Full Report
WizOS is in public preview starting today, enabling Wiz customers to adopt and operationalize secured images at scale.
Analysis Summary
# Tool/Technique: WizOS
## Overview
WizOS is a proprietary offering by Wiz presented as a set of secured, minimal container images built from source and custom-hardened by Wiz. Its primary purpose is to significantly reduce the container attack surface and vulnerability noise (CVEs) inherited from public, general-purpose base images by providing a trusted, continuously maintained foundation for containerized applications.
## Technical Details
- Type: Tool/Security Product (Secured Base Image Offering)
- Platform: Container environments (Implied, as it focuses on container images)
- Capabilities: Near-zero CVE/vulnerability count in base images, continuous maintenance with strict remediation SLAs, inclusion of SBOMs and provenance.
- First Seen: Announced in private preview earlier in 2025, publicly previewed on September 9, 2025.
## MITRE ATT&CK Mapping
*(Note: WizOS is a defense mechanism; therefore, it maps primarily to preventative or defensive measures, but its context relates to mitigating existing supply chain and vulnerability management techniques used by adversaries. As a product description, direct offensive MITRE mappings are less applicable, but the techniques it seeks to stop are listed below for context on the addressed threat.)*
- **Defense Evasion/Supply Chain Compromise Mitigation Context:**
- TA0005 - Defense Evasion (via reducing attack surface)
- TA0006 - Credential Access (Reducing unnecessary packages reduces potential leakage points. Indirect mitigation.)
- T1552 - Unsecured Credentials (Reduced exposure)
- TA0011 - Command and Control (Reduced complexity reduces potential hidden C2 channels)
## Functionality
### Core Capabilities
- **Secure Foundation:** Provides container images built from source in a custom-hardened pipeline, aiming for near-zero CVEs.
- **Maintainability:** Wiz maintains the images with strict Service Level Agreements (SLAs) for CVE remediation.
- **Transparency:** Provides Software Bill of Materials (SBOMs) and provenance data with every release.
### Advanced Features
- **Adoption Facilitation:** Integrates with the Wiz platform to provide container image inventory, risk posture assessment, prioritization of images for swapping, and contextual feedback in pull requests to drive developer adoption.
- **Platform Integration:** Works across the container lifecycle stages (code, build, registry, deployment, cloud, runtime) for comprehensive security context.
## Indicators of Compromise
*(WizOS is a solution, not malware. Indicators of Compromise are generally not applicable in the traditional sense, but rather indicators of *adoption* or *misconfiguration* relative to the tool.)*
- File Hashes: N/A
- File Names: N/A
- Registry Keys: N/A
- Network Indicators: N/A
- Behavioral Indicators: N/A
## Associated Threat Actors
- N/A (WizOS is a security product designed to counter threat actors leveraging vulnerable software supply chains.)
## Detection Methods
*(Detection focuses on ensuring proper usage of WizOS rather than detecting WizOS itself.)*
- Signature-based detection: N/A
- Behavioral detection: Monitoring for the presence and use of non-WizOS base images in production environments where WizOS is mandated.
- YARA rules: N/A
## Mitigation Strategies
- **Adoption:** Migrate existing container images to WizOS secured images to drastically reduce inherited vulnerabilities.
- **Visibility & Prioritization:** Use the Wiz platform to gain visibility into the existing container landscape and prioritize swaps based on risk posture.
- **Enforcement:** Implement policies (leveraging the Wiz platform context) to prevent untrusted, insecure images from reaching production.
## Related Tools/Techniques
- Hardened Base Images (General concept used by various organizations for supply chain risk reduction)
- Software Supply Chain Security Tools (e.g., tools focusing on SBOM generation and provenance verification)