raw CVSS scores alone.
- **Eliminate Blind Spots:** Adopt agentless scanning to ensure comprehensive coverage of all cloud assets.
- **Network Hardening:** Reduce network exposure of critical assets identified through path modeling.
## Related Tools/Techniques
- **Agent-based Vulnerability Scanners:** Contrast to traditional tools that suffer from blind spots.
- **Graph-Based Security Posture Management Tools:** Solutions leveraging graph databases to model relationships between security findings (similar functionality described by Forrester).