Cybersecurity continues to be a major area for investment among businesses — and VCs. While a decline from the previous year, venture capital funding in the cybersecurity sector totaled $18.5 billion in 2022, according to Momentum Cyber.
The popularity comes in part from the rise in cyberattacks. Check Point Research reports that global cyberattacks increased by 38% in 2022 compared to 2021, and nearly nine in 10 company boards told Gartner in a recent survey that they view cybersecurity as a “business risk” rather than solely a technical or IT issue.
Plenty of startups have benefited from the boom. But one that’s done especially well is Wiz, a cloud security company founded by Assaf Rappaport, Ami Luttwak, Yinon Costica and Roy Reznik. Wiz today announced that it raised $300 million in a Series D round co-led by Lightspeed Venture Partners and Greenoaks Capital Partners, with participation from angel investors including Starbucks owner Howard Schultz and French business magnate Bernard Arnault, valuing Wiz at around $10 billion post-money.
Bringing its funding to nearly $1 billion ($900 million), CEO Rappaport says the new cash will be put toward product development and hiring well into the new year. “When we first launched Wiz, we set out to design a product with the world’s leading enterprises in mind, and all the complexity and operational considerations their dynamic cloud environments present,” he told TechCrunch in an email interview. “With Wiz, companies are developing a new maturity level in their cloud environments by improving security, increasing visibility and driving agility.”
“Explosive” is the right word. Wiz’s success in securing financing is impressive considering that startups are increasingly failing to command the high valuations that were common in past years. As per the aforementioned Momentum Cyber report, the value of deals in the cybersecurity sector in 2022 dropped by more than a quarter versus 2021. PitchBook data shows a decline in cybersecurity valuations at the seed and Series A stages in particular.
New York-based Wiz — which claims that it’s the world’s largest cybersecurity unicorn and the fastest software-as-a-service company to achieve a $10 billion valuation — was founded in March 2020. The initial team worked together for over 20 years including as Microsoft’s cloud security group leads and as the co-founders of enterprise cybersecurity firm Adallom, which was acquired by Microsoft for $320 million.
Rappaport was previously the GM at Microsoft’s Israel R&D department, where Luttwak was the CTO. Costica, for his part, was the partner director of product management at Microsoft’s cloud security division.
Rappaport, Luttwak and Costica worked alongside Reznik at Adallom, and all joined Microsoft after the acquisition.
Wiz, like other cloud security platforms, analyzes infrastructure hosted in public cloud services such as AWS, Azure, Google Cloud and more for risk factors that could allow hackers to gain control of assets and obtain sensitive customer data. The company maintains a “security graph” that correlates information across the different areas that a company’s trying to protect, whether that’s the network, identity, secrets or workloads.
“This new approach to cloud security disrupts the agent-based security model and utilizes an agentless, API-centered approach to seamlessly scan cloud workloads,” Rappaport said. “Wiz said goodbye to contextless alerts and, instead, at the heart of the product lies the Wiz security graph.”
By showing these correlations, Wiz argues that it can help plug security holes and find issues much faster than rival solutions.
“Wiz shows every C-level the risk level of each application running in their cloud,” Rappaport continued. “The risk alerts are actionable, allowing developers to focus on fixing the critical most issues and for managers to understand their risk across the different teams and apps.”
That’s a lot to promise, though — particularly in light of just how large and diverse the market for cloud security solutions is today. Sentra, which finds data in the cloud and offers remediation plans for data security teams, raised $30 million in January. Cloud infrastructure security startup Gem Security landed $11 million in February. There’s also Dig Security, Laminar and Opus Security — cloud security orchestration and remediation platforms that have between them raised tens of millions of dollars in capital.
Beyond the uptick in breaches, the widespread move to the cloud is motivating the fundraising and market expansion. A 2021 survey from O’Reilly shows that cloud adoption is steadily rising across industries, with 90% of organizations now using cloud computing — up from 88% in 2020. A separate report from PwC finds that 74% of executives are deeply involved in cloud strategy, with 70% saying they’re making cloud-related talent and upskilling decisions.
Very predictably, cloud adoption has opened up companies to risks that they didn’t necessarily anticipate. In its 2022 poll, the Cloud Security Alliance (CSA) revealed that 67% of organizations store sensitive data in public cloud environments. And according to the CSA’s poll from the previous year, cloud issues and misconfigurations — including cloud provider issues and security misconfigurations — are the leading causes of data breaches and outages.
“Cloud is the biggest transformation to InfoSec since inception, changing the way organizations deliver and ship software,” Rappaport said. “Cloud development is decentralized by nature, with decentralized infrastructure and development, and enabling organizations to build faster than ever before. Security organizations need to change their operation model to support the dynamic and decentralized nature of cloud, and address the unique challenges cloud presents around exposure and pace of changes and attacks.”
Wiz’s product sort of sells itself, then. In fact, Wiz claims to be the fastest company ever to $100 million in annual recurring revenue (ARR), scaling from $1 million to $100 million in ARR in just over 18 months (from February 2021 to approximately July 2022). The company now counts 35% of the Fortune 100 among its customer base, including BMW, Morgan Stanley, Salesforce, Slack, Colgate and Blackstone.
To accommodate the growth, Wiz has invested heavily in hiring, expanding its workforce from roughly 500 in summer 2022 to 650 today across offices in Austin, Dallas and Washington, D.C. Short of an IPO, the plan is to double Wiz’s workforce by the end of the year and continue growing in the U.S., Rappaport says, including public agencies within the federal government. (The office in Washington, D.C. is no doubt a part of that plan.)
“Wiz is rapidly becoming the center of the cloud security ecosystem,” Patrick Backhouse, a partner at Greenoaks, said in a press release. “Just two years ago, securing the cloud environment meant relying on a scattered collection of point solutions and add-ons. But today, Wiz has built a comprehensive cloud-native platform that gives customers actionable insights within minutes, showing them their areas of vulnerability, the risks they face, and how to resolve them. We rarely see a business gain traction or garner customer love so quickly, and we are thrilled to partner with Assaf and his team as they pursue the next chapter in their journey.”