Wiz’s rise to $10 billion shows cloud security is ‘still huge’

Over the past year, the tech landscape has been dominated by stories of downsizing due to rising interest rates, inflation, and worries about economic turmoil. Even in growth areas like the cloud, businesses are reeling from spending.

Don’t tell Wiz that.

The cybersecurity software vendor said in August it hit $100 million in annual recurring revenue after selling its product for just a year and a half. Nine months later, the turnover reached 200 million dollars.

Wiz’s technology detects vulnerabilities lurking in the public clouds that so many enterprises use to offload their data storage and compute needs to Amazon, Microsoft And Google. The accelerated move to cloud computing has spurred the adoption of security software that can identify where hackers can carry out attacks.

Far from making layoffs, the 700-person startup announcement in February, a $300 million funding round at a $10 billion valuation. His client list now includes Chipotle, Colgate-Palmolive, Morgan Stanley And Snowflake.

“For us, it’s still an unlimited market,” Assaf Rappaport, co-founder and CEO of Wiz, told CNBC in an interview. “The opportunity is still huge, so we can still grow in the triple digits a year, and even through a downturn and potential recession.”

Wiz’s provocative growth propelled the three-year-old company to CNBC’s 2023 Disruptor 50 list, where it ranked fifth, the highest among the five cybersecurity names that made this year’s list. The others are Vanta at No. 17, Arctic Wolf at No. 22, Orca Security at No. 24, and Snyk at No. 40.

Wiz, which has offices in Israel, New York and Denver, is part of a long-term technology trend. Over the past decade, giant corporations such as Goldman Sachs And walmart have become more willing to push critical data and workloads to the cloud. The same goes for large government entities like the Central Intelligence Agency and the Food and Drug Administration.

What started as a playground for startups has become the status quo for IT departments. The transition has accelerated during the pandemic as companies have had to adapt quickly to remote working.

Older security companies such as Palo Alto Networks And Quick7 expanded their portfolios to specialize in securing the cloud.

But it’s not just about being in the right place at the right time. Even Wiz’s competitors have to reckon with a more spendthrift customer base. In February, Rapid7 CEO Corey Thomas told analysts on a conference call that company executives were struggling to free up money for security projects and that deals were taking longer to complete. to conclude.

Elsewhere in security software, the market is even tougher. Cybereason, a leading player in endpoint protection, has made the Disruptor 50 list for the past two years. However, after cutting hundreds of jobs last year and dropping out of IPO talks, the company slashed its valuation by 90% in April (from a peak of $2.7 billion) during of a new round of financing, according to Axios. Other security vendors, including Sophos and Snyk, also announced layoffs.

Public investors are also in no mood to buy. The Global X Cybersecurity exchange-traded fund is down 16% in the past 12 months, underperforming the S&P 500 index, which has been roughly flat over this period.

Rapid7’s Thomas said in an interview that Wiz, as a highly regarded startup, is going through a VC-backed growth phase, highlighted by excessive sales and marketing spend. This period, he says, usually lasts no more than three to four years.

“You can’t do this forever,” Thomas said. “You need to have a stable business model.”

A spokesperson for Wiz told CNBC the company emphasizes “smart growth” rather than profitability, and said sales and marketing expenses were low relative to revenue. Rappaport said Wiz’s growth has been driven by word of mouth, as users tell other users about the software.

Regardless of how Thomas views Wiz, in February his company added the startup to its list of competitors, putting it alongside Palo Alto Networks. Thomas said the market is young and evolving.

“People are just starting to secure the cloud,” he said. “We win some, we lose some.”

Rappaport named Palo Alto Networks, which offers an offering called Prisma Cloud, as its company’s best place to land business.

“Probably the product we replace the most is Prisma Cloud,” Rappaport said, adding that it’s not a price battle because Wiz is “generally more expensive than any other product.”

Much of Palo Alto’s cloud expansion has been through acquisition, with CEO Nikesh Arora allocating more than $3 billion in recent years to purchases to bolster his company’s presence in the space. Rappaport said that while he stuck to the strategy, the result was a “Frankenstein mashup”.

“They’re still figuring out how to make it one platform,” Rappaport said.

Ankur Shah, senior vice president of Palo Alto Networks, defended his company’s technology and said Wiz was not the right choice for customers who want to protect their assets.

“Wiz is all about visibility,” Shah said. “Visibility is good. Safety is better.”

A spokesperson for Wiz challenged that notion and said the company’s technology “helps organizations detect, prioritize, prevent and resolve issues.”

While Wiz is gaining ground against industry stalwarts, there’s still a long way to go. A KeyBanc survey conducted in the first quarter of technology resellers and channel partners showed that 28% of respondents considered Palo Alto Networks the best-positioned cloud security provider, while 24% chose Microsoft and 4% chose Wiz.

One of the main ways Wiz rose to prominence so quickly is by uncovering potential issues involving consumer software. In March, Wiz disclosed a vulnerability in Microsoft’s Azure Active Directory login service that would have allowed attackers to alter the results people see in Microsoft’s Bing search engine. Microsoft fixed the issue and said “no unintended access occurred”.

Wiz also has find several vulnerabilities in Microsoft’s Azure cloud infrastructure, a product the company knows well because many of its customers use it. Rappaport also knows a lot about Microsoft, having sold its previous security startup, Adallomto the company for $320 million in 2015.

Microsoft’s advantage, according to Rappaport, is its expertise in quickly assessing the risk of a threat and building the right teams to deal with it.

“They have the most scars on their hands,” he said.