If Wiz isn’t an option post acquisition… what’s your #1 alternative?
Posted by Proper_Bunch_1804@reddit | sysadmin | View on Reddit | 10 comments
If Wiz gets fully absorbed into Google’s GCP ecosystem, what are the best alternatives left for AWS & Azure users?
Top contenders being discussed:
- Orca Security – Fully independent, strong agentless CNAPP
- Lacework – Decent alternative, but mixed reviews
- Microsoft Defender for Cloud – Good if you're already in Azure
- CrowdStrike Falcon – More security-driven than compliance-focused
Anyone already made the switch? Pros & cons?
Tiny_Habit5745@reddit
Did a PoV with Orca and decided to move forward with Upwind. imho they're best with their sensor gathering runtime context.
earlyadapter_99@reddit
Agree. Former Wiz customer, moved to Upwind. By far the strongest runtime capabilites, and catching up quickly on CSPM/ other areas.
Rodrigoak77@reddit
I'll be contrary here - I still recommend Wiz for those who haven't migrated yet. Their detection engineering capabilities remain top-tier even post-acquisition.
The biggest strengths in my experience are their graph-based approach to attack path analysis and the quality of their SecOps integrations. We're running it across our multi-cloud environment (80% AWS, 20% Azure) and the unified policy framework has saved our team countless hours of custom rule writing.
If you're concerned about the acquisition impact, I'd recommend reaching out to your TAM about their roadmap. Ours walked us through their post-acquisition strategy and the technical leadership continuity plans, which honestly addressed most of our concerns.
The CSPM capabilities are still best-in-class, especially for organizations dealing with complex compliance requirements. Their auto-remediation workflows have matured significantly over the last two quarters.
Just my 2 cents after running it in production across three different enterprise environments. Your mileage may vary depending on your specific attack surface and compliance requirements.
Knifeparty103@reddit
There isn’t a perfect one-to-one Wiz replacement, but the closest agentless CNAPP alternatives are Orca and Lacework. We ran a POC with both, and the biggest difference was how they prioritize risk. Lacework provided a lot of findings but required heavy tuning to get meaningful insights. Orca was better, the automatic risk prioritization for real-world attack paths was good but the team are the real reason we decided on them. Email my CSM at 11:00 PM on a thursday after my VP called in a “crisis” and they were there with us until like 2 am. It was honestly amazing. which made it an easy choice.
BloodFeastMan@reddit
That's good to know
iPaul_1@reddit
We switched to Orca two months ago, and I have to say it’s a relief not to worry about what Google will do next. Their real-time risk assessment is easily the best I’ve seen outside of Wiz.
paullinaas@reddit
Microsoft Defender for Cloud is solid if you're an Azure shop, but it’s rough if you need AWS too. We tried a hybrid approach, and it was painful. Anyone actually happy with an Azure/AWS hybrid solution?"
Stephen_Dann@reddit
Orca, a client got burnt by them a few years ago. They won't tell us why shit happened. Only on an internal need to know CNAPP, never used so can't comment.
SpotlessCheetah@reddit
SentinelOne also has CNAPP that I demoed and is pretty cool to use.
thortgot@reddit
GCP is very adamant about multi cloud, I'd argue it's more likely GCP is pushing towards fully automated posture standardization across multi cloud configuration.
Using that as in the inroads to establish GCP as the easy "second" partner since they are dramatically behind on IaaS hosting compared to AWS and Azure.