How did BMW shift gears in their cloud security together with Wiz? 🚗 👇 BMW Group needed to enable cloud innovation while maintaining strong security, all without slowing teams down. "Every team must fix the issues. Wiz gives them all of the information and also gives them a guide on how to remediate". -Guido Roesler, Manager of IT Operations, BMW. Here's how they did it: ⚙️ Wiz connected across multiple clouds, connecting between DevOps and security teams. 🔍 Our agentless, cloud-agnostic platform gave BMW a clear view of their entire cloud infrastructure. 💡 Developers at BMW received security issues with easy-to-follow fixes. The result? BMW increased its cloud adoption with a strong emphasis on digitalization leading to a 95% decrease in critical cloud security issues [with no speed bumps 🙃]. Explore the full story: https://lnkd.in/dCkBfuxU — Roland Lechner Karl Klostermann
Wiz
Computer and Network Security
New York, NY 265,989 followers
Secure everything you build and run in the cloud
About us
Organizations of all sizes and industries use Wiz to rapidly identify and remove the most critical risks in AWS, Azure, GCP, OCI, Alibaba Cloud and Kubernetes so they can build faster and more securely.
- Website
-
https://www.wiz.io
External link for Wiz
- Industry
- Computer and Network Security
- Company size
- 501-1,000 employees
- Headquarters
- New York, NY
- Type
- Privately Held
- Founded
- 2020
Products
Wiz
Cloud Workload Protection Platforms
The leading cloud infrastructure security platform that enables organizations to rapidly identify and remove the most pressing risks in the cloud. Wiz uses an agentless approach—a single API connector per cloud and Kubernetes environment to scan deep within every cloud resource. It analyzes your cloud stack, evaluating your cloud architecture and risk factors such as internet exposure, software and configuration vulnerabilities, identities, secrets, and malware. Wiz then performs a contextual analysis of this data using a cloud graph to identify the toxic combinations that make your cloud susceptible to a breach. Finally, Wiz delivers a cloud control workflow to enable security, DevOps, and engineering to focus on the highest risks and proactively harden your cloud environment so you can build fast and secure.
Locations
-
Primary
One Manhattan West
New York, NY 10001, US
-
3 Daniel Frish st
Tel Aviv, IL
Employees at Wiz
Updates
-
🎶 Our 'Winter Hacking Playlist' is here! We reached out to some of the biggest names in the industry to collect their fav 2024 tunes to listen to while hacking! John Hammond, Corey Quinn, Valentina Palmiotti, Tanya Janca, Anton Chuvakin, Day Johnson, Jerry Bell, Clint Gibler, Rami McCarthy, Jamie Williams, Erik Bloch. 🎵 Click here to 'hack-tivate' the playlist: https://lnkd.in/dPZVV6yv
-
🔍 NEW malware alert: #Diicot threat group's advanced #Linux campaign 🚨 Recently, the Wiz threat research team uncovered a new malware campaign by the Romanian #Diicot threat group [aka #Mexals]. This campaign showcases significant advancements in tactics, targeting Linux systems, including those in cloud environments. What's new in this iteration? 💻 Malware adapts based on the environment—focusing on spreading in cloud setups and deploying cryptominers elsewhere. 🔧 From go-based tools to modified UPX packers designed to evade detection, the attackers are evolving rapidly. 🌐 Shifting from discord-based C2 to HTTP, using Zephyr protocol for cryptomining, and introducing new servers and wallets. 🔑 Systems running OpenSSH with weak credentials are prime candidates for compromise. 🛡 What can you do? - Enforce strong SSH credentials and limit access. - Monitor for unusual activity, such as outbound connections to suspicious domains or IPs. - Update and patch Linux distributions to avoid known vulnerabilities. Learn more about the tactics, infrastructure, and how to safeguard your systems: https://lnkd.in/e7e-9VUi
-
Just in time for this holiday season, over 192 G2 badges (and counting!) 🎁❄️ A massive THANK YOU to our amazing customers for making this winter magical with 650 reviews! 🪄 Your support lights up our journey like twinkling holiday lights. Let's keep creating magic ⛄ https://lnkd.in/e34jM7wT
-
🚨 LLM Hijacking Alert: JINX-2401 Campaign Targeting #AWS Environments On November 26, Wiz Research identified a threat actor we track as JINX-2401 attempting to hijack #LLM models across multiple AWS environments. 🔍 Key Findings: - Attackers used compromised IAM user access keys to gain entry. - Attempts to invoke Bedrock models failed, blocked by robust SCP policies. - Privilege escalation tactics included creating IAM users and policies with predictable naming schemes for persistence. 🔐 Next steps for security teams? 1️⃣ Implement Service Control Policies (SCPs) to restrict Bedrock access. 2️⃣ Inventory deployed AI models and monitor for irregular activity. 3️⃣ Search your environment for IAM Users with names matching the following pattern: ^[A-Z][a-z]{5}[0-9]{3}$. 4️⃣ Search your environment for an IAM Policy named 'New_Policy' granting bedrock permissions. Wiz customers? Use #WizDefend to detect unusual LLM access and prevent attacks. Learn more in the full blog: https://lnkd.in/eQYNrv-V
-
🚨 #AWS released Resource Control Policies (#RCPs) – a new way to apply governance policies across your AWS Organization! 💡 Imagine this: You can stop external access to your IAM roles or S3 buckets even if one of your engineers misconfigures them. But beware — improperly configured RCPs can lead to outages. 🧪 Want to master RCPs and secure your AWS resources? Read our NEW blog by Scott Piper: https://lnkd.in/eMS_GiZ5
-
🎙️ Unpack AWS re:Invent's top announcements, trends, and what's next for cloud practitioners with Scott Piper! Join Eden Naftali and Amitai Cohen in our latest #CryingOutCloud episode featuring Scott Piper, Wiz's Principal Cloud Security Researcher and "cloud security historian". In this episode: 🌟 AWS re:Invent highlights: Aurora DSQL, Nova genAI, EKS Auto Mode 🔒 Security updates on RCPs, VPC Block Public Access, Declarative Policies for EC2 🎬 Scott's favorite cloud-themed movies from Wiz Video World (Pulp Encryption, anyone?) 🔗 Listen now: 🍏 Apple >> https://lnkd.in/dUfZg_gq 🎧 Spotify >> https://lnkd.in/dAmeZ_un 📺 YouTube >> https://lnkd.in/dfa5kcAK
-
🎉 Introducing our brand-new 'All-Stars' club – the ultimate way to celebrate your cloud security achievements! Cloud security challenges are tough, and every milestone deserves a celebration. At Wiz, we want to turn each achievement into a fun and rewarding moment for you & your team. That's why we created the 'All-Stars' club. Want to join? Here's how... 🔒 Wiz helps your team tackle vulnerabilities, protect data, secure identities, and more — transforming hard work into tangible progress. 🪄 Reveal milestones with a SCRATCH: Use our scratch card to uncover hidden "Achievements" like Risk Reducer, Vulnerability Vanquisher, Code Legend, and more. 🏆 Completed all the ״Achievements״? Join the 'All-Stars' club, and earn recognition and prizes that inspire your team to keep pushing forward. How to start? Reach out to your Wiz TAM to get the scratch card shipped for free! 🎁 https://lnkd.in/eqUFVGCv
-
🎯 What's the first move attackers make on #Kubernetes? Kubernetes has revolutionized container management but in the ever-evolving world of Kubernetes, we've been seeing an uptick in attacks targeting #misconfigurations, unauthorized access, and exposed management interfaces. In our latest blog series, Shay Berkovich and the research team dive into: - Growing incidents of attackers targeting the #Kubernetes control plane. - Key insights on how misconfigured #RBAC, exposed kubeconfig files, and unprotected dashboards open the door for threats. - Action tips & best practices to lock down your Kubernetes environment and prevent unauthorized access. 👉 Based on insights from #KubeCon EU 2024! Catch the blogs here --> Part 1: https://lnkd.in/ehWjV-t3 Part 2 :https://lnkd.in/ecpvZvUg
-
It's official: Today we welcome with 💙 Merav Bahat & the amazing Dazz team! Together we'll kick off an exciting new chapter in cloud security💥 Thank you Nasdaq, for showing your support as we work to transform remediation and application security. And guess what? There's no better partner to join us on this epic journey than #Dazz. LET'S GO 👏