Wiz

Fall's here, and so is the NEW G2 CNAPP report! 🍁 G2 has complied hundreds of customer reviews into this nifty report to help technology buyers: 1) Evaluate the best products 2) Compare benchmarks 3) Track the vendor landscape 📈 Check out the results:https://lnkd.in/db_pnZGZ

🚨 Wiz Research has uncovered a critical vulnerability, CVE-2024-0132, in the NVIDIA Container Toolkit and GPU Operator 🚨 Full details here 👉 https://lnkd.in/evbZHgdd What's happening? This impacts any AI application – in the cloud or on-premise – that is running the vulnerable container toolkit to enable GPU support. Wiz Research estimates that over 33% of cloud environments are impacted. 🔓 Why does this matter? This newly discovered CVE-2024-0132 flaw can allow attackers with control over a container image to escape the container and gain full access to the underlying host. Action plan: It is strongly recommended to update the affected NVIDIA Container Toolkit to the latest version 1.16.2, and GPU Operator to v24.6.2 🔄 – while focusing on container hosts that might run untrusted container images. #NVIDIA has already issued a patch: https://lnkd.in/ea7b_zRj. Thank you to NVIDIA for their prompt collaboration in addressing it.

Last week's #Misconfigured NYC was one for the books! Huge thanks to NYSE for hosting us, we couldn't have asked for a better venue. 🙌 We kicked off with our CTO & Co-founder, Ami Luttwak, who sparked fresh ideas on how we can unify security approaches in a cloud-driven era. 🛡️ Other highlights? - Stephen Orban on "Innovation or Governance, Why Choose?" - Scott Piper breaking down Service Control Policies We even wrapped it up with a live 'Crying Out Cloud' podcast featuring our host Eden Naftali & Julie Davila from GitLab. Stay tuned — the episode drops soon...

Wiz expands its coverage to Snowflake! ❄️ As more organizations adopt SaaS platforms, securing data outside the CSP boundary is challenging—but that changes today. We're excited to announce the Snowflake Connector, now in public preview, expanding Wiz CNAPP coverage to include Snowflake environments. 🎉 This means, you can detect misconfigurations, risky identities, sensitive data, and unfolding threats in Snowflake. 🔐 What makes this special? Wiz correlates risks across your entire environment — Cloud and Snowflake, highlighting "toxic combinations". This enables you to prioritize the most critical issues in Snowflake with full cloud context. 🔗 Learn more below: https://lnkd.in/eesEs2DR

💙 Thank you, thank you, THANK YOU to our incredible customers & Wizards for rockin' and making us LEADERS! We're trying to keep it together, but we're so honored to have earned this achievement for the fall 2024 G2 awards. Over 120 'Leader Badges' and still counting... https://lnkd.in/e34jM7wT

Understanding Atomic 'Indicators of Compromise' (#IOCs) in Cloud Security 🚨 IOCs are crucial for detecting and responding to cybersecurity incidents, providing forensic artifacts that indicate potential breaches. While some traditional IOCs, like IP addresses and malware hashes, are universal, cloud environments introduce unique IOCs, such as IAM metadata and API call parameters. In this new blog series, we show that to effectively combat cloud-native threats, analysts must focus on both atomic IOCs (specific indicators like container image names) and behavioral IOCs (artifacts that appear in runtime telemetry and cloud logs). This dual approach helps uncover sophisticated attacks by cloud-fluent threat actors. Wiz Research believes in strengthening the cloud security community by sharing and leveraging IOCs unique to cloud environments. How? 🔒 Cloud defenders should implement automated systems to monitor for activity related to IOCs. ☁️ Cloud defenders should integrate threat intelligence feeds for real-time updates. 👀 More threat intelligence vendors should provide cloud IOCs in a machine-readable format. Learn more in our brand new IOC blog series by Wiz Research: https://lnkd.in/ecMFWg5x

Just a ׳cloudy׳ reminder for you CISOs: cloudsecurity.jobs your one-stop destination for cloud security positions 💼 Get a glimpse at what's 🔥 & NEW: 1) Western Digital, CISO - Irvine, CA 2) Xerox, CISO - Cary, NC 3) Cloudflare, Field CSO - San Francisco, CA 4) Hitachi Rail, CISO - Toronto, Canada Click below to search 450+ NEW open positions --> https://lnkd.in/dtGCNERg

We're excited to show you LIVE how Wiz Code transforms security posture from Code-to-Cloud! 🔒 🗓️ September 24, 2024 🕘 9 am PT | 12:00 pm ET 🎯 Learn how to: - Develop a shift-left security posture - Enforce secure-by-design development processes - How AppsFlyer secured their development with Wiz Code. 👥 Speakers: Danny Robinson, Cybersecurity Engineering Manager, AppsFlyer Ziad Ghalleb, Product Marketing, Wiz Arnon Trabelsi, Product Management, Wiz 💡 Register now --> https://lnkd.in/evQWhx8Z

🔧 Using SAST, DAST, or API Security tools in your organization? Application security teams face a growing challenge - too many tools with too many findings, making prioritization difficult. 🔒 #WizCode and the Wiz Integration (#WIN) Platform help unify findings from 3rd-party tools into a single, actionable view, enabling teams to prioritize and address critical issues faster with code-to-cloud context. "By utilizing a bi-directional integration, we close the gaps on both sides, providing the missing context for application security and development teams as well as the missing actionability for cloud and operations teams." Ori Bendet, VP of Product Management at Checkmarx 🔍 Learn more about Wiz Code's approach --> https://lnkd.in/e8UXMHCr