Wiz uses its own platform to continuously secure its cloud environment and to support SOC 2 Type 2 compliance, covering 26% of required controls with the strongest overlap in the Security trust principle. The platform’s capabilities—Mika AI, Graph Search, Inventory, Compliance Frameworks, and reporting—streamline GRC workflows, automate evidence collection, and speed audits. #Wiz #MikaAI
Keypoints
- Wiz leverages its platform internally (Wiz4Wiz) to continuously secure its environment and validate SOC 2 compliance rather than treating audits as one-off events.
- In Wiz’s 2025 external audit, Wiz’s capabilities helped cover more than 26% of the controls across SOC 2 Trust Services Criteria, with the strongest overlap in Security.
- Core Wiz capabilities highlighted: Mika AI and Graph Search for fast investigation, Inventory for real-time asset visibility, Compliance Frameworks for mapping findings to SOC 2, and reporting/boards for audit management.
- The Wiz Inventory enables tracing of access (e.g., mapping GitHub repository access to SSO roles) to demonstrate RBAC and access control evidence to auditors.
- Compliance Frameworks provide out-of-the-box SOC 2 mappings, continuous monitoring, and alerting to move from manual checks to automated, audit-ready evidence.
- Shared boards and pre-loaded widgets/reports streamline audits, create reusable templates, and let internal audit teams monitor inventory, alerts, and risk over time.
- Wiz positions GRC, Risk, and Governance as interconnected pillars and enables closer collaboration between GRC analysts and security engineers for continuous assurance.
MITRE Techniques
- [T1609] Container and Resource Discovery – Wiz Inventory provides a comprehensive, real-time view of cloud resources and users, enabling discovery and traceability: ‘The Wiz Inventory provides a comprehensive, real-time view of all our cloud resources, users, and data.’
- [T1078] Valid Accounts – Inventory and RBAC tracing demonstrate valid account access and role mappings, e.g., mapping a GitHub user’s repository access to their SSO role: ‘we can easily trace a GitHub user’s repository access back to their role in our SSO.’
- [T1082] System Information Discovery – Mika AI and Graph Search enable rapid queries of the Wiz Security Graph to find information about the environment during audits: ‘Mika AI… allows us to quickly find the information we need… or running a complex query through the Wiz Security Graph.’
- [T1588] Gather Victim Host Information – Compliance Frameworks and continuous monitoring collect environment and configuration data to produce audit-ready evidence and risk prioritization: ‘the out-of-the-box mapping to SOC 2 criteria makes it easy to translate our security findings into audit-ready evidence.’
- [T1611] Cloud Resource Discovery – Inventory and continuous monitoring identify and maintain an up-to-date asset inventory across cloud platforms: ‘The Wiz Inventory provides a comprehensive, real-time view of all our cloud resources…’
Indicators of Compromise
- [Configuration/Control Coverage] coverage metrics – Examples of coverage: Wiz helped cover ~26% of SOC 2 controls; specific overlaps shown for Security (23%), Availability (35%), Processing Integrity (28%), Confidentiality (30%), Privacy (24%).
- [Platform Features] feature examples referenced as evidentiary artifacts – Mika AI queries, Security Graph queries, Inventory records (e.g., user-to-role mappings), Compliance Framework mappings, and shared audit boards.
- [Report Artifact] audit scope and controls tested – 191 controls tested mapping to 61 unique SOC 2 criteria (used as audit evidence).
Read more: https://www.wiz.io/blog/wiz-transforms-soc-2