Wiz Launches Free Cloud Framework to Drive Community-Backed Security

Wiz | December 15, 2022 | Read time : 03:00 min

Wiz Launches Free Cloud Framework to Drive Community-Backed Security
Wiz, the leading cloud security platform that rapidly enables customers to find and remove critical cloud risks, today announced its newest project, The PEACH framework, a tenant isolation framework for cloud applications. This framework will enable industry-wide collaboration and provide cloud customers and cloud application developers with the necessary guidance to build cloud services securely and prevent critical risks in the implementation process.

"Over the past year and a half, Wiz researchers and other members of the cloud security community discovered several cross-tenant vulnerabilities in various multi-tenant cloud applications. "Although these issues have been reported extensively and were dealt with appropriately by the relevant vendors, we've seen little public discussion on how to mitigate such vulnerabilities across the entire industry. This is where we see an opportunity to strengthen the collaboration between members of the security community."

Wiz CEO Assaf Rappaport

Beyond offering a guideline for organizations, PEACH is a starting point for empowering security teams to work together to establish standard transparency and common language when it comes to mitigating cloud threats.

Serving as a step-by-step framework for modeling and improving SaaS and PaaS tenant isolation, PEACH manages the attack surface exposed by user interfaces and provides a clear standard for transparency on tenant isolation assurance. Wiz developed the following parameters based on lessons learned to address the rising cross-tenant vulnerabilities, lack of a standard for transparency, and missing common langue among vendors:

  1. Privilege hardening – ensure tenants and hosts have minimal permissions in the service environment.
  2. Encryption hardening – confirm the data belonging to each tenant is encrypted with a unique key, regardless of where the information is stored.       
  3. Authentication hardening – validate that communication between each tenant and the control plane use authentication with a validated key unique to each tenant.
  4. Connectivity hardening – establish that all inter-host connectivity is blocked by default unless explicitly approved by the tenants involved.                                                        
  5. Hygiene – verify that unnecessary secrets, software and logs scattered throughout the environment are purged to avoid leaving clues or enabling quick wins for malicious actors.

The second part of the security review process consists of remediation steps to manage the risk of cross-tenant vulnerabilities and improve isolation as necessary. These include reducing interface complexity, enhancing tenant separation, and increasing interface duplication -- all while accounting for operational context such as budget constraints, compliance requirements, and expected use-case characteristics of the service.

This framework was reviewed and collaborated on with cloud security industry experts from AWS, Google, IBM, Netflix and Cisco. Instead of commercializing PEACH though, Wiz will be offering the framework for free.  

About Wiz
Wiz secures everything organizations build and run in the cloud. Founded in 2020, Wiz is the fastest-growing software company in the world, scaling from $1M to $100M ARR in 18 months. Wiz enables hundreds of organizations worldwide, including 30 percent of the Fortune 100, to rapidly identify and remove critical risks in cloud environments. Its customers include Salesforce, Slack, Mars, BMW, Avery Dennison, Priceline, Cushman & Wakefield, DocuSign, Plaid, and Agoda, among others. Wiz is backed by Sequoia, Index Ventures, Insight Partners, Salesforce, Blackstone, Advent, Greenoaks and Aglaé.


If you need to quickly adapt to constantly shifting users, applications and threats while keeping application and security policies synchronized, meet Security Service Edge (SSE). Watch how SSE—a cloud-native security solution—enables you to instantly integrate next-generation security capabilities into your existing network environments without disruption.


If you need to quickly adapt to constantly shifting users, applications and threats while keeping application and security policies synchronized, meet Security Service Edge (SSE). Watch how SSE—a cloud-native security solution—enables you to instantly integrate next-generation security capabilities into your existing network environments without disruption.

Related News


Orca Announces New Capabilities to Optimize Cloud Security and Cost

Orca Security | February 17, 2023

On February 16, 2023, Orca Security, a pioneer in agentless cloud security, announced that the Orca Cloud Security Platform now includes a cloud cost optimization framework, which assists organizations in reducing unnecessary cloud consumption and optimizing cloud costs while providing unrivaled security with the deepest and broadest visibility. By using its proprietary SideScanning™ technology, Orca is now applying unparalleled insights into cloud environments, thereby allowing organizations to track and manage cloud spend. Unlike other cloud cost management tools, Orca's platform has the ability to identify more opportunities for cloud cost savings by having a deeper understanding of cloud workloads and their operations. Despite considering cost efficiency a motivator for cloud adoption, several organizations are experiencing high expenses in their monthly cloud bills, mainly due to underutilization and forgotten cloud infrastructure resources. The 2022 State of the Cloud Report by Flexera indicates that organizations lose up to 32% of their monthly cloud expenses. Orca's Cloud Cost Optimization feature addresses the problem of wasteful cloud spending by continuously aggregating relevant alerts about unnecessary cloud infrastructure spending across all supported cloud service providers. These providers include Microsoft Azure, Amazon Web Services, Google Cloud, and Alibaba Cloud. In addition, the Orca platform simplifies the cost optimization process by categorizing alerts based on cloud infrastructure that is causing excessive spending, such as virtual machines, databases, keys, and load balancers, making deallocation quick and easy for organizations. Even though Stopped VMs on Google Cloud and AWS and deallocated VMs on Azure do not incur charges, many organizations are unaware that they still incur costs for the resources associated with those VMs until they are deleted. Orca assists organizations in recognizing resources attached to stopped or deallocated VMs to avoid incurring undesired charges, including Elastic IP addresses and EBS volumes on AWS, OS and data storage disks on Azure, and persistent disks and external IP addresses on Google Cloud. About Orca Security Founded in 2019, Orca Security is a leading global firm that provides agentless cloud security solutions to hundreds of enterprises. Its Cloud Security Platform can detect, prioritize, and fix security risks and compliance issues across cloud environments such as Azure, AWS, Google Cloud, and Kubernetes. The company's patented SideScanning™ technology and Unified Data Model make security possible for organizations moving to and scaling in the cloud and enable them to secure their cloud infrastructure while providing comprehensive coverage and visibility of all risks. With continuous first-to-market innovations, the Orca Platform ensures security teams can quickly identify and remediate risks, keeping businesses secure.

Read More


Cyware's Threat Intelligence Platform Available on AWS Marketplace

Cyware | February 15, 2023

On February 14, 2023, Cyware, a global leader in threat intelligence platforms (TIP), security orchestration and automation (SOAR) and security cooperation, announced the availability of its Intel Exchange (CTIX Lite) solution on the Amazon Web Services Marketplace. This cloud-hosted platform is a fully connected, automated TIP that uses ML and AI to automatically ingest, correlate, evaluate and act on threat data from several external sources and internal security tools. Cyware Intel Exchange is employed by hundreds of corporations worldwide and powers most of ISAO, ISAAC, CERTS, and other threat intelligence-sharing communities that provide substantial threat warnings to their member organizations. AWS Marketplace is an online platform that enables users to locate, purchase, and begin utilizing the software and services they require to create products and manage their businesses. Visitors to the marketplace may get access to ready-to-use software quickly and just pay for what they use. Cyware's Head of Technical Alliances, Shahar Kodraty, commented, "We're excited to make our powerful threat intelligence platform available to a wider audience through the AWS Marketplace while simplifying procurement for our joint customers." He added, "This will enable businesses of any size to cost-effectively access our industry-leading TIP platform within minutes, and greatly improve their threat intelligence management and dissemination." (Source – Business Wire) About Cyware Founded in 2016, Cyware is a leading product-based cybersecurity firm. It provides a comprehensive range of innovative cyber fusion solutions for all-source strategic, technical, tactical and operational threat intelligence sharing and threat response automation. The company's enterprise solutions are designed to encourage safe collaboration, improve threat visibility, instill cyber resilience and offer required control by providing enterprises with automated context-rich analysis of threats for proactive action without sacrificing human judgment. Its clientele include Fortune 500 healthcare, financial, energy, and defense enterprises, trade associations, multinational retail firms, industry associations (including ISAOs and ISACs), non-profits, and government agencies.

Read More


Privacera Announces Integration with Databricks Unity Catalog

Privacera | February 23, 2023

On February 22, 2023, Privacera, a leading SaaS-based data security and access governance platform, announced its integration with Databricks Unity Catalog. Through this integration, users of both Privacera and Databricks can now facilitate data discovery and access across the Databricks Lakehouse Platform, including seamless migration of existing Privacera policies. Privacera increases the ability of its users to provide a holistic unified data security platform, protecting all data assets, including modern cloud-native data warehouses, on-premise legacy data sources, modern data lakehouses, and data mesh architectures. Users can trial these capabilities and spin up Privacera and Databricks together through pre-configured integration settings on Databricks Partner Connect, simplifying the process of testing a secure, well-governed data lakehouse with minimal administrative effort. The Unity Catalog integration supports table/view level access control, dynamic column-level data masking, dynamic row-level filtering, attribute-based access control, tag-based policies, and file/object level access control. Privacera enables enterprise data teams to protect sensitive data and promote privacy by securely managing data access policies across multiple on-premise, hybrid, and multi-cloud data sources, automating manual governance processes to reduce time to insights. It is the only open-standards-based data security governance firm, natively integrating with the most popular data and analytic sources. Its scalable and data query performance architecture has made it the solution of choice for many Fortune 500 organizations worldwide. Privacera's CEO Balaji Ganesan commented, "Securing and governing the modern data lakehouse is a non-trivial challenge for its users and that's why we've invested in extending our modern data security governance capabilities to the Unity Catalog-powered data lakehouse." He further emphasized, "Our users can seamlessly apply the security and governance controls to Unity Catalog and other sources with ease and at scale, and through a proven, open security standard." About Privacera Privacera is a SaaS-based data security and access governance platform established in 2016 by the founders of Apache Ranger™ and Apache Atlas™. The platform enables data and security teams to simplify data security, access and privacy for data applications and analytical workloads. Its centralized data access governance platform extends beyond traditional Big Data environments to cloud-native services and analytics platforms such as AWS, GCP, Azure and Databricks and enables data democratization without compromising on compliance with data access control, data discovery, and encryption. In addition, the platform ensures compliance with regulations such as GDPR, LGPD, CCPA, and HIPAA while maximizing usability for data science and analytics teams.

Read More