Data for nation state espionage and industrial espionage?
Whoever owns Wiz obtains read only access to large company and government cloud networks. Even in the Wiz outpost model where the scanning engine is deployed into the user's own cloud network, results from scans are sent back to Wiz Cloud, and this includes sensitive information such as "Installed packages, Exposed secrets, Malware detection".[1] For an example real world deployment, GitLab SaaS public documentation expects the "Wiz Runtime Sensor" to be installed in every container.[2] This Wiz software requires highly elevated privileges to a level that the GitLab security risk assessment only briefly describes.[3]
The data Wiz collects on customers appears to allow answering of queries such as:
1. Which containers of government agencies in country X have the xz-utils library installed? Of these containers, what other software is installed alongside? How many of these containers are exposed to the Internet, directly or indirectly?
2. Which government agencies in country X have a publicly exposed service vulnerable to CVE-20xx-xxxx?
3. For top 200 companies, plot the popularity of AWS or Azure service ACME123 over the past 12 months compared to competing Google service ACME456.
Aside from security risks of having sensitive information of entire governments or large organisations hoovered up by Wiz, use of the "Wiz Runtime Sensor" also includes the risk of an incident similar to the failed CrowdStrike Falcon Sensor update of 2024.
The criticisms above are not specific to Wiz. There are many other competing products/services with similarly poor architectures and lack of protection of sensitive IT system information of governments and large organisations.
