Wiz extends runtime protection to Windows, aims to close persistent cloud security gap

Cloud security platform Wiz has launched the public preview of its Runtime Sensor for Windows, which will now protect workloads not only on Linux but also on Windows. This will help security professionals gain visibility into their hybrid and multi-cloud infrastructure, especially in environments that use Windows virtual machines and mixed Kubernetes clusters.

Until now, many security teams monitored Windows servers with separate endpoint or detection tools while using cloud native controls for infrastructure oversight. As a result, investigations often required jumping between dashboards. With the Windows runtime sensor, Wiz connects workload level signals with cloud control plane data inside a single platform, allowing teams to follow an incident from initial access to potential credential theft.

The company designed the Windows sensor with system stability in mind. Instead of placing heavy logic inside the kernel, the sensor keeps its footprint minimal and shifts processing to user space. In addition, developers built significant components in Rust to reduce memory related risks that frequently cause crashes in traditional agents. According to Wiz, the sensor also maintains predictable resource usage, which matters for organizations running performance sensitive workloads.

The update also introduces runtime validation for Windows servers. Rather than flagging every theoretical vulnerability, the sensor tracks which libraries and packages actually load into memory. As a result, security teams can focus on vulnerabilities that attackers may exploit and put off patches that are not immediately threatening. This is a solution to the problem that many administrators have described as vulnerability fatigue.

In addition, the sensor allows for custom detection rules and automated runtime responses. For instance, if the system identifies malicious access to LSASS memory or attempts to fetch credentials from an instance metadata service, it can automatically initiate containment responses. In this case, contextual forensics provide logs and artifacts to facilitate faster investigations.

With the extension of runtime monitoring to Windows workloads on AWS, Azure, GCP, and hybrid clouds, Wiz is getting closer to a comprehensive cloud security model. This will be beneficial for organizations that have both legacy Windows servers and cloud-native infrastructure.