From left, Wiz employees Yaniv Shaked, Idan Gazit, Adi Leist Sharon, Guy Rozendorn, George Pisha, Eyal Wiener in Israel in March 2021.
Over the past year, the tech landscape has been dominated by stories of downsizing due to rising interest rates, inflation and concerns about economic tumult. Even in growth areas like the cloud, businesses are reeling in spending.
Don’t tell that to Wiz.
The cybersecurity software vendor said in August that it reached $100 million in annual recurring revenue after selling its product for just a year and a half. Nine months later, the revenue figure reached $200 million.
Wiz’s technology spots vulnerabilities hiding in the public clouds that so many companies are using as they offload their data storage and computing requirements to Amazon, Microsoft and Google. The accelerated shift to cloud computing has boosted adoption of security software that can identify the spots where hackers can wage attacks.
Far from conducting layoffs, the 700-person startup announced in February a $300 million funding round at a $10 billion valuation. Its client list now includes Chipotle, Colgate-Palmolive, Morgan Stanley and Snowflake.
“For us, it’s still an unlimited market,” Assaf Rappaport, Wiz’s co-founder and CEO, told CNBC in an interview. “The opportunity is still huge, so we can still grow in triple digits a year, and even in a downturn and potential recession.”
Wiz’s defiant growth propelled the three-year-old company onto CNBC’s 2023 Disruptor 50 list, where it ranked fifth, the highest among the five cybersecurity names that made this year’s list. The others are Vanta at No. 17, Arctic Wolf at No. 22, Orca Security at No. 24 and Snyk at No. 40.
Wiz, which has offices in Israel, New York and Denver, is playing into a long-term trend in technology. Over the past decade, giant enterprises such as Goldman Sachs and Walmart have become more willing to push critical data and workloads to the cloud. So have large government entities like the Central Intelligence Agency and the Food and Drug Administration.
What started off as a playground for startups has become the status quo for IT departments. The transition accelerated during the pandemic as companies had to quickly adapt to remote work.
But it’s not just a matter of being in the right place at the right time. Even Wiz’s competitors are having to reckon with a more spendthrift customer base. In February, Rapid7 CEO Corey Thomas informed analysts on a conference call that corporate executives have been finding it harder to free up money for security projects and that deals were taking longer to close.
Elsewhere in security software, the market is even more challenging. Cybereason, one of the top players in endpoint protection, made the Disruptor 50 list each of the past two years. However, after cutting hundreds of jobs last year and abandoning talks of going public, the company slashed its valuation by 90% in April (from a peak of $2.7 billion) in a new funding round, according to Axios. Other security vendors including Sophos and Snyk have also announced layoffs.
Public investors are not in a buying mood either. The Global X Cybersecurity exchange-traded fund is down 16% over the past 12 months, underperforming the S&P 500 index, which is about flat during that stretch.
Thomas from Rapid7 said in an interview that Wiz, as a richly valued startup, is enjoying a phase of venture-backed growth highlighted by excessive sales and marketing spending. That period, he says, generally lasts no more than three to four years.
“You don’t get to do that indefinitely,” Thomas said. “You’ve got to have a stable business model.”
A Wiz spokesperson told CNBC that the company is emphasizing “smart growth” over profitability, and said sales and marketing spending is low in relation to revenue. Rappaport said Wiz’s growth has been driven by word of mouth, as users tell other users about the software.
Regardless of how Thomas views Wiz, in February his company added the startup to its list of competitors, putting it alongside Palo Alto Networks. Thomas said the market is young and evolving.
“People are just now starting to secure the cloud,” he said. “We win some, we lose some.”
Rappaport called out Palo Alto Networks, which has an offering called Prisma Cloud, as his company’s best place to snag business.
“Probably the product that we are replacing the most is Prisma Cloud,” Rappaport said, adding that it’s not a pricing battle because Wiz is “usually priced higher than any other product.”
Much of Palo Alto’s expansion into the cloud has come via acquisition, with CEO Nikesh Arora allocating over $3 billion in recent years to purchases to build his company’s presence in the space. Rappaport said that while he respects the strategy, the result has been a “Frankenstein mashup.”
“They’re still figuring out how to make it one single platform,” Rappaport said.
Ankur Shah, a senior vice president at Palo Alto Networks, defended his company’s technology and said Wiz isn’t the right choice for clients that want to protect their assets.
“Wiz is all about visibility,” Shah said. “Visibility is good. Security is better.”
Wiz’s spokesperson disputed that notion, and said the company’s technology “helps organizations detect, prioritize, prevent and remediate issues.”
While Wiz is gaining traction against the industry stalwarts, it still has a long way to go. A KeyBanc first-quarter survey of technology resellers and channel partners showed that 28% of respondents viewed Palo Alto Networks as the best positioned cloud security vendor, while 24% picked Microsoft and 4% chose Wiz.
One big way Wiz has garnered name recognition so quickly is by discovering potential problems involving mass-market software. In March, Wiz disclosed a vulnerability in Microsoft’s Azure Active Directory sign-on service that would have enabled attackers to change the results people see in Microsoft’s Bing search engine. Microsoft fixed the issue and said that “no unintended access had occurred.”
Wiz has also found multiple vulnerabilities in Microsoft’s Azure cloud infrastructure, a product the company knows well because many of its customers use it. Rappaport also knows plenty about Microsoft, having sold his prior security startup, Adallom, to the company for $320 million in 2015.
The advantage Microsoft has, Rappaport says, is expertise in quickly assessing the risk of a threat and bringing in the right teams to deal with them.
“They have the most scars on their hand,” he said.
Sign up for our weekly, original newsletter that goes beyond the annual Disruptor 50 list, offering a closer look at list-making companies and their innovative founders.