Cloud technology has revolutionized the data economy, liberating data from the confines of on-premise silos and servers. Instead, it now flows through a dynamic ecosystem of cloud service providers, applications, APIs, and containers. However, this newfound flexibility comes with risks, as any unchecked vulnerability or misconfiguration within this intricate web can potentially expose critical data. This underscores the growing importance of comprehensive cloud security.
Many organizations are still ill-equipped to face this reality, relying on an average of six different tools to secure their cloud infrastructure. To address this challenge, several cybersecurity vendors are working on providing more streamlined solutions for cloud security.
One such notable provider is Wiz, which recently secured $300 million in a Series D funding round. Wiz specializes in Cloud Security Posture Management (CSPM) and offers a Cloud-Native Application Protection Platform (CNAPP). These tools empower security teams to monitor cloud services, APIs, and containers for vulnerabilities and misconfigurations.
This latest funding round, spearheaded by Lightspeed Venture Partners and Greenoaks Capital Partners, elevates Wiz’s valuation to an impressive $10 billion. It solidifies Wiz as the largest “cyber-unicorn,” underlining investors’ recognition of the paramount importance of safeguarding enterprise data in the cloud.
Consolidating cloud security
In decentralized cloud environments, traditional cybersecurity methods prove ineffective. According to research conducted by Venafi, a staggering 81% of organizations encountered security incidents related to the cloud within the past year, with 45% of them enduring at least four such incidents.
The elevated incidence of cloud breaches can be attributed to various factors, including a deficiency in cloud expertise and under-resourced security teams. However, the most prominent underlying issue is the lack of visibility into data assets and vulnerabilities. Many organizations struggle to pinpoint weaknesses and misconfigurations across their expansive attack surfaces.
As Assad Rappaport, the co-founder and CEO of Wiz, aptly noted, “The cloud is characterized by its agility and dynamism, which fuels rapid corporate expansion. Nevertheless, this very attribute also makes securing the cloud a formidable challenge because it is constantly evolving.”
Rappaport further emphasized the inadequacy of conventional approaches in coping with the intricate and ever-changing nature of cloud environments. To address these challenges, a cloud-native approach is imperative.
Wiz proposes a comprehensive solution to fortify cloud security by consolidating Cloud Security Posture Management (CSPM) and Cloud-Native Application Protection Platform (CNAPP) capabilities into a unified platform. This platform also incorporates data security posture management, external attack surface management (EASM), and cloud detection and response (CDR) functionalities. This amalgamation aims to empower organizations to enhance and streamline their threat detection and response capabilities within the cloud environment.
For instance, security teams can continuously scan hybrid cloud setups, infrastructure as code (IaC), and containers for potential misconfigurations. When identified, these vulnerabilities can be automatically rectified to thwart potential exploits that might expose data to malicious actors.
The platform additionally offers a security graph that categorizes and correlates attack pathways. This enables both developer and security teams to gain insights into the root causes of breaches and facilitates swift and informed responses to security incidents.
A brief look at the CNAPP market
Wiz’s solution operates within the global CNAPP market, which was assessed at $7.8 billion in 2022 and is projected to reach $19.3 billion by 2027, as more organizations recognize the importance of their cloud adoption strategies.
In this competitive landscape, Wiz faces established players like Palo Alto Networks, which offers its own CNAPP named Prisma Cloud. Prisma Cloud excels in real-time inspection of cloud workloads for misconfigurations and vulnerabilities. It leverages machine learning to identify typical baseline activities and issues alerts for any unusual behavior. Palo Alto Networks reported $84.2 million in revenue in the last quarter.
Another contender, Lacework, provides a CNAPP that includes infrastructure as code (IaC) scanning, runtime vulnerability scanning for workloads, container images, hosts, and language libraries. Additionally, it employs anomaly detection for threat identification. Lacework’s current valuation stands at $8.3 billion.
Rappaport asserts that Wiz’s primary distinguishing feature is its emphasis on real-time risk management. According to Rappaport, “Wiz introduces a novel approach, enabling businesses to securely embrace the cloud by continually identifying and mitigating the most relevant risks. Wiz can be deployed within minutes using an agentless, API-centric approach to seamlessly scan workloads, providing complete visibility into cloud environments.”