It is a very legitimate tool. It identifies misconfigurations and vulnerabilities in cloud deployments. Anything from a container with a known-vulnerable package in the manifest to a workload with improper firewall rules.
I understand those (I haven’t used them) to primarily be about software composition analysis. Wiz does that, but they are mainly known for Cloud Security Posture Management (the “you have an exposed S3 bucket”, “you have a workload with no inbound firewall”, “etc.”) and integrating things like SCA to increase alert fidelity (do you care as much that a workload has an inbound ACL allowing MongoDB connections from the Internet if the workload isn’t running MongoDB?)
Wiz is closer to the CNAPP field instead of the software composition analysis tools you mention, Snyk would fit here for SCA.
Sysdig, Palo Alto's Prisma Cloud, or a few others compete with Wiz's CNAPP offering. Wiz also strays into some SCA and SCA-alike tooling for containers, code or XDR with their CDR/XDR products log ingest and agents available for response/quarantine.
