Skip Navigation
Get a Demo
 
Share
 
 
 
 
 
 
 
 
Resources Blog Product updates

Clear skies ahead with Wiz visibility and Red Canary MDR

Clear skies ahead with Wiz visibility and Red Canary MDR

Red Canary brings its AI-powered investigations to Wiz’s cloud-native application protection

Allie Barnes
Originally published . Last modified .

Facing a rapidly evolving landscape with cloud attacks on the rise, organizations need to invest in robust services to safeguard their critical data. However, security teams are overwhelmed. Often grappling with prioritizing a deluge of cloud risks, connecting cloud posture to active threats, and the pervasive problem of alert fatigue.

 

Our latest integration with Wiz was built to solve these exact problems. Powered by our Wiz Investigation Agent, it connects Wiz’s deep cloud visibility to our world-class MDR, signaling our commitment to helping organizations achieve unparalleled visibility and protection across their cloud environments.

How the Wiz Investigation Agent works

Cloud-forward organizations depend on Wiz for comprehensive visibility into risks across their entire cloud footprint. While Wiz is great at surfacing these threats, Red Canary pairs that visibility with a specialized Investigation Agent to automatically run investigations the moment an alert comes in.

Designed to function like a Tier 2 SOC analyst, this agent enables us to:

Adapt to the threat: The agent uses a dual-path architecture to handle diverse cloud threats, instantly applying deep process forensics to endpoint alerts and behavioral baselining (UEBA) to identity alerts.

Screenshot of threat investigation in the Red Canary Portal

 

Give the agent a specific job: We don’t just ask the agent to “check alerts.” We assign it a defined role, just like a new team member. It follows a strict job description which mandates it to correlate Wiz data with available intelligence and context to validate findings.

Here are some examples of the rigorous job our Wiz Investigation Agent performs:

  • Intelligent agent triage and data extraction: Identifies the type and origin of a Wiz alert (endpoint, identity, or control plane logs) and extracts critical data like user, IP, and process details for deep analysis.
  • Deep endpoint forensics: For alerts involving cloud endpoints, the Agent scrutinizes process execution details, checks file hash reputation, matches indicators with intelligence, and detects suspicious process patterns.
  • Comprehensive threat investigation: For threats targeting cloud identities and access, the agent correlates Wiz alerts with authentication audit logs from key identity providers like Entra ID, Okta, and Cisco Duo. Our agent meticulously evaluates authentication security, analyzes IP intelligence, examines device compliance and trust (via Entra enrollment status or Duo checks), and compares current user session attributes against a baseline to identify anomalous access patterns or inconsistent behaviors.
  • Contextual intelligence and customization: Applies customer-specific configurations like trusted IP ranges or suppression rules, and generates risk-based decisions with supporting evidence.


Accelerate response: The agent handles triage automatically, generating the clear narrative and context your team needs to investigate. It explains exactly why an alert is benign or a threat, so you can stop threats fast without getting buried in raw logs.

Comment with additional threat context in the Red Canary portal

Once our Investigation Agent has completed its job, our human experts review and validate its findings. Once our human experts validate these findings, high-fidelity threats are escalated to your team. Should you need further assistance or have questions about a threat, our experts are readily available to help guide you.

So what does this mean for you?

By maximizing your Wiz investment with Red Canary MDR, you strip away complexity and streamline your cloud security operations. You’ll benefit from:

  • Reduced alert fatigue: Our detection engineers act as an extension of your team, sifting through Wiz threats so you only get notified about verified threats that require your attention.
  • Faster prioritization & response: By focusing solely on confirmed threats, your team can dramatically reduce mean time to respond (MTTR) and allocate your valuable security resources effectively.
  • Expert insight for cloud risks: Leverage Red Canary’s proven MDR expertise to interpret and prioritize even the most complex cloud threats identified by Wiz.

Red Canary and Wiz bring together deep visibility and decisive action, empowering you to stay one step ahead of sophisticated cloud adversaries.

ON-DEMAND WEBINAR
See Red Canary's Wiz integration in action as our experts break down the features and benefits.
Related Articles
 

The key of AI: How Agentic Tuning can make your detection strategy sing

 

Accelerate investigation and response with Red Canary and Zscaler Internet Access

 

Respond faster and empower users with Red Canary Managed Phishing Response

 

Announcing Red Canary MDR for Cisco Duo

Subscribe to our blog

 

See Red Canary in action

Watch the 10-minute demo now.
Watch the demo

Security gaps? We got you.

Sign up for our monthly email newsletter for expert insights on MDR, threat intel, and security ops—straight to your inbox.

 
 
 
 
Back to Top