Wiz: The Story of Cloud Security Decacorn

🚧What is Wiz?

Wiz, a plucky new startup in cloud security, just turned a decacorn. But what makes it so special?

Wiz beat a host of other successful companies, including others in cybersecurity, to this feat.

Wiz only took 3 years to become a Decacorn

Top speed to $10bn: Wiz

Wiz funding timeline was extraordinary. It drove up its value 11-fold in a matter of 10 months since inception and became the fastest company to hit $10B in value, in 2022

• $100M in Series A at $500M valuation in Dec 2020

• $130M in Series B at $1.3B in the next 3 months

• $500M in Series C at $6B in the next 8 months

• $300M in Series D in the next 7 months to hit $10B

Wiz has outpaced all other vendors in this space, most notably the leader, Palo Alto Networks. It grew by triple digits every quarter, hitting $100M in ARR in just 18 months—faster than any other security company in history.

$100M ARR in 18 months

Wiz’s advanced technology has garnered rave reviews from the cybersecurity community, with over 35% of the Fortune 100 backing it. Top-notch brands such as BMW, Chipotle, and Morgan Stanley, as well as Atlassian, rely on Wiz's actionable insights to keep their clouds secure.

As businesses increasingly shift their operations to the cloud, Wiz is indispensable for teams to safeguard their data.

But how did Wiz get here? This short story explores the background of its founders, what makes it so successful, and how it has become a must-have in the toolkit for modern engineering teams.

🚧 Who is behind Wiz?

Wiz was started by Assaf Rappaport, an alumnus of Unit 8200 (the Israel Defense Force’s renowned cyber intelligence unit), together with his army buddies. But their journey to cloud security was a pure accident.

They started Adallom before Wiz, back in 2012. Their intention was to keep it private and out of the hands of VCs, who they thought could just “take over” their company. Israel was the cyber security factory for the world, with VCs hunting graduates of the 8200 unit like scarce bitcoins.

Enter the Gandalf to the Frodo (Assaf) of our story: Gili Rannan.

Gili worked with Sequoia back then and chased Assaf with all his passion. Assaf, knowing who Gili was, never took his calls. In fact, stood him up once in arrogance. But Gili persisted like a man on a mission, convincing Assaf to join him for breakfast (Gili foxed Assaf by changing his number which Assaf picked by mistake)

This Friday breakfast meeting turned out to be an “ambush.” Instead of just meeting Gili, there were 16 partners from Sequoia’s offices in the United States and Israel, managing partner Doug Leone, the head of Sequoia worldwide, who has been called ‘the godfather of Silicon Valley.’

Assaf went unprepared, could not share anything about their business plan. The delegation was visibly unimpressed. But Gili had other plans. He took Assaf aside after the presentation.

Gili: Assaf, your presentation was one of the worst ones I've ever seen, and the idea just made no sense. But we want to offer you $5 million because we know you have the right team.

Assaf: Ok Gili. But if you did not like the idea, why offer us the money?

Gili: We will help you get the right idea. We will make you talk to the best security folks and CISOs in the world. 40% of companies listed on Nasdaq are Sequoia companies.

Assaf: And what should we do?

Gili: Just listen. Let the market speak.

Assaf: Ok, we can do that.

Assaf listened, and listened well. Within four months, he zeroed down on cloud security, and Adallom was born—a cloud technology that controls access to SaaS applications. It was eventually sold to Microsoft for $320 million in 2015, and Assaf took it to $1B+ in 3 years.

🚧 What made Wiz so successful?

Running Adallom and then the security group at Microsoft helped Assaf understand the security problems of large organisations up close. By late 2019, the world was moving from on-premises IT to the cloud.

But these migrations were painful and fraught with security risks. Assaf read how one team, when migrating all their services to the cloud, left an orphaned S3 bucket with unrestricted SSH access that was scanned and attacked by a hacker, losing critical customer data in minutes.

He understood the single biggest opportunity for security lay in protecting the cloud environment, which had all the customer data, their “crown jewel.”

Wiz the compound startup with exceptional founder market fit

Then COVID hit, and almost every team accelerated this transition. But the number of data breaches hit the roof.

About a third of these happened because of human error or a lack of expertise with DevOps teams. But security teams were struggling with solution overdose. Assaf saw this as his window.

Assaf then executed the toughest hand known in the startup world: he built Wiz with not one but four products that solved everything around cloud security ‘The compound startup’.

Wiz the compound startup with exceptional founder market fit

Before Wiz, developers and security teams had differing views on their cloud risks because organizations used disconnected tools that sent jumbled, isolated alerts to teams.

Wiz created a single platform, called CNAPP that unified all such security tools. It could be rolled out in minutes via an agentless, API-centered approach to seamlessly scan workloads and give organizations full visibility of their cloud environment.

🚧 What makes Wiz so critical for modern security teams?

If you are a fast-growing business in banking, financial services, fintech, insurance, or e-commerce and use a mix of public cloud services, there are high chances you will be the next cybercrime victim.

There are 3 simple questions that you can ask your DevOps or engineering teams to answer for you.

1️⃣: Are you sure if your customer data is safe in your cloud? Your user data could be spread across hundreds of data buckets. Does your team know what data is stored where? 47% of orgs have at least one such bucket exposed to internet. Sensitive data like PII, PHI, and PCI can be exfiltrated in minutes by hackers who scan clouds for public exposure through automated scripts. Are you sure you are not just one successful scan away from losing your data?

2️⃣: Are you sure your cloud environments are not at risk of access violations? Your DevOps might be spinning up new resources (VMs, containers, object storage, etc.) every second, granting permissions without much thought. Excessive permissions give attackers admin-like access to public workloads, leading to data breaches, service violations (i.e., taking over cloud resources), and resource exploitation. Your Permissions = Your Attack Surface?

3️⃣: Are you sure your secrets are secure across all accounts, users, and workloads? Your cloud posture could be very wide. AWS has 100+ services across computing, resources, data, storage, and more. A small misconfiguration across the database, servers, or network can cause complete application takeover (DDoS) or even ransomware or malware attacks. Are you sure your cloud accounts across Azure, GCP, and AWS are safe?

Wiz secures everything from networks and identities to secrets and workloads with a single tool.

Teams need zero to negligible experience in setting up and using Wiz but a single view across all their environments. Even if new resources are spun, Wiz quickly protects them without asking teams to change anything

Cloud security is a burning issue for organisations scaling rapidly in the cloud, and Wiz has created a smart, no-hassle solution that has become a must-have in the toolkits of all CTOs and CISOs.

TechVerse is our personal itch to discover exciting new tech products. Share these stories with your friends or colleagues here on Twitter or WhatsApp.

Cheers,

Team TechVerse

---