I understand those (I haven’t used them) to primarily be about software composition analysis. Wiz does that, but they are mainly known for Cloud Security Posture Management (the “you have an exposed S3 bucket”, “you have a workload with no inbound firewall”, “etc.”) and integrating things like SCA to increase alert fidelity (do you care as much that a workload has an inbound ACL allowing MongoDB connections from the Internet if the workload isn’t running MongoDB?)
No comments yet.