Cloud security firm Wiz recently announced a massive fifth round of funding, bolstering its bank account by $1 billion — a price that values the company at $12 billion and sets the firm up to continue a recent spate of acquisitions.
Wiz plans to grow quickly and use the $1 billion to finance a buying spree in 2024, which the company has already dubbed “the year of security consolidation.” In December, Wiz purchased DevOps startup Raftt, which brings the ability to offload Kubernetes environments to the cloud and minimize developer downtime, and in April snapped up Gem Security in an estimated $350 million cash deal, adding that firm’s cloud detection and response capabilities to its portfolio.
Known for its aggressive growth strategy, Wiz does not plan to slow down, says Yinon Costica, vice president of product and a co-founder at Wiz.
“So what do we do with $1 billion? It is a lot of money,” he says. “It allows us to be ready for additional acquisitions. I think that there are many interesting domains in this space that are yet to be addressed, and we’re always looking for innovative teams that can solve them in a unique way.”
The $1 billion bet on the future of consolidating cloud security highlights many current trends facing the cybersecurity industry today. As a result of the coronavirus pandemic, companies pushed more operations into the cloud, which necessitated better security but created an extended attack surface. Companies such as Wiz and rival Orca Security aim to help companies tame their growing security requirements through consolidating security visibility and control across cloud platforms — such as Amazon, Google, and Microsoft — and cloud services.
“In addition, detection and remediation … is much more difficult in the cloud, as it covers the underlying cloud infrastructure, workloads, containers, and infrastructure as code,” Costica says. “Automatic remediations are also a priority — being able to fix automatically deviations from known good configurations and best practices, or compliance mandates.”
How to Spend $1 Billion
Companies that bring together cloud security controls from multiple platforms to improve visibility, detection, and response — what Gartner has dubbed cloud-native application protection platforms (CNAPPs) — have taken off in recent years, attracting massive investments. In 2021, Lacework set the bar high with a $1.3 billion Series D funding round, valuing the company at $8.3 billion. Also that year, Orca Security raised $550 million in a Series C round, raising the company’s value to $1.8 billion.
Orca Security, for one, does not plan to do another round of funding and instead focus on organic growth and the long haul, with health gross margins and a low burn rate, says Gil Geron, the firm’s CEO and co-founder. While acquisitions can be “done right,” they also bring risk, he says.
“We’ve seen it in the past, where some of the larger players did the same play — they invested billions of dollars in acquisitions of wonderful companies [to] try to integrate them and pay the cost of creating like a Frankenstein type of product,” Geron says. “We all know that M&A is very, very difficult.”
Underscoring the treacherous nature of startups and funding, Lacework — the company that had an $8.3 billion valuation less than three years ago — had negotiated to sell the business to Wiz for between $150 million and $200 million, but the deal fell through during due diligence, according to TechCrunch.
Best of Breed to Best of Platform?
Yet, the demand for consolidation in the cloud-security sector appears to be strong. At the RSA Conference this week, customers are increasingly looking not for a collection of best-of-breed solutions, but a “best of platform,” says Wiz’s Costica.
“Consolidation is a major force as customers want to operationalize a platform, and they don’t want the hassle of … trying to procure additional solutions and implementing them and training their teams,” he says. “It’s not like a Frankenstein mash-up of products that are sold together; it has to be a consolidated — truly consolidated — product with a single data layer that helps them to use it in a way that provides value.”
While cybersecurity providers, such as Wiz, are driven to consolidate to keep up with competitors, their business customers also want to manage fewer vendors and technologies, says Andras Cser, a Forrester vice president and principal analyst.
“Customers need lower license and maintenance costs [for their] cloud security tools,” he says, driving cloud-security firms — such as Palo Alto, Zscaler, and Trend Micro — to find ways to simplify and reduce costs.
Wiz does not plan to slow down. Both supporters and critics have called the company’s growth strategy “aggressive,” according to an August 2023 Forbes cover story.
Yet, Costica sees no issue.
“To be honest, I never understood what it means to ‘grow aggressively,'” he says. “I think we’re growing by the sheer interest we see in the market from customers, and we are eager to bring a new way of doing cloud security.”
Leave a Reply