Traditional cloud security tools are typically catered to security teams, making it challenging to scale and democratize security to other teams in organizations. At Wiz, our goal is to help organizations democratize security so they can innovate faster in the cloud. The Wiz Security Graph already simplifies cloud security and makes it more accessible to other teams developing in the cloud, with over 50% of our active users being developers. We wanted to make it even simpler for AWS builders to quickly gain insights into their cloud security posture and risks. Many developers typically work in the AWS Management Console and are assigned security tickets in other tools. Developers may need to jump between the ticketing system, AWS, and the security tool to see the issues they need to remediate. Wiz together with AWS brings security to the forefront of the build process to make it simple for AWS users to gain security insights.
As an AWS Security Competency Partner, we are excited to extend our partnership with AWS to Amazon Q to make it easier for customers to secure everything they build and run in the cloud. By leveraging generative AI with the new Amazon Q Developer plugin for Wiz, we can enable organizations to simplify security operations and bring it directly to their AWS console
Oron Noah, Vice President of Product Extensibility & Partnerships at Wiz
We are excited to make security even more accessible for AWS developers with a new Wiz plugin from Amazon Q Developer that brings the power of Wiz Cloud-Native Application Protection Platform (CNAPP) directly to their AWS console. Amazon Q Developer helps builders with all of their tasks— from coding, testing, and upgrading, to troubleshooting, optimizing AWS resources, and creating data engineering pipelines.
This integration makes it easier for developers to ask questions about the security posture in AWS using human-language and gain immediate insights into any risks in their environment.
Amazon Q Developer makes it easier for developers to uphold security best practices so that they can focus on innovating, and we are continuing this work with Wiz. By extending Amazon Q Developer’s abilities to access Wiz's CNAPP capabilities, developers can more seamlessly and deeply incorporate security into their daily workflows and build with confidence.
Deepak Singh, Vice President of Next Generation Developer Experience at AWS
For example, a user can ask Amazon Q: “What are my critical severity issues in Wiz?” and get a list of the most pressing risks they need to focus on. Wiz prioritizes risks that result in attack paths in the environment by combining multiple risk factors across misconfigurations, vulnerabilities, identities, data, secrets, and more on the Wiz Security Graph. These types of critical attack paths allow an attacker to reach crown jewels in the environment or escalate permissions to admin and need to be prioritized and remediated. For example, in the below screenshot, we can see the critical risks that Wiz flags down.
When a developer asks Amazon Q for the most critical issues in their environment, they know they are focusing their time on the risks that matter and effectively increasing their security posture.
Another example where you could explore the security posture of your environment without needing to leave AWS is to assess the posture of your AWS resources. By asking Amazon Q “What is the riskiest asset I have in my AWS environment?” you could get a list of all the resources that need your attention now. This allows you to prioritize your remediation efforts on a resource that will make the greatest impact on your security posture. By giving you the tools to assess the security posture of your resources without needing to leave AWS, you can effectively focus your efforts and reduce operational overhead.
With the new Amazon Q Developer plugin, organizations can:
Improve security posture in AWS: gain immediate security insights directly in the AWS console to remove risks quickly
Democratize security to developers: scale security across the organization by making it accessible for developers to quickly understand security posture
Reduce operational overhead: leverage the same console already used for building on AWS to understand the security posture and reduce time it takes to switch platforms
Get started now with the new plugin here. To learn more about this integration, you can visit the Wiz Docs (login required) or Amazon Q Developer docs.
