Wiz (company) explained

Wiz, Inc. is an American cloud security startup headquartered in New York City.^[2] The company was founded in January 2020 by Assaf Rappaport, Yinon Costica, Roy Reznik, and Ami Luttwak, all of whom previously founded Adallom. Rappaport is CEO, Costica is VP of Product, Reznik is VP of Engineering, and Luttwak is CTO. The company's platform analyzes computing infrastructure hosted in Amazon Web Services, Microsoft Azure, Google Cloud Platform, Oracle Cloud Infrastructure, and Kubernetes for combinations of risk factors that could allow malicious actors to gain control of cloud resources and/or exfiltrate valuable data.

, Wiz employed about 1,995 people, with most sales and marketing personnel scattered across North America and Europe while most engineering personnel are based in Tel Aviv, Israel.^{[3] [4]} In August 2022, Wiz claimed to be the fastest startup ever to scale from $1 million to $100 million in annual recurring revenue (ARR), from February 2021 to approximately July 2022.^[5] In February 2024, the company claimed to have reached $350M in ARR, with a 45% market share of Fortune 100 companies.^[6]

History

Wiz was founded in January 2020 by Assaf Rappaport, Yinon Costica, Roy Reznik, and Ami Luttwak, all of whom previously founded Adallom.^{[7] [8]}

Wiz agreed to acquire Tel Aviv-based Raftt, a cloud-based developer collaboration platform, for $50 million in December 2023.^[9] In April 2024, the company acquired cloud detection and response startup, Gem Security, for around $350 million.^[10] Also that month, reports indicated that Wiz intended to purchase Lacework, but in May the deal fell through during the due diligence process.^[11] In November 2024, the company acquired security remediation and risk management startup Dazz for a cash-and-share deal valued at $450 million.^[12]

In 2024, it was reported that Google was in talks to buy Wiz at a reported valuation of $23 billion, but Wiz turned down the offer, in favor of going public.^{[13] [14]}

Funding

Wiz has raised a total of $1.9 billion from a combination of venture capital funds and private investors:

• Series A — In December 2020, Wiz emerged from stealth by raising $100 million from Index Ventures, Sequoia Capital, Insight Partners and Cyberstarts.^[15]
• Series B — In April and May 2021, Wiz raised $130 million and $120 million (respectively) on a $1.7 billion valuation from, Index Ventures, Sequoia Capital, Insight Partners, and Cyberstarts.^[16]
• Series C — In October 2021, Wiz raised $250 million on a $6 billion valuation^{[17] [18]} led by Greenoaks, and with participation from Insight Partners, Capital, Sequoia Capital, Salesforce Ventures, and CyberStarts, and individual investors Bernard Arnault and Howard Schultz.^[19]
• Series D — In February 2023, Wiz raised $300 million on a $10 billion valuation^[20] led by venture capital fund Greenoaks Capital, with participation from Lightspeed Venture Partners, along with individual investors including Bernard Arnault and Howard Schultz.
• Series E — In May 2024, Wiz raised $1 billion on a $12 billion valuation^[21] from Andreessen Horowitz, Lightspeed Venture Partners, Thrive Capital, Greylock Partners, Wellington Management, Cyberstarts, Greenoaks, Index Ventures, Salesforce Ventures, Sequoia Capital and Howard Schultz.

Research

Wiz researchers have discovered and responsibly disclosed numerous cloud vulnerabilities that garnered significant media coverage:

• ChaosDB – A series of flaws in Microsoft Azure's Cosmos DB that made it possible to download, delete, or manipulate databases belonging to thousands of Azure customers.^{[22] [23]}
• OMIGOD – Bugs in Open Management Infrastructure (OMI), a ubiquitous but poorly documented agent embedded in many popular Azure services, that allowed for unauthenticated remote code execution and privilege escalation.^[24]
• NotLegit – Insecure default behavior in the Azure App Service that exposed the source code of some customer applications.^[25]
• ExtraReplica – A chain of critical vulnerabilities found in the Azure Database for PostgreSQL Flexible Server that could let malicious users escalate privileges and gain access to other customers' databases after bypassing authentication.^{[26] [27]}
• AttachMe – A cloud isolation vulnerability that, before it was patched by Oracle Cloud Infrastructure, could have allowed attackers to access and modify other users' OCI storage volumes without authorization.^[28]
• Hell's Keychain – A first-of-its-kind cloud service provider supply-chain vulnerability in IBM Cloud Databases for PostgreSQL that, before it was patched, could have allowed malicious actors to remotely execute code in victims' environments.^[29]
• BingBang – A misconfiguration in Azure Active Directory (AAD) that allowed Wiz researchers to modify Bing.com search results in a way that malicious actors could use to steal Office 365 credentials granting access to countless users' private emails and documents.^[30]

Notes and References

1. Web site: Wiz eyes $20 billion valuation in potential $500-$700 million share sale . CTech . Calcalist . 26 September 2024.
2. News: Levingston . Ivan . Hammond . George . 2024-03-08 . Israeli cyber start-up in talks to raise funds valuing it at over $10bn . Financial Times.
3. Web site: Ben-David. Ricky. Israeli cybersecurity firm Wiz raises $250m, soaring to $6b valuation. 2021-12-27. www.timesofisrael.com. en-US.
4. Web site: 2022-03-17 . Cybersecurity has 53 unicorns. Here are 10 to watch . 2022-05-22 . VentureBeat . en-US.
5. Web site: 2022-08-10. Cloud security startup Wiz reaches $100M ARR in just 18 months. 2022-08-14. TechCrunch. en.
6. News: 2024-05-02 . Wiz reports $350m revenue in 2023, hiring 400 in 2024 . 2024-02-11 . Globes . en.
7. Web site: Novet. Jordan. 2021-03-22. A tiny security start-up founded by engineers who sold their last company to Microsoft is already worth $1.7 billion. 2021-12-26. CNBC. en.
8. News: Roof . Katie . Benmeleh . Yaacov . 2021-10-11 . Cyber Startup Wiz Raises Funds at $6 Billion Valuation . Bloomberg News.
9. News: Martin . Andrew . 2023-12-04 . Cyber Firm Wiz Buys Cloud-Based Developer Raftt in Roughly $50 Million Deal . Bloomberg News.
10. News: Garfinkle . Allie . 2024-04-10 . Wiz acquires Gem Security . Fortune.
11. Web site: Orbach . Meir . 2024-05-02 . Wiz deal to acquire Lacework collapses . 2024-05-16 . Calcalist . en.
12. News: Lunden . Ingrid . Wiz acquires Dazz for $450M to expand its cybersecurity platform . . 2024-11-21 . 2024-11-21.
13. News: Grant . Nico . Hirsch . Lauren . 2024-07-14 . Google Close to Its Biggest Acquisition Ever, Despite Antitrust Scrutiny . 2024-07-16 . The New York Times . en-US . 0362-4331.
14. News: Doan . Lynn . Love . Julia . Wiz Rejects Google's $23 Billion Offer, Seeks IPO Instead . July 23, 2024 . Bloomberg News . July 23, 2024.
15. News: 2020-09-12. Israeli cloud security co Wiz raises $100m. en. Globes. 2021-12-26.
16. News: 2021-11-10. Cloud security co Wiz raises $250m at $6b valuation. en. Globes. 2021-12-26.
17. Web site: Shulman. Sophie. 2021-10-13. Six reasons for Wiz's $6 billion valuation. 2021-12-26. CTECH - www.calcalistech.com.
18. Web site: Wiz unveils new security tool to protect code in development pipeline. 2021-12-27. TechCrunch. 8 December 2021 . en-US.
19. News: 2021-10-11. Wiz raises $250 mln, values Israeli cyber firm at $6 bln. en. Reuters. 2021-12-26.
20. Web site: Wiggers . Kyle . 2023-02-27 . Cloud security startup Wiz, now valued at $10B, raises $300M . 2023-04-16 . TechCrunch . en-US.
21. Web site: Rosenbush . Steven . 2024-05-07 . Cyber Startup Wiz Raises $1 Billion on Path to IPO . 2024-05-16 . Wall Street Journal . en-US.
22. Web site: ChaosDB Vulnerability Exposes Thousands of Microsoft Azure Databases. 2021-12-26. PCMAG. en.
23. Web site: ChaosDB vulns saw Wiz researchers utterly pwn Azure Cosmos. 2021-12-26. www.theregister.com. en.
24. Web site: OMIGOD: Microsoft Azure VMs exploited to drop Mirai, miners. 2021-12-26. BleepingComputer. en-us.
25. Web site: 2021-12-22. Microsoft notifies customers of Azure bug that exposed their source code. 2021-12-26. The Record by Recorded Future. en.
26. Web site: Microsoft fixes ExtraReplica Azure bugs that exposed user databases . 2022-05-20 . BleepingComputer . en-us.
27. Web site: msrc . Azure Database for PostgreSQL Flexible Server Privilege Escalation and Remote Code Execution – Microsoft Security Response Center . 2022-05-20 . en-US.
28. Web site: Oracle Cloud at one point would let you access any other customer's data . 2022-11-02 . The Register . en-US.
29. Web site: Montalbano . Elizabeth . 2022-12-01 . IBM Cloud Supply Chain Vulnerability Showcases New Threat Class . 2023-04-16 . Dark Reading . en.
30. Web site: Weatherbed . Jess . 2023-03-30 . Microsoft exploit allowed access to private Office 365 data . 2023-04-16 . The Verge . en-US.