[HN Gopher] Google to buy Wiz for $32B
___________________________________________________________________
Google to buy Wiz for $32B
Author : uncertainrhymes
Score : 355 points
Date : 2025-03-18 12:18 UTC (10 hours ago)
(HTM) web link (www.reuters.com)
(TXT) w3m dump (www.reuters.com)
| upcoming-sesame wrote:
| Looks like they already have the Gemini logo so integration
| should be simple
|
| https://en.m.wikipedia.org/wiki/Wiz_(company)#/media/File%3A...
| jumperabg wrote:
| Interesting, could it be that their software is built by
| Gemini, the acquisition is managed by Gemini, and the Gemini in
| Google made a $32B deal with the Gemini at Wiz?
| sidcool wrote:
| Wow. That's a huge amount for Cybersecurity.
| mmaunder wrote:
| Anyone got a sense for where the value is in Wiz? Revenue? IP?
| Any customers here?
| datadrivenangel wrote:
| People seem to really enjoy their product, which is very
| uncommon in the Enterprise Security Tools space.
| airstrike wrote:
| Next year's revenue estimated to be $1B, so definitely real
| money there but that doesn't speak to _value_... 32.0x is wild
| mmaunder wrote:
| Thanks
| dhx wrote:
| Data for nation state espionage and industrial espionage?
|
| Whoever owns Wiz obtains read only access to large company and
| government cloud networks. Even in the Wiz outpost model where
| the scanning engine is deployed into the user's own cloud
| network, results from scans are sent back to Wiz Cloud, and
| this includes sensitive information such as "Installed
| packages, Exposed secrets, Malware detection".[1] For an
| example real world deployment, GitLab SaaS public documentation
| expects the "Wiz Runtime Sensor" to be installed in every
| container.[2] This Wiz software requires highly elevated
| privileges to a level that the GitLab security risk assessment
| only briefly describes.[3]
|
| The data Wiz collects on customers appears to allow answering
| of queries such as:
|
| 1. Which containers of government agencies in country X have
| the xz-utils library installed? Of these containers, what other
| software is installed alongside? How many of these containers
| are exposed to the Internet, directly or indirectly?
|
| 2. Which government agencies in country X have a publicly
| exposed service vulnerable to CVE-20xx-xxxx?
|
| 3. For top 200 companies, plot the popularity of AWS or Azure
| service ACME123 over the past 12 months compared to competing
| Google service ACME456.
|
| Aside from security risks of having sensitive information of
| entire governments or large organisations hoovered up by Wiz,
| use of the "Wiz Runtime Sensor" also includes the risk of an
| incident similar to the failed CrowdStrike Falcon Sensor update
| of 2024.
|
| The criticisms above are not specific to Wiz. There are many
| other competing products/services with similarly poor
| architectures and lack of protection of sensitive IT system
| information of governments and large organisations.
|
| [1] https://cloud.google.com/architecture/partners/id-
| prioritize...
|
| [2] https://gitlab.com/gitlab-com/gl-
| infra/readiness/-/tree/mast...
|
| [3] https://github.com/wiz-sec/charts/blob/master/wiz-
| sensor/tem...
| 1970-01-01 wrote:
| One wonders if $32B spent "pluggin' up the holes" would
| accomplish more. A lot of open source code could be rewritten at
| this price point.
| awill wrote:
| But not by tomorrow. Google is trying to pay their way into
| cloud leadership. Because they can't catch up organically.
| jordanb wrote:
| They're paying mostly for Wiz's customer book, who they will
| quickly alienate and drive to competitors.
| _countzero_ wrote:
| Paying $32 billion dollars for a customer book with no
| network effect is insane
| warkdarrior wrote:
| A lot of "holes" are misconfigurations. Not sure how rewriting
| open source code helps with that.
| eitally wrote:
| Imho, and as a xoogler who's been in Google Cloud's ecosystem the
| past few years, Google Cloud's three big focus areas have been AI
| (this is an evolution from their historical focus on data, then
| also analytics), Distributed Cloud (Anthos++) and security (post
| the Mandiant acquisition). They'll never be able to compete on
| base infra, given their late entry into the game, lack of
| presence in certain markets, and the lock the competition has in
| some industries (Azure in industrial/mfg, AWS in pharma, etc),
| and they know that, so they've lately been focused on what they
| believe they can control. One of those things is the narrative
| that Google Cloud is the most secure cloud.
|
| It shouldn't be overlooked that acquiring Wiz is also a way for
| Google to secure a beachhead in half the Fortune 100, many of
| which are "enemy" territory.
|
| The price is high, but there aren't many options available and
| Wiz has the advantage of being built on Google Cloud natively,
| and already have Marketplace integrations completed.
|
| https://cloud.google.com/customers/wiz
| mrweasel wrote:
| I can't help feel like this will be rolled into GCP and quickly
| lose support for Azure and AWS and then just die. That's a lot
| of money to spend to kill off a business.
| arccy wrote:
| GCP has been doing more multi cloud stuff lately though:
| Anthos for K8s in other clouds, BigQuery Omni for bigquery in
| other clouds
| ABS wrote:
| that would immediately shed half the value of the company and
| Google would need to book a huge loss
|
| e.g. half of Fortune 100 use Wiz and I assure you most of
| them do not use GCP (or do not use only GCP)
| Miraste wrote:
| That hasn't stopped them before. Fitbit and Nest, for
| example. Granted, this is an order of magnitude more money
| to waste. Maybe they'll come up with a better strategy this
| time.
| mattzito wrote:
| Neither of those are enterprise products, though. Looker,
| as a better comparison, is still available on AWS and
| Azure.
| Keyframe wrote:
| _half of Fortune 100 use Wiz_
|
| gonna need a citation on that. All I could find was their
| own quotes.
| summerlight wrote:
| I don't think that makes much sense in business. They want to
| move customers from competitors and as an underdog you need
| to provide some migration path. You don't get these kind of
| system integration freely. Provide your service in
| competitors to smooth their transition path but keep the
| latest and best features in GCP. This was the idea of k8s.
| zoogeny wrote:
| I'm slightly baffled by this acquisition but arguing against
| you actually helps me make some sense of it.
|
| If Google wants to be "the best of the best" at security and
| some set of potential customers use Wiz as their "best of the
| best" security, then this is a way to convert those customers
| to Google.
|
| Consider some org that prioritizes security, like at the
| board level. They maybe don't really care about the nickel
| and dime cost of AWS vs. Azure vs. GCP since it comes out to
| 10s or 100s of millions of opex in the end. What they do care
| about is the cleanest record possible with respect to
| security. And Wiz is a key component to their position on
| security that is communicated to investors - it is a social
| proof that they are taking security very seriously.
|
| This now becomes a tool for Google when trying to win their
| business. By degrading the value of Wiz on
| AWS/Azure/Oracle/Salesforce they are taking away that bullet
| point on security for a subset of competitors customers. And
| that may entice some of them to move their entire cloud
| service to GCP. So whatever revenue they lose on the Wiz side
| from a dozen or so cancellations they would hope to make up
| with a few 100 million dollar whales.
|
| I just find it hard to believe that enough whale level cloud
| compute business will be generated in this way to justify
| $32b. This is really the best take I have on the acquisition
| and it feels unsatisfying, as if there is some other decisive
| information that would provide a justification for such a
| valuation.
|
| Maybe there is some government mandate coming down the
| pipeline that isn't very public yet? Some kind of legislation
| that will force companies to adopt stricter security
| policies? That could precipitate the kind of changes that
| would justify this kind of massive valuation.
| belter wrote:
| > a way for Google to secure a beachhead in half the Fortune
| 100
|
| If that is their objective, they will fail again, since this is
| the land of good account management. Being able to call
| somebody on the phone if required. Something AWS excels on,
| Microsoft a little bit, while Google is rumored to have humans
| working there, but they are rarely seen.
| scarface_74 wrote:
| This is such an underrated weakness of Google. When I was
| working at AWS ProServe, we never even took GCP as a serious
| competitor. Their customer service, acount management and
| enterprise sales team was so horrendous it was laughable.
|
| I don't think we even had talking points about why AWS was
| better than GCP like we did Azure.
| ABS wrote:
| what drives me mad is that it's not even underrated!
| everyone knows, everyone has been talking (and complaning)
| about this for something like 15 years!
|
| I personally know of 2 big GCP customers who, over the
| years, left GCP because of this and the impact it had in
| critical situations. This very feedback was given in both
| cases to people considerably high up on GCP's ladder and...
| nothing's ever changed.
|
| I'm sure plenty other big migrations off GCP provided the
| same feedback, to no avail.
|
| When Diane Greene first and then Thomas Kurian became
| Google Cloud CEOs people thought that finally, due to their
| previous experiences in very Enterprise-aggressive
| companies, they would improve massively on that front.
|
| Did they improve the situation? a bit. Massively? bringing
| GCP finally on-par with anyone else (not better than anyone
| else, just... the same)? nope, not even close.
| otterley wrote:
| Google is, at its core, an advertising company that tries
| to disguise itself as a technology company. When
| necessity calls, they will undoubtedly elect to divert
| resources towards their core business and away from their
| hobby projects (which GCP is).
| chairmansteve wrote:
| Yep. That is top of my list when choosing a cloud provider.
| Thorrez wrote:
| >and security (post the Mandiant acquisition)
|
| As a Googler who works in GCP security, security has been a key
| differentiator for GCP long before the Mandiant acquisition.
| Google invented BeyondCorp (a primary driver of Zero Trust).
| Google helped create security keys (U2F, FIDO, Webauthn), and
| was I think the first major company to adopt them, both for
| employees, and for consumers. Google was one of the first major
| companies to offer a bug bounty, in 2010. Google's Project Zero
| searching for vulnerabilities in other
| companies'/organizations' software I think was pretty much
| unprecedented when it was created. Look at the number of times
| other tech companies get hacked compared to Google. Google got
| hacked in 2009 by China (I believe that was the first time a
| major company admitted to being hacked by government). That was
| a major turning point. Ever since then it's been "never again".
|
| Disclosure: my thoughts are my own.
| belter wrote:
| > Look at the number of times other tech companies get hacked
| compared to Google.
|
| Your whole post is confusing Security of the Cloud with
| Security in the Cloud. And conflating GCP with Google but
| those are just examples of why GCP has such a small market
| percentage.
| ignoramous wrote:
| To me, the security posture of Android (esp, the Pixels) &
| Chromium stands out as an outstanding contribution to
| humanity (given the reach of both those platforms).
|
| > _Google got hacked in 2009 by China (I believe that was the
| first time a major company admitted to being hacked by
| government)._
|
| Do they mind if they're _legally_ "hacked" by a (Western)
| govt? All that security sophistication couldn't prevent LEAs
| from owning us all, unfortunately:
| https://therecord.media/google-refuses-to-deny-it-
| received-u... / https://archive.vn/mzZtI
| jopsen wrote:
| Having previously used AWS, I would also say that GCP IAM is
| much better.
|
| Yes, it's a lot less flexible than AWS IAM, but complicated
| IAM policies with conditions and stuff can be really hard to
| reason about.
|
| Disclosure: my thoughts are my own.
| bfeynman wrote:
| That is insane. AWS has more complicated policies, GCP
| literally lacks ability to even have easy security posture
| in many cases.
| decimalenough wrote:
| That's quite the claim, can you provide an example?
|
| GCP is permissive out of the box and things like the
| Compute Engine service account having the basic Editor
| role by default is a bit of a footgun, but they're
| trivially turned off.
| kccqzy wrote:
| Even before the Mandiant acquisition they integrated Chronicle
| into Cloud. It's clear that they were focusing on security very
| early on.
| CannoloBlahnik wrote:
| Nobody Beats the Wiz is great, but $32B is so much money.
| LgLasagnaModel wrote:
| Could have gotten a better deal for Crazy Eddie
| buildsjets wrote:
| The Craziest part about Eddie was his business plan. Steal
| from your own company for 10 years, take the company public,
| gradually reduce your stealing over the course of 5 years to
| show a rapidly increasing profit margin, sell company to a
| hedge fund and cash out the profit. Then, go to jail for 8
| years.
|
| https://www.financialpipeline.com/financial-scams-the-too-
| cr...
| whitepoplar wrote:
| Can anyone with security expertise clarify what Wiz actually
| does? Is it a legitimate company or is it fuzzy consultingware?
| itscrush wrote:
| Wiz uses various API's via read access in your
| accounts/orgs/subscriptions to assess risk of configuration.
|
| They also snapshot your disks, cloning them to Wiz accounts to
| provide secrets scanning / vuln scanning / etc against your
| infra.
|
| These resulting risks / findings are scored and provided in
| their SAAS Wiz console via dashboards / APIs / integrations
| with remediation guidance.
| xorcist wrote:
| > They also snapshot your disks, cloning them to Wiz accounts
|
| I can see how that could be worth $32B.
| shakna wrote:
| They were the one's to first report on DeepSeek's recent data
| leak, and they've found a few others.
|
| One exploit I remember Wiz finding was "ChaosDB". A flaw in
| Microsoft's Cosmos DB allowed anyone to use the default-enabled
| Jupyter Notebook to basically dump and modify anyone's
| databases, without authentication. Full admin access.
| InkCanon wrote:
| Would also be interested in this. I don't know anyone who uses
| Wiz. Google says they had 350 million in revenue last year,
| aiming for 1 billion this year. So 100x revenue TTM. Crazy
| stuff.
| airstrike wrote:
| FYI we don't really value companies on a TTM basis so 32.0x
| Revenue would be the right multiple to quote
| stego-tech wrote:
| That's because A) big companies that use it don't really like
| bragging about their security tooling, lest it be used to
| better profile their infrastructure by attackers, and B) it's
| basically enterprise-only and insanely expensive.
|
| Source: worked for a large enterprise company that used it,
| and I loved it. Phenomenal tool, will be a shame to see it
| die (or at least its non-GCP aspects wither and die) under
| Alphabet's ownership.
| jerrygenser wrote:
| Basically give it read access to your cloud account, and it
| will scan all of the resources to identify potential miss-
| configurations. Identifying CVE in software is one thing, but
| it's identifying incorrectly configured resources that would
| otherwise be secure can dramatically reduce the risk surface.
|
| A lot of cloud providers already have little hints like "hey -
| did you mean to create this account in God mode?" or "It is
| recommended not to create this god mode json key file" - Wiz is
| taking this to the next level of detail
| marcus0x62 wrote:
| It is a very legitimate tool. It identifies misconfigurations
| and vulnerabilities in cloud deployments. Anything from a
| container with a known-vulnerable package in the manifest to a
| workload with improper firewall rules.
| stego-tech wrote:
| It's a security-as-a-service platform that monitors whatever
| clouds or systems you plug into it for security
| vulnerabilities, but is built specifically for public cloud
| service providers and their workloads. I quite liked the
| product, as it would notify my team of erroneous
| configurations, outdated AMIs, exposed ports, vulnerable
| workloads, and whatever custom policies we setup (e.g., SSH
| open between VPCs in AWS, rather than via a Jumpbox).
|
| I loved the product when I used it (huge improvement over
| Nessus), and am immensely disappointed Google owns it as it
| means I'll have to find something else going forward. This is
| the sort of acquisition a regulator should block, because Wiz
| really is best-in-class at what they do for every cloud they
| support, and customers benefit more from it being agnostic.
| wil421 wrote:
| My last company used it to complement other cloud security
| scanning products. It's probably a bit of an understatement to
| call it a scanning tool. It was easy to integrate with our
| other systems so we could assign vulns to different teams.
| aswerty wrote:
| Wiz seems to only be about 4 years old, as per wikipedia. That
| valuation in such a short amount of time surely must be some kind
| of record? Or am I missing something?
| InkCanon wrote:
| ~5 years by now. But there is a bit of fine print. The founders
| all founded another cloud security company in 2010, which was
| acquired by Microsoft. They were all graduates of Israel's
| famous Unit 8200. So while the literal company was founded in
| 2020, it is very likely a lot of both the knowledge, expertise
| and quite possibly product was already in development before
| it.
| shmatt wrote:
| yes, every 8200 founder i know already has the next product
| ready to launch in alpha the day after the time limit on
| their previous acquisition runs out
| jerlam wrote:
| You joke, but something similar happened at my old company,
| and I suspect it's relatively common for serial
| entrepreneurs.
|
| The founders, who are now flush with cash, time and ideas;
| are quickly speedrunning the steps creating their previous
| company, in the same market, but now with more access to
| capital and employees from their previous company who would
| rather work for a startup than a large conglomerate, while
| fixing all the mistakes from their previous venture.
| InkCanon wrote:
| I 90% meant that it was the skills, industry knowledge and
| connections/reputations they built before Wiz, but it is
| true that most companies are conceived and planned far
| ahead of their actually registrations. Sensible people
| don't exactly just quit their jobs and start a company in a
| few days. They conceive, do research, discuss and (I
| suspect in Wiz's case) prototype before they commit. Its
| definitely a smart move, there's a very real valuation and
| PR advantage if you delay your actual founding, so your
| time to X revenue looks shorter.
| rvnx wrote:
| Not sure if it's a very wise move to hire foreign
| intelligence offers and give them access to the core of your
| tech products and to the customers data.
| guappa wrote:
| Probably the entire company's purpose is to gain access to
| secrets.
|
| Anyway, Chomsky claims that there's 0 distinction between
| USA and Israel, so if you see it from that point of view,
| it makes little difference.
| blackhawkC17 wrote:
| A dumb conspiracy theory. Israel has mandatory
| conscription (barring some cases), and many of the smart
| ones are recruited into Unit 8200. It's not surprising
| that they go on to start cyber companies once
| conscription ends, given that's a major focus of the
| Unit.
| shilgapira wrote:
| "But Chomsky said so!"
| rvnx wrote:
| "conspiracy". When you meet employees of such companies
| they brag about it and sometimes even do special tricks
| through their contacts to impress you.
| megous wrote:
| For me it's enough that if Chinese intelligence officers
| were founding software security companies, I'd not use
| the product. It's the same idea for Israel. Conscription
| just makes it worse, because more of their citizens are
| then suspect.
|
| Not supporting people who take part in the crime of
| persecution, is a nice side effect.
| myth_drannon wrote:
| only 2 out of 3 are 8200 alumni.
| drcongo wrote:
| That's a _lot_ of speed.
| amazingamazing wrote:
| Google has some amazing negotiating skills - paying 50% more for
| something they literally tried to get not even a year ago...
| (they tried to get it at 23 billing not even a year ago)
|
| https://news.ycombinator.com/item?id=41042034
|
| That being said, Instagram and WhatsApp were expensive for
| Facebook and those ended up being a steal. Time will tell, as
| usual.
| scarface_74 wrote:
| The difference is that Google is the worse product company
| among the big tech companies. It's like the modern day Yahoo! -
| where acquisitions go to die.
| apercu wrote:
| I don't know man, iPhones and Macs are really buggy,
| bloated/full of unnecessary features, and user hostile.
| Microsoft products are also hot garbage. The cars we get to
| pay tens of thousands (or even hundreds) are pretty much
| garbage now. It's not just Google.
| scarface_74 wrote:
| I am not talking about opinions on quality. I'm talking
| about objective measures in introducing a new product that
| moves the needle as far as revenue/profit and market share
| that is not cancelled quickly
| bigyabai wrote:
| Again, the parent's point stands. Apple is not changing
| the game with Apple Vision Pro or Apple Intelligence.
| Microsoft isn't getting accolades for Windows 11 and
| Copilot. It's not always smart to bet the farm on a
| product that nobody wants to pay for.
|
| Objectively speaking Google is one of the few companies
| that saw where the puck was headed and skated there. They
| built TensorFlow, they sponsored serious local AI
| research. Now they build their own in-house training and
| inference hardware. Relative to the struggling we see
| from the rest of FAANG, I would argue Google is perhaps
| the only successful competitor left. I despise their
| monopoly abuse of AdSense, but they're not going to be
| effectively prosecuted with protectionist American policy
| defending them. Google "won" the services sector and now
| everyone and their mother is butthurt.
| scarface_74 wrote:
| TensorFlow is a _technology_ not a product. Having things
| in a "research" lab are not products. What _product_ have
| they introduced in the past decade? 15 years? Android is
| the only one that has gotten any meaningful traction.
|
| Does Google have a better LLM based _product_ than
| OpenAI's ChatGPT? Well personally for my use case,
| NotebookLM is better for some things. But it isn't a
| better product for most people.
|
| Androids position is so bad in the market as far as
| convincing consumers with money to buy one, Google has to
| pay Apple $20B+ a year to be the default search engine. I
| wouldn't be surprised if Google pays more to be the
| default search engine on Apple devices than Google makes
| in mobile for Android.
|
| From a consumer standpoint, Android has seen declining
| market share in the US, the Nest acquisition is
| floundering, Stadia was a failure, Pixel ships about the
| same number in a year that Apple ships iPhone in a a
| couple of weeks, WearOS has gone nowhere, no real tablet
| strategy (I Chromebooks have been a success in education
| so that's kind of a mitigating factor), their tv strategy
| has pivoted a half dozen times, their messaging app
| strategy is schizophrenic (they had 5 separate messaging
| apps simultaneously at one point), AI summaries for
| Google search are half baked.
|
| On the business side, GCP is just pathetic. I don't mean
| as far as technology. But their account management,
| enterprise sales team and customer service is lackluster.
| I mentioned in another comment that when I worked at AWS
| ProServe, we never considered them a serious competitor.
|
| GSuite has gained some traction in smaller companies. But
| hasn't made a dent in government and enterprise where the
| real money is.
|
| Look at Microsoft and Apple's product mix as far as
| successful profit generating products and compare that to
| Google's.
| jll29 wrote:
| > Android is the only one that has gotten any meaningful
| traction.
|
| In my book, Android doesn't count as a Google product, as
| it was a 2005 acquisition:
|
| https://www.androidauthority.com/google-android-
| acquisition-...
| scarface_74 wrote:
| Almost every part of the iPhone is also based on
| acquisitions. Android was a bad BlackBerry knock off
| before Google acquired. Android as it exists today is
| mostly Google.
|
| YouTube and even AdSense were based on an acquisition.
|
| Heck, Apple as we know it today was based largely on the
| Next acquisition.
| jordanb wrote:
| Turns out McKinsey is really bad at business and letting a
| McKinsey ghoul run your company is a good way to run it into
| the ground.
| jtgverde wrote:
| GOOG is up ~152% since Sundar took over...
| _countzero_ wrote:
| Not the flex you think this is.
| dcchambers wrote:
| Since Sundar took over as CEO at Google (August 10, 2015):
| - Google is up 5.2X - I am not sure how you got 152%
| - Apple is up 10X - Microsoft is up 8.25X -
| Netflix is up 7.45X - Amazon us up 7.28X -
| Facebook is up 6.27X
|
| Google has the worst returns in ten years of the FAANG(+M)
| companies. A 5X increase in ten years is still phenomenal,
| but it's important to not look at that number in isolation.
|
| And for fun: - Nvidia is up 207X -
| Intel is down 12% - The S&P 500 is up 2.72X
| scarface_74 wrote:
| Microsoft was also up by leaps and bounds when Ballmer was
| in charge and RIM had its highest market cap in 2010 -
| three years after the iPhone was introduced.
|
| That has nothing to do with whether Google has the ability
| to create new great products and it has failed miserably at
| that over the past decade.
| ebiester wrote:
| This is meant to be politically-neutral commentary: this deal
| doesn't happen without a Republican in office that will squash
| the antitrust bent that the Biden administration started.
|
| It's also possible the last Wiz deal happens without the
| antitrust swirling over Google.
| Workaccount2 wrote:
| Depends on how many complements Google gives the emperor on
| his clothes. The DOJ reiterated selling off chrome last week,
| so it's not off the table.
| walterbell wrote:
| Some policy is being continued,
| https://natlawreview.com/article/antitrust-under-trump-
| initi...
|
| _> FTC Chairman Ferguson and Omeed Assefi, Acting Assistant
| Attorney General of the DOJ's Antitrust Division, announced
| on February 18, 2025, that the FTC and DOJ will continue to
| use the 2023 Merger Guidelines as the framework for their
| merger review process._
| SJC_Hacker wrote:
| Rump likes to play favorites and use any power at his
| disposal to hurt his political / personal enemies or people
| he thinks don't "respect" him enough. He also is a fan of
| extorting people.
|
| So I wouldn't count on it based on some generic "pro-
| business" position. Google is going to have to kiss the ring
| one way or another.
| kats wrote:
| Yeah, but Instagram and WhatsApp have billions of users.
| Everybody has heard of them. Advertising on Instagram generates
| revenue.
|
| Wiz is a SaaS b2b startup. Even on a forum for startups most
| people haven't heard of them.
|
| Wiz reportedly has a revenue of 750m. It would take Google 30
| years or more to break even on this deal. But like all bs
| startups Wiz will fade into irrelevancy 6 months after being
| acquired.
|
| Google is getting completely scammed.
| totallyunknown wrote:
| This: "But like all bs startups Wiz will fade into
| irrelevancy 6 months after being acquire"
| nosefrog wrote:
| Nobody thought Instagram and WhatsApp were good acquisitions
| at the time.
| askafriend wrote:
| Instagram was roughly 10 people when it got bought, had less
| than 30M users and $0 in revenue.
| Klaster_1 wrote:
| Kinda confusing given Wiz is also a Google internal frontend
| framework.
| azangru wrote:
| They want more wizes
| ceva wrote:
| big tech should be forbidden of purchasing anything, especially
| big 5
| coldpie wrote:
| The voters disagreed and elected an extremely big tech friendly
| government.
| guappa wrote:
| I'm sure that didn't factor in at all in why the voters voted
| what they voted.
| blitzar wrote:
| This represents 32 billion good reasons to build products to
| serve big techs platforms and customers.
|
| Sherlocking is obviously the risk.
| yathaid wrote:
| The Trump admin has shown the same attitude as the Biden admin
| when it comes to mergers. So why do they think the merger will go
| through this time?
| kmfrk wrote:
| Rejecting a $23B offer to get $32B less than a year later doesn't
| sound half bad.
|
| https://www.theverge.com/2024/7/23/24204198/google-wiz-acqui...
| phendrenad2 wrote:
| I was trying to figure out where the deja vu was coming from.
| This explains it!
| dcchambers wrote:
| Google's M&A team: Oops we switched the 2 and 3 on that offer
| document, let's fix it and try again.
| shprd wrote:
| What changed from last year? The deal that failed?
|
| The article says:
|
| > The price tag is much higher than the roughly $23 billion
| Google had offered for Wiz last year before antitrust worries
| forced the startup to shelve the deal.
|
| > Wall Street is optimistic that the Trump administration would
| drop some antitrust policies
|
| Is that it? It's crazy to announce the deal before there's any
| actual policy changes. Why the rush? It's not like someone is
| outbidding them here.
| coldpie wrote:
| Did you read the article?
|
| > The price tag is much higher than the roughly $23 billion
| Google had offered for Wiz last year before antitrust worries
| forced the startup to shelve the deal. ... A harsh regulatory
| environment in 2024 had made it difficult for many firms to
| push through large deals, but Wall Street is optimistic that
| the Trump administration would drop some antitrust policies.
| shprd wrote:
| Yes, I made my comment more clear.
| ecshafer wrote:
| There is a new administration, and the new one doesn't have a
| DOJ that is extremely anti big tech, and going after them for
| antitrust on everything.
| airstrike wrote:
| Reminder they also bought Mandiant for $5.4B in 2022
| colesantiago wrote:
| Why isn't there an open source self hosted Wiz competitor,
| perhaps now one can start to emerge after this acquisition for
| those who don't want Google.
| leohonexus wrote:
| There's Wazuh, but it's more of an XDR (i.e. anti-virus) and
| SIEM solution than what Wiz is offering.
|
| https://wazuh.com/ https://github.com/wazuh/wazuh
| tnolet wrote:
| For hardcore Wiz users: What are their killer features that you
| use day in, day out?
| aweiher wrote:
| We use wiz and rapid7, so I can compare these two:
|
| Usability of Wiz and the ability to adapt it is so much better.
| Everyone can get a seat without extra costs, enabling shift-
| left for the dev teams. Projects make sure they only see what
| they need to see.
|
| The query engine is top. There are very good presets. Create
| Boards to share custom queries with the teams.
|
| Compliance frameworks are available. You could inspect the
| rules, they are written in OPA rego and you could add your own
| rules.
|
| Cloudtrail search is also a lot better than the one aws is
| providing.
|
| I could go on and on and on .. this solution has so many
| powerful features.
| OccamsMirror wrote:
| > $32 billion in an all-cash deal,
|
| Wow. I wonder how Google justified this acquisition. I fear they
| will eventually shutter this service, and likely without even
| pulling anything good into their own cloud offerings.
| mjlee wrote:
| I wonder what level of insight Google will now have in to how
| AWS, Oracle and Azure's customers use their cloud. Even just in
| aggregate I imagine there's some useful data.
| orliesaurus wrote:
| biggest Google acquisition yet or what?
| hyperbrainer wrote:
| Yes. The company's previous biggest deal was its $12.5bn
| acquisition of Motorola Mobility in 2012, which it sold two
| years later for $2.9bn. [0]
|
| [0] https://www.theguardian.com/technology/2025/mar/18/google-
| pa...
| nashashmi wrote:
| Can't help but predict that this will be a similar outcome.
| If they did not have a security division, this acquisition
| could work. But colliding two heavy security behemoths
| together is like the collision of two galaxies with a higher
| enteopy.
| hyperbrainer wrote:
| What I don't understand is how you get to a valuation of
| $32B. My quick googling showed me that the revenue for Wiz
| is about $700M. Even if I assume the existing customers +
| name + platform/assets is worth several billion, where is
| this number coming from?
|
| To be clear: I am young and ignorant. I am trying to learn,
| not criticise
| nashashmi wrote:
| My estimation is that there is another competitor that
| they wanted to out compete ... like Facebook paid $19B
| for whatsapp to outcompete google. The maximum market cap
| Wiz had was $13.2 Billion. So Google is paying 3x times
| the price.
|
| > Wiz has agreed to a termination fee of more than $3.2
| billion, a source told Reuters, one of the highest fees
| in M&A history.
|
| Not sure how they can afford this if it doesn't work.
| xiphias2 wrote:
| Motorola was bought for patents to defend Android, it was a
| clear win.
|
| Wiz is much harder to understand.
| echelon wrote:
| The patents they received from Motorola effectively put an
| end to Apple's Android witch hunt.
|
| Prior to this acquisition, Apple was determined to sue
| Android out of existence. They were on a rage-fueled mission
| to end a product they viewed as a copycat, and they knew
| Google didn't hold any patents to defend themselves.
|
| When Google acquired Motorola's patents, the tables turned
| and it was Google that could end Apple or at least turn it
| into mutually assured destruction.
|
| Those patents alone were worth a hundred billion for the
| headache they saved Google and the market position they
| opened up.
|
| This was one of Google's smartest moves of all time.
| hyperbrainer wrote:
| I definitely did not consider this earlier. Do you know of
| some other big examples where monetary loss was actually a
| win when considered in an overall context?
| atonse wrote:
| This is probably a dumb question, but what does all cash mean?
| Does it literally mean that they are putting $32bn in Wiz's bank
| account (or probably some kind of escrow, who knows) which then
| gets dispersed to their shareholders?
|
| What usually happens otherwise? Would they do partly google
| stock, etc? And each shareholder gets some kind of multiple? (you
| get your N amount of Wiz shares X .72 = your number of google
| shares), or something of that sort?
| kadomony wrote:
| Yes. They became billionaires overnight.
| epolanski wrote:
| Acquisitions often involve swaps of shares.
| bhouston wrote:
| The press releases say cash deal.
| whereismyacc wrote:
| The question was about what happens in other cases.
| thinkindie wrote:
| Otherwise it depends on the deal structure. Especially if it's
| an acqui-hire, or founders are involved, it can be a
| combination of shares, options, earn-out, guaranteed bonus,
| certain salary levels (much higher then their current one) etc
| etc, and cash. Usually 100% cash deal is the most sought after
| unless the acquirer has a very solid business (in that case
| shares and options could be valuable too).
| jaimebuelta wrote:
| They say that's an all-cash purchase. So it seems that they
| really put $32bn in the bank account.
| bklyn11201 wrote:
| Ultimately they are buying the shares of all existing
| shareholders. Wiz tells Google who the shareholders are after
| all triggers of options to shares are resolved. Then Google
| wires each shareholder after the signatures are complete. No
| money should go into Wiz bank account. 10-25% of the cash is
| held back to make sure the company and key employees fulfill
| promises made as part of the transaction.
| mikeyouse wrote:
| Right - the Wiz bank account is about to be the Google bank
| account, so it wouldn't make any sense for them to receive
| the funds.
| exhibitapp wrote:
| In an all cash deal the Vendor (buyer) will purchase all shares
| of the Target (seller) for cash and cancel those shares. A
| substantial amount of the cash will be held back in escrow
| subject to a number of clauses and released at a future date.
|
| This will protect the buyer against misrepresentations.
|
| There are often also targets that have to be met to achieve the
| full purchase price but not always disclosed
| kgermino wrote:
| Yes on all of that. All Cash means Google is essentially
| writing a $32Bn check which is dispersed to the Wiz
| shareholders. (It wouldn't go to Wiz's bank account since
| Google owns the bank account once they send the money.
|
| Typically these involve at least some stock (cash + stock or
| all stock) which would mean that each Wiz share gets some
| amount of money and some multiple of Google stock per share.
| mlyle wrote:
| > Does it literally mean that they are putting $32bn in Wiz's
| bank account (or probably some kind of escrow, who knows) which
| then gets dispersed to their shareholders?
|
| Google pays each of Wiz's shareholders 75-90% of the deal
| amount. The remainder is held in escrow and paid some time
| later based on a variety of conditions.
|
| > What usually happens otherwise? Would they do partly google
| stock, etc? And each shareholder gets some kind of multiple?
| (you get your N amount of Wiz shares X .72 = your number of
| google shares), or something of that sort?
|
| Yup, that's exactly how it works.
| financetechbro wrote:
| Part of the acquisition process is putting together a "funds
| flow" which is simply a model that lays out how much $ each
| shareholder gets and then also you collect all the wire
| details, etc. But anyway, it can be a bit surreal seeing how
| much cash will be deposited into various accounts once the deal
| closes
| limaoscarjuliet wrote:
| It means if you were a shareholder of Wiz, you will have cash
| in your checking/savings account within few days and you will
| no longer have the shares.
| timcobb wrote:
| What if I don't want to pay capital gains?
| lotsofpulp wrote:
| Then you should not have owned assets that someone else had
| the power to sell.
| nextts wrote:
| For example: any publicly traded shares.
|
| I have had shares that are 1. force sold, 2. shares that
| were force split into two companies and 3. shares that
| are force acquired so they become another companies
| shares.
| nextts wrote:
| Lol coincidently had some publoc traded shares force sold
| last month. Didn't realize (they didn't send me an
| email). I have a weird ability to pick these kinda
| stocks! Unfortunately it hasn't been a profitable
| strategy.
| Cthulhu_ wrote:
| There's going to be teams of lawyers and financial managers
| that will guide that money into various financial
| structures and / or shell companies so that none of it
| shows up on the records used to calculate that.
| xnx wrote:
| Is enterprise security software like consumer antivirus software
| (i.e. unnecessary (or even harmful) if you know what you're
| doing)?
| happyopossum wrote:
| "Enterprise" and "you know what you're doing" don't go hand-in-
| hand. _You_ might know what you 're doing, but does everyone
| else at your enterprise?
|
| Every single devops person who can push a CL to staging (that
| may not get properly reviewed)? Every marketing whiz who is
| using a dataviz tool against a cloud storage bucket you didn't
| even know existed? Every support engineer who is on-call at
| 2:#0am and can fix a customer's problem with one tiny IAM
| change?
| ChrisArchitect wrote:
| Official Wiz post: https://www.wiz.io/blog/wiz-joining-google
| yujzgzc wrote:
| Sometime explain the strategic rationale behind this? Google's
| previous big acquisition in the cloud space, Looker, didn't
| exactly pan out.
| sjm-lbm wrote:
| .. and all the talk of multicloud makes me feel like I'm
| reading an IBM press release, which is never good.
| bhouston wrote:
| I think Google sees a fast growing company and is acquiring it.
| Many GCP related acquisitions are weird, like Looker, Apogee
| and are awkward fits. Unsure how this goes.
| yujzgzc wrote:
| On top of it this one is an amount that you wouldn't pay if
| it wasn't existential, and it really doesn't feel like it is.
| epolanski wrote:
| What's in for Google?
|
| Like 32B is no small sum, and I don't really understand Wiz
| business (product yes, business and numbers much less).
| fcantournet wrote:
| I sounds insane to me number wise too. Even growth stocks have
| about 5x the price to revenue.
| happyopossum wrote:
| > Even growth stocks have about 5x the price to revenue.
|
| A PE of 5 is not a growth stock - that's the kind of PE you'd
| see on a barely surviving mid-cap in decline.... The combined
| PE of the S&P500 is in the low to mid 30s these days!
| TeaBrain wrote:
| >A PE of 5 is not a growth stock
|
| PE is not the same as PS (price to sales or revenue).
| Startups and growth companies are often valued by PS since
| they have revenue growth, but are often not yet turning a
| profit (making their PE < 0).
| epolanski wrote:
| Revenue and earnings are separate things.
|
| In fact price/revenue of sp500 is a disaster right now:
| 2.92.
|
| That means that SP500 companies on average are worth 3
| times their sales!
| Reasoning wrote:
| The cloud computing market is ~$600B annually. Google has a
| market share of 12% in it while Amazon sits at 30% and
| Microsoft at 21%. I'm assuming this is Google trying to stay
| competitive in that market.
| nikhizzle wrote:
| Perhaps Google is scared about losing its cash cow in search, and
| is needing to cement their position in cloud compute.
| ChrisArchitect wrote:
| Google Cloud post:
|
| _Google + Wiz: Strengthening Multicloud Security_
|
| https://cloud.google.com/blog/products/identity-security/goo...
| dmchk wrote:
| Gemini cyberattack exploit capabilities about to become better
| kats wrote:
| Don't do it!
| ChicagoBoy11 wrote:
| I'm marginally in the IT space... Is there anything to my
| reaction that at least in dollar terms this is a multiple of the
| dollar amount of what Whatsapp was acquired back in the day,
| which was a large consumer facing product that I could see was
| quite literally taking over messaging all over the world, and
| this is a... platform I've never heard of?
|
| I'm just trying to make sense of the numbers.
| yen223 wrote:
| I don't think WhatsApp had the same kind of revenue that Wiz
| has, even normalised for 2014 numbers.
| disgruntledphd2 wrote:
| Revenue and profit are very different. Like, it's easy to
| pump revenue at a loss.
|
| I don't really see the benefits of this acquisition for
| Google, but congrats to the Wiz team!
| noboostforyou wrote:
| > I don't really see the benefits of this acquisition for
| Google
|
| At the very least it's a giant book of sales leads.
| atemerev wrote:
| WhatsApp purchase was for that sweet sweet data of everyone's
| contact lists (this was their original innovation for
| onboarding -- just give us access to your phone book and
| we'll tell you who else is on WhatsApp). Their earnings were
| completely irrelevant in price discussions. The billions were
| paid for the dataset.
| WhyNotHugo wrote:
| Indeed. It's not just an incredible dataset, it's a self-
| updating one too.
| Marsymars wrote:
| I'd expect a lot of the money was also to prevent a
| competitor with WhatsApp's ubiquity from existing. (Or
| selling to another competitor.)
| atemerev wrote:
| That too, of course. WhatsApp itself was a work of art at
| that point, its success should be studied and hopefully
| emulated.
| dataflow wrote:
| Any idea what profitable things they do with that data?
| atemerev wrote:
| Mostly ad targeting (you can infer a lot of things from
| the global graph of contacts). Meta is an attention
| routing company.
| IshKebab wrote:
| True, but the vast majority of people spend zero money on
| WhatsApp. I actually have no idea how I _would_ give them
| money. There are no adverts, the metadata is not valuable, and
| no companies even use WhatsApp business, at least in the UK.
| Their UK revenue is basically 0, despite 100% market share.
|
| This is an enterprise product in a space where companies spend
| millions of dollars.
|
| Still seems like an insane amount though.
| quantumwannabe wrote:
| Whatsapp when it was acquired cost $1/year (with a year long
| free trial) and had a billion users and 55 employees. They
| were printing money.
| IshKebab wrote:
| As far as I remember they didn't ever really collect that
| money though. I certainly never paid it. I'm not sure they
| ever even implemented payment on Android.
|
| Obviously hard to source this old stuff but I found an old
| Reddit comment that backs up my recollection: https://www.r
| eddit.com/r/whatsapp/comments/xesw29/comment/io...
| SushiHippie wrote:
| I'm fairly certain that I paid once for WhatsApp back in
| the day (on Android)
|
| EDIT: just checked my payment history and in November
| 2013 I paid EUR0.89 for "One Year Service"
| zck wrote:
| Just to respond to the Whatsapp part of the comment,
| apparently Whatsapp made about $1.7 billion in 2024.
| https://www.businessofapps.com/data/whatsapp-statistics/
| steventhedev wrote:
| That is suspiciously equal to the "Other revenue" line in
| Meta's 10-K.
|
| Given that likely rolls up other products I doubt it's all
| coming from Whatsapp.
|
| [0]: https://d18rn0p25nwr6d.cloudfront.net/CIK-0001326801/1
| f8bf8e...
| zck wrote:
| Whatsapp was $1/person/year for a license. Wiz is "contact
| sales for pricing". Presumably that's more than $1/year.
|
| According to Amazon's Wiz integration
| (https://aws.amazon.com/marketplace/pp/prodview-ibgbkrqusncsm),
| the lowest cost they have is $24,000/year.
| craigkilgo wrote:
| It's based on your workload you are using it for basically.
| So its not a set price.
| seanhunter wrote:
| Valuation multiples for a free direct to consumer messaging
| company are very different to a paid-for b2b cybersecurity
| company. It doesn't really matter whether you've heard about
| Wiz, the important thing is every CISO has heard of it and many
| of them are prepared to pay actual money for the product.
| Cthulhu_ wrote:
| Wiz is enterprise software aimed at and popular with large
| companies that need to check all the compliancy boxes, and
| according to sources used by >40% of the Fortune 500 companies.
| It's also only 5 years old, so that's a ridiculously fast
| growth.
| securingsincity wrote:
| I imagine Wiz was smart enough to include a big payout if the
| acquisition doesn't go through. There is a ton of attention on
| Google by both political parties in the US and the EU is not a
| fan either.
| _countzero_ wrote:
| This seems like a silly and ridiculous acquisition. Surely for
| $32 billion almost any security technology could be replicated?
| You could hire several thousand best in class engineers and build
| whatever Wiz has in house... buying this almost makes it seem
| like Google has no idea how to build new innovative products,
| which I guess a lot of people already think.
|
| For Instagram and WhatsApp it was the user base and growth that
| was being bought, which is much harder to acquire than some
| random B2B saas security software.
| InkCanon wrote:
| There is actually some drama between Wiz and Orca, a company
| founded one year before Wiz. Orca alleged Wiz copied them, and
| Orca does operate in the same space. But a lot of hundred
| billion dollar companies are built on moats, integration and
| switching costs.
| _countzero_ wrote:
| Yeah but Google is a trillion dollar company. Why do they
| need to spend $32billion on a company whose only value add
| seems to be they are good at finding exploits? You could hire
| every cyber security researcher in the country for
| $32billion.
| InkCanon wrote:
| It is a difficult question to answer. For example, why did
| Google acquire YouTube in the early 2010s? A platform
| technically and engineering wise similar to YouTube would
| have been very easy to replicate. IMO the best explanation
| goes back all the way to the days of Standard Oil/Carnegie
| Steel company - and quite possibly even the East India
| Company. There's an enormous benefit to consolidate various
| businesses under you and create a monopoly. Today in tech,
| monopolies are far from being as straightforward as being
| the dominant producer of a commodity like oil or steel. But
| there's undoubtedly some similar mechanisms involved.
| Synergy is one way to put it, but I think it's too
| restrictive.
|
| I think the other part of the equation missing is if Google
| did create their own Wiz, Wiz would still be on the market,
| and it'd be a bitter fight which they could very well lose.
| more_corn wrote:
| Google did in fact have a product that was technically
| similar and in fact superior to YouTube. Remember Google
| Video? It was better and people hated it.
| thiago_fm wrote:
| What Wiz/Orca did is easy to copy for any Cloud security
| company with enough money, there's no moat.
|
| What is hard about that is actually selling your product to
| customers, which Wiz managed to do in a way never seen
| before.
| mattlutze wrote:
| For $32B Google are buying Wiz's brand, existing customers and
| their pipeline of customers, along with the technology.
| Cthulhu_ wrote:
| This is the answer, Wiz already has a foot in the door /
| running contracts with huge cloud consumers, but not all of
| them are using Google's cloud. I wonder if Google tries to
| earn more money off of competing cloud platforms by offering
| services like this.
| kats wrote:
| Wiz has no brand, no one knows who they are.
|
| Revenue from Wiz's customers will not make back $32 billion
| dollars even in 30 years.
|
| Wiz's technology is irrelevant. I think Google already scans
| for vulnerabilities and misconfigurations. And can build
| similar for low millions of dollars.
| dmarlow wrote:
| Plenty of people know who they are and have for quite a
| while.
| Marsymars wrote:
| > You could hire several thousand best in class engineers
|
| How easy is this? Especially if you're doing it on an
| accelerated timeline, it seems like you'd have to pay above
| market to poach thousands of best-in-class engineers, and then
| you're stuck with higher salary expenses forever.
| more_corn wrote:
| Google already employs some of the best software engineers in
| the world. In fact they've been laying off thousands of them.
| Google, like most big companies struggles to innovate because
| succeeding at a big company and making something fresh and
| new are different and often mutually exclusive skills. If
| they could have built it themselves they would have.
| happyopossum wrote:
| > In fact they've been laying off thousands of them
|
| Citation please? Last layoff at Google of any significance
| was over 2 years ago in the post-pandemic cleanup era..
| bmicraft wrote:
| Apparently they tried to acquire Wiz last year already,
| which means they've been thinking about it probably since
| before they let all those engineers go.
| jckrichabdkejdb wrote:
| Could've bought reddit with the same amount.
| _countzero_ wrote:
| Yeah, does WIZ just have a pile of 0 days that they are sitting
| on? Or a bunch of data stolen from various cloud providers.
| This is an extremely weird and suspicious acquisition imo.
| film42 wrote:
| I'm surprised this acquisition didn't happen sooner. The first
| time I used Wiz I knew a big cloud provider would be snatching
| them up at some point. Why? Because every enterprise that decides
| to use cloud providers then needs to find someone to keep that
| cloud environment safe.
|
| But also, and may more important, you get to see everyones cloud
| usage, across all providers, with a high level of permissions.
| Said differently, Google can now target customers with massive
| spend across other cloud providers and work to migrate them to
| GCP, at a price that's _just_ cheap enough to over come the
| switching cost.
| byteknight wrote:
| How on earth does buying Wiz force other developers to move? I
| think the tinfoil is too tight.
| disgruntledphd2 wrote:
| There's no force but Google can now leverage the data from
| Wiz to target good customers for other services.
| savanaly wrote:
| How is this not a good thing for everyone involved? Or am I
| wrong for reading the comment in a tone that I perceived to
| be critical?
| stevenAthompson wrote:
| It doesn't force them to move, it just gets Google the
| information about how you use competitors products so they
| can out negotiate them come deal time.
| stackskipton wrote:
| Wiz itself doesn't. But Wiz knows what is going on in
| everyone cloud. That data could be fed to GCP sales team
| though customers might riot if that happens.
| creaghpatr wrote:
| >That data could be fed to GCP sales team though customers
| might riot if that happens
|
| Large enterprises don't sign the stock terms and conditions
| that would enable this, most do or should have legal teams
| redlining contracts around how cloud data is accessed and
| used by vendors. Maybe Wiz is so good they would agree to
| it, but it would get challenged and negotiated during the
| sales cycle.
| isoprophlex wrote:
| Clients can have their lawyers jump up and down but the
| data is there, you just KNOW the mothership gonna use it.
| All they need is some obfuscation and plausible
| denyability. It's just too good to not use it.
| adhamsalama wrote:
| Given that Israel has been committing an ongoing genocide
| for over a year and the world is supporting them, I don't
| think anyone will object to an Israeli company passing
| that data to Google.
| acdha wrote:
| They don't need to force people, just make them a very good
| targeted offer. This is also great for seeing which features
| their customers use most to help GCP catch up to the
| competition, too.
| neom wrote:
| If you'd be so kind for those of us that haven't touched cloud
| in 5/10 years, what is Wiz? from reading the google
| announcement: solving the supply chain hybrid cloud security
| issues? I could google I know but you seem to know what you are
| talking about, so if you'd be so kind. :)
| SSLy wrote:
| it's a linter for your yaml spaghetti
| Tuna-Fish wrote:
| And reason they can get recurring revenue for what is
| indeed basically a linter, is that what it lints your
| configuration files against is not just best practices but
| also regulatory compliance. And that gets hairy enough and
| changes often enough that it's usually worth it to pay for
| it to be someone else's headache.
| bigfatfrock wrote:
| ^ Poetry! If only we had linters for all the yaml spaghetti
| out there in ops land.
| tempodox wrote:
| Your system nosediving is the linter.
| theamk wrote:
| That's just one part.
|
| The real value is it's linter for _any_ cloud config - you
| can use terraform or cloudformation or just click around in
| user interface, and Wiz's rules would still work.
| JKCalhoun wrote:
| I thought they made smart lightbulbs (I have some "WiZ" ones
| installed in fact).
| Kipters wrote:
| I was worried it was that WiZ, luckily it's not Their bulbs
| are one of the few WiFi bulbs that don't require an app to
| operate (only for the initial configuration)
| shermantanktop wrote:
| I was worried it was
| https://en.wikipedia.org/wiki/The_Wiz_(film)
| dublinben wrote:
| Can you elaborate on this? The app (both versions!)
| barely works, and they don't appear to be compatible with
| Apple Home like others.
| Kipters wrote:
| You can use a Python library/tool to control them
| (https://github.com/sbidy/pywizlight), which means Home
| Assistant supports them out of the box.
|
| In my setup I have Home Assistant running on an N100 mini
| PC and that's what I use as an HomeKit bridge.
|
| If possible I'd use ZigBee or Z-Wave bulbs (or even
| better, switches) though.
| birdman3131 wrote:
| Shelly does not require an app at all. Initial setup can
| be done via the WIFI AP it generates by default. Cloud is
| a checkbox in the app/web interface.
|
| https://shelly.guide/add-a-shelly-to-your-wi-fi-through-
| web-...
| Atotalnoob wrote:
| When you use a cloud provider to setup a VM, what policies do
| you apply to it in order to ensure it's secure?
|
| Wiz and other tools in the same space tell you and tracks
| compliance across your fleet.
|
| Idk if wiz does this, but their competitors have "compliance
| packs" which are preset compliance patterns, IE hipaa, finra,
| etc.
|
| That way you click a button and it tells you every change you
| need to make to be compliant
|
| Edit: this is all just examples
| neom wrote:
| Figures. Crazy how badly I midsized this problem. When I
| was working on a cloud provider I suspected this would be a
| big problem space for building in, but I thought it was in
| the low billions, I was thinking (I guess stupidly) that
| the clouds and tools around them would be kind enough to
| create a lot of standardization so as at least this stuff
| wasn't junk. I get wanting to create a bit of friction, but
| thought "this is a bad place to make high friction". I
| guess it's pretty bad given the size of this acquisition?
| Or GCP just wants surface area data on other cloud
| providers (I presume this would aid in that, but I don't
| know)?
| mattnewton wrote:
| Idk about other clouds, but Google didn't eat their own
| cloud dog food when I was there. We had people food
| (borg) that was kinda impossible to separate from the
| infrastructure of google3 (and Google dev processes) and
| so cloud was built different. It wouldn't surprise me if
| that organization just had no awareness of how bad the
| friction really was for long enough for Wiz to get really
| good at it?
| dehrmann wrote:
| I'm not at Google, but the usual thinking is that the
| public product fixed a lot of the design warts of the
| internal one, but it's only 90% feature compatible, and
| the internal migration has an opportunity cost that's
| higher than the cost of maintaining two similar products.
| allturtles wrote:
| I don't know anything about cloud VMs, but I'm confused
| about how this is possible. Wouldn't determining whether
| you are HIPAA complaint depend on auditing all kinds of
| application details about how information flows through the
| system and how authentication and authorization are done?
| How could this be validated statically by looking at cloud
| VM config? Is Wiz doing some kind of AI magic over your
| whole codebase?
|
| I am sure I am misunderstanding something, but I'm not sure
| what.
| Atotalnoob wrote:
| HIPAA was an example.
|
| Yes there are other parts to HIPAA than just VM config,
| but it's just giving you policies and checks out of the
| box
| diggan wrote:
| > I am sure I am misunderstanding something, but I'm not
| sure what.
|
| You're missing that a lot of "security" is in reality
| just a bunch of check-boxes for a form that someone asks
| you to fill out.
|
| The security you need to really think about is outside of
| those checkboxes, and it seems like Wiz is _not_ for this
| type of security, but the former.
| mkmk wrote:
| Cloud configuration can create compliance issues that are
| distinct from codebase compliance issues
| moduspol wrote:
| They scan for everything they can and report on that.
| They don't claim to be able to tell you if you're 100%
| compliant--they just claim to be able to alert you if
| some subset of the requirements are out of order.
|
| And that still provides a lot of value to the right
| customers.
| jms703 wrote:
| But...don't these companies already have cloud security
| engineers on their payrolls?
|
| /s
| swyx wrote:
| thank you for asking on behalf of the many of us who are in
| the same boat.
| happyopossum wrote:
| > But also, and may more important, you get to see everyones
| cloud usage, across all providers
|
| Yeah - that's not likely to happen. Even the current in-house
| developed multi-cloud security stuff Google has doesn't let
| internal people see customer data. It's right there in the T&Cs
| they publish and agree to.
|
| I suppose they could be violating them in egregious ways, but
| that wouldn't last long before one or more of the 170,000
| employees got upset and went all whistleblower, which would
| lead to billions of dollars in lawsuits.
| devsda wrote:
| There are ways around it. If they look into specific
| customer's usage it is looking at customer data. If they look
| at more customers it will just be called anonymous analytics.
|
| Then you slice and dice the analytics data to extract what
| you need in the name of planning & improving the product.
| Cthulhu_ wrote:
| They wanted it to happen last year, but Wiz wasn't sure yet
| whether they would want to go public instead.
| yujzgzc wrote:
| For a truly multi cloud customer, your second point switches
| from being a pro to being a con as soon as Google owns it. Why
| would you give one of your cloud vendors visibility over your
| footprint across their competition?
| theamk wrote:
| It's pro for Google, not pro for customers.
| alberth wrote:
| So is Wiz just a CASB?
|
| (Cloud Access Security Broker)
| warkdarrior wrote:
| Wiz is a CNAPP provider. (Cloud Native App Protection
| Platform)
| light_triad wrote:
| It was going to happen last year but Wiz said they wanted to
| IPO. Wonder what that implies about the larger IPO/exits
| market.
|
| Here's the letter sent by the CEO Assaf Rappaport to his team
| at the time (2024):
|
| "Wizards,
|
| I know the last week has been intense, with the buzz about a
| potential acquisition. While we are flattered by offers we have
| received, we have chosen to continue on our path to building
| Wiz.
|
| Let me cut to the chase: our next milestones are $1 billion in
| ARR and an IPO.
|
| Saying no to such humbling offers is tough, but with our
| exceptional team, I feel confident in making that choice."
|
| https://techcrunch.com/2024/07/22/wiz-walks-away-from-google...
| otterley wrote:
| A lot has happened in the last 56 days that has resulted in
| significant uncertainty in the stock markets. That, combined
| with the higher offer, apparently changed the board's mind.
| film42 wrote:
| Wiz by itself is a great business and public markets will
| price it accordingly, but Google is able to price it much
| higher because of its unique position. Wiz + GCP sales team
| will boost adoption of the main product, a Google branded
| security tool keeps eyes from looking out, and of course, the
| ability to move huge amounts of revenue from competitors over
| to GCP is something only a hyper-scaler can tap. At 36x+
| valuation, this is still a great deal for Google.
| otterley wrote:
| On what are you basing your opinion that this is a "great
| deal"? Google is going to have to earn close to $100B in
| profit attributable to this acquisition over the next 10
| years in order to financially justify it.
| SJC_Hacker wrote:
| > On what are you basing your opinion that this is a
| "great deal"? Google is going to have to earn close to
| $100B in profit attributable to this acquisition over the
| next 10 years in order to financially justify it.
|
| Maybe like the Motorola acquisition - not so much the
| profit attributle from the acquisition but the profit
| they *won't* lose by not acquiring them.
| film42 wrote:
| It's smart defense, great offense, and a good product
| behind it. Each eat a big chunk of that $100B target. I
| don't see Wiz as a 10 year company, I see it as a forever
| requirement for companies to manage all of their cloud
| resources (across all providers). It will be here as long
| as GCP/AWS are here. I expect a short path to ROI on this
| one.
| otterley wrote:
| Consider that AWS's _entire operating income_ for 2024
| was $40B. GCP is 1 /5th the size. I admire your optimism,
| but I think it's unwarranted.
| StackRanker3000 wrote:
| So why do you think Google is making this acquisition?
| otterley wrote:
| Wiz is a recognized leader in the CNAPP/DevSecOps market,
| and so they'd be naturally attractive to any cloud
| hyperscaler. Google had to either build or buy a similar
| solution to grow GCP; and they chose to buy. But $32B is
| an _enormous_ hunk of cheddar, and I don 't know why they
| felt compelled to pay that much. The ROI on such a large
| investment is unclear.
| dehrmann wrote:
| > Wonder what that implies about the larger IPO/exits market
|
| The window is closed and locked. Haven't closed the storm
| shutters yet.
| varjag wrote:
| LOL IPO market is dead for observable future.
| belter wrote:
| If you know the Cloud market you know nobody is moving to GCP
| :-)
| archsyscall wrote:
| This deal might be more than just strengthening cloud security--
| it could be a strategic move for Google's multi-cloud
| positioning. If Wiz's customer insights help drive migrations to
| GCP, the $32B price tag starts to make more sense beyond just a
| tech acquisition
| kamranjon wrote:
| I'm just curious if anyone here has actually heard of this
| company before this announcement? If you have, what is your
| opinion on this acquisition?
| sudo-i wrote:
| Growing up in the NYC area this is what I think of when someone
| says the wiz https://en.wikipedia.org/wiki/The_Wiz_(store)
| Ylpertnodi wrote:
| I have 'wiz' lights in my place - home-networked lighting
| system. Which works. Well. For me....so glad g hasn't
| acquired them.
| philshem wrote:
| I also thought at first that G acquired the budget smart
| bulb company but then I realized it's "WiZ" and not "Wiz".
|
| https://www.wizconnected.com/en-us
| TuringNYC wrote:
| >> Growing up in the NYC area this is what I think of when
| someone says the wiz
| https://en.wikipedia.org/wiki/The_Wiz_(store)
|
| Growing up in NYC, it is was impossible to not remember the
| "Nobody Beats the Wiz" jingle
| sundarurfriend wrote:
| As a fan of British comedy, this is what I think of when I
| hear wiz: https://en.wiktionary.org/wiki/wiz#Etymology_2
| kyawzazaw wrote:
| didn't they try to do this several months ago?
| popol1991 wrote:
| They are huge in the cybersecurity space, led by veteran
| founders, solve real problems, fastest growth to $100M ARR in
| the history...
| mi_lk wrote:
| In cybersecurity history or the history?
| happyopossum wrote:
| In history - until Cursor, so like 6 months ago they still
| held the record.
| sofixa wrote:
| Cursor, the AI code editor? They have $100 million in
| ARR??
| spiderice wrote:
| So it would seem: https://sacra.com/research/cursor-
| at-100m-arr/
| HDThoreaun wrote:
| they are selling tons of enterprise subscriptions = $$$
| tnolet wrote:
| Last Kubecon / Cloudnative Con they had a HUGE stand. Hard to
| miss them if you are in this space.
| mousetree wrote:
| We've been using them for 2-3 years. Excellent.
| isoprophlex wrote:
| _[narrator]: Excellent, until now! Soon, their beloved cloud
| infra security scanner will to be sucked dry of all the juicy
| usage data on AWS and Azure customers, bled of its
| innovation, to be discarded in a few years time..._
|
| I like it too. Don't care much for google buying them, it can
| only end badly.
| psanford wrote:
| I've used wiz in a previous job. Its a good product. I don't
| know if they invented disk snapshot based security scanning,
| but they certainly popularized it.
|
| Companies like CrowdStrike have copied a lot of what Wiz has
| been doing (and I'm sure wiz has copied some CrowdStrike
| features).
|
| This announcement is pretty disappointing to me. I would have
| more faith in Wiz as an independent company than as part of
| Google. I expect their innovation to fall off a cliff.
| fdgjgbdfhgb wrote:
| I've seen them at trade shows and heard good things. I had also
| heard that Google tried buying them last year but it didn't go
| through, I'm curious about how/why they did it now
| Cthulhu_ wrote:
| What I read is that last year they weren't sure yet if they
| wanted to go public instead, but the current financial
| climate isn't good for going public so they went for an
| acquisition instead.
| ang_cire wrote:
| Almost any infosec professional whose company uses an IaaS
| provider (AWS, GCP, Azure, etc) has heard of them. They are
| probably the most notable tool for assessing your "Cloud
| Security Posture". It basically looks at your cloud
| configuration and alerts you for security issues caused by
| mis/sub-optimal configurations. It also identifies
| vulnerabilities, software updates, permissions issues, etc.
|
| I'm sad they're being acquired, especially by a FAANG company.
| This constant consolidation is bad for IT (and the economy in
| general). I am happy for the employees holding shares though!
| sudo-i wrote:
| Guess this is what laying off thousands of people paid for.
| siliconc0w wrote:
| Stock is down, definitely overpaid
| weatherlite wrote:
| the entire market is down today, tech especially
| mattlutze wrote:
| I was wondering why like every Wiz business development person
| was cold-engaging me on LinkedIn and email last year.
| thiago_fm wrote:
| Here's some context in what this means:
|
| Currently, Crowdstrike, Zscaler and other solutions compete in a
| similar space than Wiz.
|
| Google likely believes if can offer Wiz sec products bundled with
| Google Cloud. It isn't a terrible idea.
|
| But Wiz itself works on multiple clouds, so it seems that Google
| can also grow it on their own.
|
| Cloud security companies are growing a lot, and might be a growth
| lever for Alphabet, as its other businesses' revenue growth are
| slowing down.
|
| My assumption is that this will actually make it easier for
| Crowdstrike and Zscaler to keep their market share, as they are
| pure-play companies on Cloud security and Alphabet has too many
| businesses to manage.
|
| For me, it looks overpriced. Wiz has been growing a lot, but
| under Alphabet it might not perform as well as it did.
|
| The big winners are the founders and whoever owned Wiz options.
| alephnerd wrote:
| Zscaler isn't a prominent player in the CNAPP space - they
| missed the ball on that, but they also didn't need to tbh.
|
| ZS specializes in SSE/SASE - and does really well in that
| segment.
| siva7 wrote:
| They didn't want to buy Github.. too expensive. But Wiz price tag
| makes sense to them?
| walterbell wrote:
| Customer feedback (2024),
| https://old.reddit.com/r/cybersecurity/comments/1c1s9r2/wiz_...
|
| _> Wiz combines a graph search for asset management with
| agentless vuln and malware scanning that clones EBS volumes and
| scans them on their infrastructure. That 's a great combo for
| vuln management, but has some downsides like delays between scans
| and cloud costs. They have a sensor with solid detection rules,
| and are okay at a bunch of other stuff like cloud log threat
| detection and sensitive data detection. They've basically pushed
| what you can do without an agent to the limit._
|
| VC approach to enterprise sales,
| https://www.calcalistech.com/ctechnews/article/b1a1jn00hc &
| https://news.ycombinator.com/item?id=41042462
|
| _> [Cyberstarts] shows an internal rate of return of more than
| 100%, an unusual figure even for the best funds in the world..
| The first sales come from the loyal CISOs who work with the
| fund.. Ra 'anan offers [CISOs] the big dream of the world of
| employees - shares in a venture capital fund.. all funds that
| specialize in cyber go after CISOs and entice them with dinners,
| conferences, and some also offer them holdings in the fund.
| However.. he perfected it to a completely different level.. No
| CISO has ever received compensation for purchasing products..
| They receive 4% of the success fees of the general partner (GP)
| in the fund._
| xyst wrote:
| What the hell is "Wiz"? Some nobody company that was formed <5
| yrs ago and now gets acquired for _$32B_
|
| G might be the modern day IBM.
|
| You would think G would have the brain power to compete and
| provide out of the box security for their own platform. I guess
| the MBA losers at the top have been shaving too much from
| engineering to do this properly.
|
| The acquisition hiring in big tech is wild to me. And the
| consolidation of power into a few companies continues.
| alephnerd wrote:
| > What the hell is "Wiz"
|
| Just because your ignorant about significant portions of the
| tech industry doesn't mean you need to be dismissive.
| kernal wrote:
| I hear the Internet is on computers now.
| happyopossum wrote:
| > Some nobody company
|
| That was the fastest to $100m ARR in history
|
| > Some nobody company
|
| That was a Decacorn ~3yrs after its founding
|
| > Some nobody company
|
| With ~half of the Fortune 100 as paying customers.
|
| I get it - most people here aren't in cybersecurity, nor do
| they understand the space, but let me put it this way - if you
| are looking for the top 5 cybersecurity companies by mindshare
| _of people in the industry_ , Wiz is in the conversation.
| 0x500x79 wrote:
| Agree with most of your points, the one correction (that I
| think is important) is that they were the fastest from 1M ARR
| - 100M ARR. Not a straight fastest to 100M.
| dboreham wrote:
| The number of O(10)B$ companies acquired that I never heard of is
| alarmingly high. Someone should curate a list of them so I don't
| feel so clueless..
| spaintech wrote:
| My take on why Google bought Wiz is pretty straightforward. First
| off, Wiz brings a rock-solid CRM loaded with all those juicy
| contracts from the top cloud players. Add to that a proven
| enterprise team that knows exactly how to sell the product, and
| whom to sell to. And you've got a recipe for success. Every Wiz
| win is just a possible upsell for GCP; especially when GCP isn't
| even the market leader in cloud. IMO, it opens the door to a
| whole lot of sales opportunities and deep-rooted relationships
| with top-tier cloud customers. To me, that all points to a pretty
| hefty price tag on the table
| Fokamul wrote:
| RIP Wiz team.
| jb1991 wrote:
| Would be cool if they call the new product G-Wiz.
| purple_ferret wrote:
| Proof you don't need to own the .com domain name to make it big?:
|
| http://wiz.com/
| SSLy wrote:
| `.io` is `.com` equivalent for the market it addresses.
| 1024core wrote:
| Didn't Google acquire another cloud security outfit called
| Mandiant sometime back? How is this different from that?
| happyopossum wrote:
| > another cloud security outfit called Mandiant sometime back
|
| Mandiant wasn't/isn't "cloud security" - they're primarily
| security research, threat intel, and incident response.
| Completely different space, customer base, and product set.
| leftcenterright wrote:
| I still find it amazing that:
|
| - Businesses pay the cloud providers to allow them to use
| compute/disk/network
|
| - Businesses pay to hire the engineers who can work on cloud
|
| - Businesses pay to hire security engineers who can secure the
| applications in cloud
|
| - Businesses pay to hire FinOps to optimize their cloud usage
|
| - Businesses hire security companies to secure their cloud usage
| (e.g. Wiz was one such company)
|
| - Now cloud provider has to acquire the security company to
| secure their own cloud?
|
| Either I am too old, or there is something wrong here. Let's not
| forget that at the same time many big businesses do just fine by
| not using AWS/GCP/Azure.
| happyopossum wrote:
| > - Now cloud provider has to acquire the security company to
| secure their own cloud?
|
| No - this acquisition is about selling Wiz to cloud customers.
| Deploying on cloud securely is a solved problem _if_ you set
| and follow good policies. Virtually nobody is doing this, ergo
| companies like Wiz that will tell you when you 're doing
| something stupid.
| leftcenterright wrote:
| > if you set and follow good policies
|
| Is it really that hard? like I listed out, it is definitely
| not cheap. There isn't a shortage of skilled engineers in IT
| after massive layoffs. What's the catch then?
| czk wrote:
| > Wiz has raised a total of $1.9 billion from a combination of
| venture capital funds and private investors
|
| > Wiz agreed to acquire Tel Aviv-based Raftt, a cloud-based
| developer collaboration platform, for $50 million in December
| 2023. In April 2024, the company acquired cloud detection and
| response startup, Gem Security, for around $350 million
|
| > Wiz was founded in January 2020 by Assaf Rappaport, Yinon
| Costica, Roy Reznik, and Ami Luttwak, all of whom previously
| founded Adallom.
|
| > Adallom was founded in 2012 by Assaf Rappaport, Ami Luttwak and
| Roy Reznik, who are former members of the Israeli Intelligence
| Corps' Unit 8200 and alumni of the Talpiot program.
|
| > Adallom was reportedly acquired by Microsoft for $320 million
| in July 2015
|
| > On March 18, 2025, Google announced an all-cash acquisition of
| Wiz for $32 billion
|
| Had never heard of Wiz until they posted the blog post about the
| DeepSeek database being public earlier this year.
|
| https://www.wiz.io/blog/wiz-research-uncovers-exposed-deepse...
| coliveira wrote:
| These companies are the closest you can get to a legal mafia,
| they are effectively charging companies around the world to
| keep them "safe". In other words, a job that is traditionally
| considered to be a basic service of the government is now being
| privatized by people that nobody knows if we can really trust.
| culanuchachamim wrote:
| Big difference
|
| The mafia charges protection from itself, here the bad actors
| are out there and wiz help you protect from them.
|
| Wiz selling doors with appropriate locks for your bussines.
| marcus0x62 wrote:
| This is an absurd take. There's nothing stopping anyone from
| building their own cloud security tools (many have), and
| unlike the Mafia, Wiz isn't threatening anyone who doesn't
| buy their service. I'm also not aware of any government
| agency providing any reasonable analog to what these tools
| provide in the physical world.
| fourseventy wrote:
| 1.) What
| biggc wrote:
| You're stretching here.
|
| Companies hire private physical security all the time. Why is
| digital security different?
| ixsploit wrote:
| There are other CNAPP solutions. If you do an evaluation you
| will see why WIZ comes out on top.
| AznHisoka wrote:
| What are some others?
| belter wrote:
| https://www.gartner.com/reviews/market/cloud-native-
| applicat...
| blackhawkC17 wrote:
| > In other words, a job that is traditionally considered to
| be a basic service of the government is now being privatized
| by people that nobody knows if we can really trust.
|
| How on earth is it the government's job to protect people's
| software? It's a mere digital product, not human life or
| property.
|
| Besides, people also buy padlocks and door locks for safety.
| Wiz is no different.
| IncreasePosts wrote:
| It would only be like the Mafia if they launched cyber
| attacks against your infra if you turned down their services.
|
| Do you think that's what they do?
| pjc50 wrote:
| Oh, so it's commercially available Mossad.
| otterley wrote:
| WTF does that mean?
| belter wrote:
| Are you aware Wiz's co-founders were part of Israeli cyber
| intelligence division known as Unit 8200? The "Israeli NSA"
| otterley wrote:
| So what? Technologies with military and intelligence
| origins become available to civilians all the time. That
| includes the Internet itself, which was originally
| sponsored by DARPA.
|
| Would you rather they have kept the technology to
| themselves?
| pjc50 wrote:
| In a number of cases, yes.
| https://en.wikipedia.org/wiki/Pegasus_(spyware)
| monooso wrote:
| Presumably it's a reference to the fact several of the
| founders are Unit 8200 alumni, which is part of Israeli
| intelligence. It's not the same as Mossad, though.
|
| As I understand it, Unit 8200 is the Israeli equivalent of
| the NSA, and Mossad is their CIA.
| marcus0x62 wrote:
| If you have a problem with Unit 8200 alumni, you're going
| to have a difficult time buying commercially available
| security products. Palo Alto Networks, Armis, Checkpoint,
| and many others were either founded by or otherwise have
| former 8200 folks on staff. Then there's crowdstrike,
| founded by a Russian. Or Fortinet, which was founded by
| Ken Xie (born in Beijing.)
|
| I guess you could base your entire security stack on F
| Secure. Everyone loves the Finns.
| megous wrote:
| All of this "VPN" access software is pretty disgusting,
| from the perspective of the "VPN" "client". Absolutely
| untrustworthy bloated spying crap.
|
| I boycot it every time I can just for this.
| gnfargbl wrote:
| Military service is compulsory in Israel, so being a former
| member of 8200 isn't exactly unusual. Given the choice
| between spending two or three years as deployed infantry, or
| writing code in an air-conditioned office, I suspect a few of
| us here would choose the latter.
| hintymad wrote:
| Yup. And more than that, Israel picks the brightest high-
| school kids to join their special school that trains
| intelligence officers. The kids learn advanced STEM and
| analytics in the school. It's not a coincidence that many
| of the graduates ended up founding good companies.
| detourdog wrote:
| I never heard of them until they were purchased for $32
| billion.
| debarshri wrote:
| Thats the kind of a company everyone wants to build in
| enterprise security.
|
| Incognito unicorns.
|
| There are many companies like these in security space.
| Another company I can think of is Rubrik. All these large
| security companies under the radar success.
| 1oooqooq wrote:
| most people here are also in security and still haven't
| heard.
|
| It's more likely backroom kickbacks (and/or mossad) than
| invisible unicorn.
| debarshri wrote:
| kickbacks, may be. I have seen the product. It is not so
| mossad-y. It fairly straight forward cloud, VM,
| kubernetes scans.
|
| Does it protect stuff? Somewhat.
|
| Is it the best product out there - no.
|
| Are CISOs happy? CSPM is mostly a checklist item in their
| bucket to things to do.
|
| It depends on what kind of security you are working in.
| Most of the people in CSPM, CNAPP world have heard their
| name.
|
| It is product built for cloud security/devsecops folks.
| manquer wrote:
| > It is not so mossad-y.
|
| Would we (i.e. anyone not in the intelligence space) know
| how intelligence service-y software would look like ? .
| Aren't all such organizations trained and designed to be
| inconspicuous and in places we are unlikely to expect.
| alephnerd wrote:
| Mossad aren't the guys doing cyber ops in Israel. They're
| suave arsim (how else can you blend in Beirut or Tehran).
|
| Also, if you've worked with Israeli government
| cybersecurity teams, they aren't much different in
| caliber from the kind you'd find at the NSA, GCHQ, or
| Netherlands.
| manquer wrote:
| > they aren't much different .. NSA, GCHQ, or Netherlands
|
| I (and most here) wouldn't really know what that caliber
| is in these other organizations either to compare
|
| What we do hear is of how the Hubble's tech stack is hand
| me down previous gen(i.e. 70s) spy satellites or exploits
| like Stuxnet, Pegasus or the recent pager supply chain
| attacks. On pure technical level those are all pretty
| impressive things well beyond what I or even anyone I may
| personally know do.
|
| There of course is definitely certain amount of
| propaganda that would project much higher capability than
| reality, being mindful of that misdirection and the
| visible evidence, we civilians can only reasonably
| conclude that we will never have a clue what these
| organizations can or cannot actually do.
| someperson wrote:
| > They're suave arsim (how else can you blend in Beirut
| or Tehran).
|
| To save others looking up what 'suave arsim' meant:
|
| 1. suave -- a normal English the word for
| charming/confident
|
| 2. "arsim" [1] -- apparently a former ethnic slur for
| Mizrahi Jews [2] now repurposed to mean crude, loud and
| brash (which sound to me like the equivalent of the
| British slang term 'chav').
|
| [1] https://en.wikipedia.org/wiki/Ars_(slang)
|
| [2] https://en.wikipedia.org/wiki/Mizrahi_Jews
| debarshri wrote:
| We would actually. Lot of the intelligence orgs. use COTS
| these days.
| valianteffort wrote:
| 100% the case
| kristopolous wrote:
| If a security firm could blackmail Google, what would
| that look like?
| coliveira wrote:
| Bingo, a huge kickback to some "invisible" hands. They're
| probably already creating the new "unicorn" to sell to
| another FAANG company.
| alephnerd wrote:
| > most people here are also in security
|
| No they aren't.
|
| I've been a cybersecurity SWE, PM, and VC for a decade at
| this point and I've almost never found any relevant
| security or enterprise SaaS related content on HN.
|
| For a hot second (around 2018-2019) there was solid
| conversations around eBPF, io_uring, or cloud posture
| management, but that doesn't happen on here anymore.
|
| Same with MLOps and ML Infra as well - almost no one on
| here understands Infiniband, RDMA, or BLAS
|
| The tech industry is MASSIVE - and most people are only
| clued into their own little niche. And according to HN,
| the only tech companies that exist are FAANG, Nvidia,
| Tesla, TSMC, and BYD.
| powvans wrote:
| I vaguely remember this hot second you refer to. What is
| the HN equivalent where those conversations are happening
| today?
| 1oooqooq wrote:
| i don't consider installing yet another 3rd party keys on
| my 3rd party cloud vnet as adding security... but maybe
| that's just me.
| TeMPOraL wrote:
| Well, it depends what it does to your liability. If, in
| case of attack, it ends up shifting the blame to a third
| party, then yes, that's considered adding security in
| enterprise space.
| heraldgeezer wrote:
| Why is HN so Israeli/Jewish conspiracy brained?
| alephnerd wrote:
| It's for any country or heritage that isn't American or
| Northern European. A lot of really racist or xenophobic
| takes on HN.
| heraldgeezer wrote:
| Don't try and "both sides" this.
| alephnerd wrote:
| I'm not trying to "both sides" jack. And it's not like
| you could tell the difference between Zohar Argov or
| Amitabh Bachchan.
| heraldgeezer wrote:
| Okay you edited.
|
| I feel like the majority of anti-jew sentiment is from
| pro-palestine arab people and adjacent. At least In my
| country. They really believe "jews run the world" once
| you debate them enough they admit it and there is no
| changing of their minds.
| alephnerd wrote:
| > Okay you edited.
|
| Yep. Realized the confusion!
|
| > I feel like the majority of anti-jew sentiment is from
| pro-palestine arab people and adjacent
|
| Most people haven't met an Israeli or traveled to Israel.
|
| Also, most users on HN are Americans or Northern European
| who overwhelmingly use Reddit, so everyone has some weird
| fringe mentality about one side or the other.
|
| Honestly, most Israelis and Arabs act the same - I mean
| most Israelis are Mizrahi and normal/collquial Hebrew is
| heavily Arabic based (where else will you here people say
| "Yalla" in every other sentence)
| detourdog wrote:
| There are plenty of Arabs elected to the Knesset and they
| are also plentiful in the Israeli universities.
| alephnerd wrote:
| Ik. I have friends from Haifa, Nazareth, and Beersheba.
| There isn't an easy way to write Israel, Israeli Arab,
| Palestinian Arab, and non-Palestinian Arab.
| aleph_minus_one wrote:
| > I feel like the majority of anti-jew sentiment is from
| pro-palestine arab people and adjacent.
|
| Why not hate _all_ groups that are involved in the Middle
| East conflict? :-)
| lormayna wrote:
| In my experience, the public opinion is more anti semitic
| in Northern Europe than in Southern Europe.
| jdgoesmarching wrote:
| Security is a big field. I'm in the CSPM space and Wiz is
| a major player here, I actually had a bit of an
| existential crisis about what we were building when I
| first saw a demo of their platform.
|
| Most of their competitors, like Palo Alto, have a very
| convoluted offering from gluing together several
| acquisitions. Wiz is very cohesive with a much nicer API
| and great UX, which is very underrated in the security
| space imo.
|
| I have zero trust in Google's promise to keep supporting
| the tool for multiple clouds or maintain the high quality
| of product design that makes Wiz great. It's great for my
| job security, but I'd call it a net loss for the
| industry.
| debarshri wrote:
| CSPM is very crowded space. There are quite some new and
| emerging providers. Wiz out of the scene opens up new
| opportunities.
| rockskon wrote:
| Opportunity for opportunity sake isn't a virtue if it
| gets rid of one of the few providers that was any good.
| ryanSrich wrote:
| If you're in security and you haven't at least heard of
| Wiz, I have doubts about what you actually do. I'm not
| saying you have to be a CSPM expert, but not even hearing
| about Wiz, when they are the largest CSPM, is somewhat
| concerning.
| aleph_minus_one wrote:
| > If you're in security and you haven't at least heard of
| Wiz, I have doubts about what you actually do.
|
| IT security a very wide field. For example, a lot of
| positions in IT security are actually about compliance
| (i.e. lots of documentation), and ensuring the rollout of
| all necessary application patches in the whole company.
| marcus0x62 wrote:
| Compliance and patch/vulnerability management teams are a
| major constituency for CSPM tools.
| casey2 wrote:
| The people responding with CSPM are absolute clowns. Most
| people never heard of crowdstrike before their computer
| bluescreened.
|
| Realize that you are in a bullshit ungoogleable industry
| and quite down before you ruin it for everyone.
|
| The cloud is just another person's computer. There is no
| such thing as security when someone has physical access
| to the device no matter how many layers of encryption.
| hluska wrote:
| Two things:
|
| 1.) Most people here are likely not in security.
|
| 2.) I'm only adjacent to security but have heard of Wiz.
| If you work in security and haven't, are you sure you're
| good enough to subject us to your opinion?
| tzury wrote:
| $350M ARR in less than 5 years. Aiming towards $1B by the end
| of 2025.
|
| You never heard of them since perhaps your decisions were not
| in the cycles of their product. Those who are , heard indeed
| (type of folks who look at Gartner magic quadrants).
| kyawzazaw wrote:
| You didn't hear about them last time on HN, when it was $23
| billion?
| x3n0ph3n3 wrote:
| My company just started using them and I was part of the due
| dilligence evaluation of their product. I had never been so
| impressed with a cloud security provider before I started
| using their product. Absolutely phenomenal product offering
| l.
| ryanSrich wrote:
| This is wild to me. As someone in security, Wiz is definitely
| one of the whales.
| almosthere wrote:
| Same here, I guess it's the circles you run. I just went to
| their homepage and I have no idea what they do. I already
| have CI/CD, code, etc.. "securing" it seems like, use aws
| secret stores?
|
| In other words, their webpage is not telling me anything.
| Companies like these, always feel like instead of having a
| useful product, they hired useful networks of people to
| "spread the word" and sell sell sell to your network.
| Apparently I wasn't in the network. Sorry old and salty.
| hluska wrote:
| As a meaningful tangent, how many layers of obscurity do
| you use to keep sales people from contacting you?
|
| If you do interesting work, you'll get cold emails unless
| you take steps to avoid them.
| belter wrote:
| It does not make sense. In 2024 Wiz had 10.7% market share.
| Revenue in the 1,5 to 1,7 Billion but they were not
| profitable in 2023. Become profitable in 2024 meaning costs
| are very high.
|
| Also looks like Google is desperate for growth in Cloud and
| they need to _do something_.
|
| They are paying as much money as their whole Google Cloud
| revenue in 2023. Revenue multiple is like 40x times revenue
| for Wiz. Exceptionally high, even for a high-growth company.
| Clearly overpaying.
|
| Wiz had nine rounds so massive dilution, and VCs need to
| recover the money...
| marcus0x62 wrote:
| 10% market share in security is huge. It is an extremely
| fragmented market, across almost all product segments.
| fuzztester wrote:
| >It does not make sense
|
| actually, it makes perfect sense. it's just that you (and
| I) don't have the right perspective.
|
| these giantcos are sitting on _Himalayan_ ranges worth of
| cash, which is burning a fiery hole in their butts, and
| they don 't know what to do with it.
|
| and they have more cash than sense, even though they always
| brag about having some of the smartest people in the world,
| and also have FOMO (to competitors and upstarts).
|
| Facebook buying WhatsApp for 19 billion did not make sense
| to us laymen either, but it happened.
|
| I was flabbergasted when I read about it. ignorant me.
|
| https://en.m.wikipedia.org/wiki/Himalayas
|
| https://en.m.wikipedia.org/wiki/WhatsApp
|
| go figure (pun intended)
|
| edit: you answered your own doubt about why does not make
| sense:
|
| >Also looks like Google is _desperate_ for growth in Cloud
| and _they need to do something_.
|
| that's what I said, FOMO.
|
| man, if i sold even one of my software products for even a
| zillionth of such amounts, I would be on Mount Kailash
| (cloud 9 to you :)
|
| grrr. envy emoji here.
|
| https://en.m.wikipedia.org/wiki/Mount_Kailash
|
| https://en.m.wikipedia.org/wiki/Kailasha
| username135 wrote:
| In cash!
| hristov wrote:
| Looks like a payoff to me.
| layoric wrote:
| I swear some tech company acquisitions appear like more
| expensive art purchases for for when you need to launder
| larger amounts of money...
| Nexxxeh wrote:
| When I read the headline, I assumed the IoT platform and smart
| light brand, the now Wi-Fi arm of Signify, the smart home
| people who do (Philips) Hue smart lighting.
|
| https://www.wizconnected.com/en-gb
| admiralrohan wrote:
| I am hearing for first time, I thought Google is buying Wix the
| website builder and was thinking why!
| belter wrote:
| Guess what is common between Wix and Wiz....
| encoderer wrote:
| Wiy?
| belter wrote:
| 8200
| brightball wrote:
| Didn't Palo Alto Networks come out of 8200 too?
| 999900000999 wrote:
| Seems like an answer to everyone blaming Firebase,AWS, and other
| cloud providers for not forcing them to do basic security checks
|
| Wiz will do it.
|
| Always happy to see a good exit, good show.
|
| I've worked with cloud for a long time. I sorta blame myself for
| not seeing the market for this and not starting up my own
| company. I was too busy messing with machine learning, but never
| going much beyond sentiment analysis. Had I also stayed on that
| path, and maybe had a few million dollars in startup Capital
| laying around I'd be a billionaire by now ( yes this is
| hyperbole).
|
| Oh well, time to cry myself asleep as a forever middle class
| software engineer...
| sidcool wrote:
| Why would Google, a leader in security, spend so much on another
| security firm? Wiz must have something amazing under their
| sleeve.
| dj_gitmo wrote:
| This is just how tech has worked forever. Large established
| companies are not great at developing new products, so they buy
| startups. Youtube was a startup. Google Docs was a startup.
| Hell, Network Address Translation was a startup at one point.
| codingmoney wrote:
| The acquisition of Wiz by Google raises some interesting
| questions about the future of cloud security. On one hand, it
| could lead to better integration and innovation in Google Cloud's
| security offerings. On the other hand, it might concentrate too
| much power in the hands of a single vendor. It will be
| interesting to see how this deal affects the competitive
| landscape and whether other cloud providers will respond with
| similar acquisitions or partnerships.
| Yasuraka wrote:
| This reeks of GPT.
| bitsandboots wrote:
| I went "huh, they're buying the smart light company from
| phillips?" Different wiz.
|
| And best of luck to the Wiz folks! Whenever I see Google
| acquisitions I just wonder how long until they end up in the
| graveyard listing.
| gnuser wrote:
| its like every problem slice Ive been solving over the decades as
| a sysadmin is a huge market opportunity
| majestik wrote:
| This deal isn't about security, it's about data.
|
| Google already have one of the best security teams in the
| industry - Project Zero [0]. They don't need Wiz's "enterprise"
| expertise for security.
|
| This deal is about DATA. Wiz, as a cybersecurity vendor, have
| full remote access to their customers cloud compute storage (EC2
| EBS volumes, etc) in the name of "security scanning" - this is
| actually part of their unique selling point - "agent-less
| scanning" which is unlike traditional security tools that require
| an agent installed in the OS. Instead, Wiz is able to just clone
| your full data volume and scan it locally in their cloud
| accounts/VPC.
|
| With this deal Google has bought a ton of confidential data from
| Wiz's customers without their explicit knowledge or approval, and
| they will use it to improve Google's AI models like Gemini and
| probably several other products.
|
| A year ago Google struck a $60M/yr deal with Reddit to
| exclusively license their content [1] for the same reason, and
| that data is probably much smaller and less valuable than the
| data Wiz has access to from their customers, which include
| companies like Morgan Stanley, DocuSign, Slack, Plaid, and
| others. [2]
|
| Sources:
|
| 0: https://googleprojectzero.blogspot.com
|
| 1: https://www.reuters.com/technology/reddit-ai-content-
| licensi...
|
| 2: https://www.wiz.io/customers
| breppp wrote:
| So many sources yet no source of the actually outrageous claim
| that Google will use this to illegally siphon customer data
|
| maybe this deal is about a company with a lot of revenue in an
| area google is heavily investing in: cloud security?
| diggan wrote:
| > actually outrageous claim that Google will use this to
| illegally siphon customer data
|
| Hypothetical question as much as anything: If Google
| purchases a company and the data the company stores about
| their customers, is it illegal for them to use this data for
| whatever they want?
|
| Lets say it would give them an understanding of what features
| from AWS people tend to use the most, and they use that to
| improve Google Cloud, would that be illegal?
| breppp wrote:
| yes, due to privacy and contract obligations
|
| as well as this is the surest way for GCP to spectacularly
| commit suicide
| diggan wrote:
| Unless you're talking about some specific Wiz<>customer
| contracts, how do you know?
|
| AFAIK, there are no explicit laws forbidding that. Maybe
| you could share what law you think this would be
| breaking?
| breppp wrote:
| OP mentioned training AI on customer data
|
| GDPR, CCPA, HIPAA, etc, as Google has no way of knowing
| which data they will train on, add to that copyright and
| that's just off the top of my head
|
| cloud contract obligations are also pretty clear about
| customer data.
|
| furthermore it would be bad engineering and security if
| Wiz had actual direct access to customer data, versus
| having their code having access to said data. That would
| be a huge issue in due diligence for example
| diggan wrote:
| Did you skim through Wiz's Privacy Policy? They're
| keeping a lot of stuff that isn't "direct access to
| customer data" and already permitted to be sent to 3rd
| parties, wouldn't surprise me if you could aggregate what
| features are most used on AWS by collating some other
| sources than having actual access to customers cloud.
|
| Obviously, existing agreements would need to continue to
| be run properly, no question about that. But there is
| always plenty of other data that probably could be used
| by Google to gain some insights.
| breppp wrote:
| what you talked about is different and is aggregated
| metrics
|
| that might be legal and interesting but i highly doubt
| it's 30+ billion dollar interesting
|
| i imagine you can buy that data from data brokers without
| any legal exposure but that's only a guess
| billjings wrote:
| Facebook did exactly this with a VPN acquisition. They didn't
| break into customer data; they just mined it for usage
| patterns.
|
| So as a pure speculation on Goog's motives, it doesn't sound
| farfetched enough to call ridiculous. Competitive data is
| valuable, particularly if you want to strangle the youth in
| their cradles (or acquire them).
| breppp wrote:
| google is not facebook, and an ad-supported consumer
| software is not cloud. OP talked about AI training which is
| a bit more than metadata
|
| also, the vpn example ended in court
| kossTKR wrote:
| Thousands of lawsuits coming up? How are any of the mentioned
| companies okay with their highly confidential data being
| scanned by AI?
| kccqzy wrote:
| Project Zero and Wiz and have very little in common. It's wrong
| to bring these two up together as if they are comparable.
| Project Zero focuses on discovering and analysis of new
| (including zero-day) vulnerabilities. I do not believe Wiz
| uncovers new vulnerabilities. The skillset of someone working
| on Project Zero looks very different from someone working on
| Wiz.
|
| The field of security is huge. It's unhelpful to lump unrelated
| things together.
| sofixa wrote:
| > I do not believe Wiz uncovers new vulnerabilities
|
| Oh they do. https://www.wiz.io/blog/tag/research
|
| A few fun ones are the multiple cross-tenant security
| exploits they found in Azure (which is why, among the tons of
| other reasons, Azure is just the worst possible choice for a
| cloud vendor from the big 3 - their security is a joke, and
| none of the vulnerabilities below should have passed even a
| cursory security review, but they did, which means the whole
| org doesn't take security seriously. Add in the fact that
| it's slow as hell, and has the UX worthy of an Enterprise
| vendor, the only reason to choose it is because you're
| getting a good deal on the golf course for it):
|
| https://www.wiz.io/blog/azure-active-directory-bing-
| misconfi...
|
| https://www.wiz.io/blog/omigod-critical-vulnerabilities-
| in-o...
|
| https://www.wiz.io/blog/secret-agent-exposes-azure-
| customers...
|
| https://www.wiz.io/blog/chaosdb-how-we-hacked-thousands-
| of-a...
| nolist_policy wrote:
| Google has the best security. But it is hard to market real
| security (as oposed to snake-oil), so maybe this acquisition
| will help.
| johnisgood wrote:
| > Google has the best security.
|
| Care to elaborate?
| nolist_policy wrote:
| Google was owned pretty hard in 2009 (Operation Aurora).
| Following that they put security front and center in a way
| that few other vendors do.
|
| You can read my praise of ChromeOS here:
| https://news.ycombinator.com/item?id=41178525
|
| To add a few, Chrome was the first browser to introduce
| process isolation: Every browser tab, every site (second-
| level domain) and every iframe runs in its own sandboxed
| process.
|
| With that it's the only end-user software (alongside the
| other browsers) that actually is secure against Spectre and
| Meltdown. Operating systems only protect against
| Specre/Meltdown leaks _between processes_.
|
| Google invented Certificate Transparency and Chrome
| enforces CT since years. Firefox added CT enforcement only
| a few days ago.
|
| CT solves the following: For example, if a rouge Chinese
| Certificate Authority decides to issue a cert for
| google.com to the Chinese government for Man-in-the-Middle
| attacks, CT blows their coverand makes it known to everyone
| that the CA issued a fraudlent cert.
| marcus0x62 wrote:
| Google isn't buying Wiz for "security expertise", they're
| buying Wiz for a security product, in a growth area, that
| customers absolutely love. You've provided no evidence for the
| conspiracy theory that google is buying Wiz to siphon up a
| bunch of data, and if you're going to link to Wiz, maybe link
| to their public list of security certifications, many of which
| prohibit the type of data harvesting you are suggesting.
|
| https://trust.wiz.io/
| tasuki wrote:
| "Trust" screams insecurity. Security is in the direction of
| trustless rather than requiring trust. Do you trust companies
| which say front and center "you can trust us"?
|
| Wiz is a "security product"? Security isn't something you can
| buy and bolt on to your systems as an afterthought. It
| doesn't work like that!
| marcus0x62 wrote:
| I'm honestly not sure what your point, if any, is.
| reliabilityguy wrote:
| > They don't need Wiz's "enterprise" expertise for security.
|
| Yes, because exploit discovery is exactly what enterprise
| security is.
| laweijfmvo wrote:
| I find it hard to believe (or maybe I don't want to believe)
| that this could ever happen? Even if Wiz has T&C's that allow
| full access to clients' data, and even if the T&C allow some
| sort of "use" of that data that includes training an LLM,
| surely you can't release an AI trained on private information
| to the public? You can't have Gemini spitting out
| internal/private/confidential information?
|
| Am I just naive?
| bilater wrote:
| na you're right this would be a dumb move with a huge blow
| back
| nerdponx wrote:
| It's only dumb if they get caught doing it. If they do it
| once and keep it quiet and then someone finds out 2 years
| later, it's going to be a footnote in history.
| Izikiel43 wrote:
| I'm guessing you would be the same guy who wouldn't torrent
| millions of books and copyrighted works to train your LLM.
| Zuck can afford not to care about that pesky detail
|
| You are not naive, you are not considering that at certain
| scales, your concerns are the cost of doing business.
| danielmarkbruce wrote:
| This is an incredibly stupid take on the deal.
| petargyurov wrote:
| _This_ is an incredibly useless comment [0]
|
| At least say _why_ you think so and contribute to the
| conversation a bit.
|
| [0] https://news.ycombinator.com/newsguidelines.html#comments
| danielmarkbruce wrote:
| The comment effectively says "wake up to yourself, this
| nonsense isn't welcome".
|
| Some things are self evidently stupid, cynical and/or
| disingenuous to anyone with a modicum of intelligence and a
| cursory understanding of the field.
|
| Use your hall monitoring energy to add value. The type of
| post I call out here reduces the value of the forum.
| HDThoreaun wrote:
| theres no need to wrestle with pigs
| panarky wrote:
| The top three topics of batshit conspiracy theory supported by
| precisely zero actual evidence:
|
| 1) Hidden cabals colluding in secret to control world events.
|
| 2) Extraterrestrial beings live among us secretly controlling
| world events.
|
| 3) Google illegally steals private data to secretly control
| world events.
| thefourthchime wrote:
| This theory of yours is a conspiracy. Google would never start
| training off of confidential corporate information without
| authorization. The legal team would never allow it. And if they
| ever got caught, it would be a complete disaster for them.
| czk wrote:
| Using private data to train a public LLM seems like a huge
| liability that Google's legal team would never approve. I could
| see them using the data for all sorts of kinds of analytics
| though. I heard Google deals in those a lot.
| qwertox wrote:
| Project Zero is about finding security issues, not about
| developing products to increase security.
| seydor wrote:
| wiz probbaly found some big vulnerability in google, and they are
| now forced to buy them.
| bookofjoe wrote:
| >Assaf Rappaport and his co-founders now stand to make more than
| $3 billion each from the sale...
|
| https://archive.ph/SoeUd
| Keyframe wrote:
| tbh all of this sounds extremely suspicious. nothing they do
| google can't do, market share is not there for $32B, it's a
| couple of years old company. If it's not money laundering, which
| I presume it's not, what is it? It doesn't make any sense.
| tzury wrote:
| In a recent interview , one of the founders claimed that one of
| Wiz smart moves was using a graph database for mapping cloud
| resources and their relations, while perhaps all other
| competitors used SQL or NoSQL.
|
| It helped them "get to the point" quicker and "cleaner".
| kats wrote:
| Google is making a huge mistake. They are clearly getting
| scammed, the price is up to $32B from $23B less than a year ago.
|
| There is no pressure or need to buy Wiz.
| dinobones wrote:
| This makes no sense.
|
| Assume 1,000 customers each generating $2m in ARR with contracts.
| That's $2 billion. Assume generous 6x ARR valuation, that's $12
| billion.
|
| Where is this $20 billion premium coming from? How could the
| board approve this? How is this fair to shareholders?
|
| Heck, as a minor shareholder in GOOG, I don't find this
| financially responsible at all.
|
| I can't help but think sometimes these tech acquisitions have
| some hint of nepotism/deeper underlying motivations behind them
| than meets the eye.
| eranation wrote:
| I have no basis for this thought other than speculation, but I
| imagine GCP having previously unaccessible data about a lot of
| AWS and Azure workloads of potential GCP customers, gotta be
| worth at least something... if a customer is generating 2m ARR
| for Wiz, how much of ARR they generate to AWS/Azure if they are
| not a GCP customer? Again, this is just speculation and I have
| no idea if it has any basis in reality, but this was my first
| thought back when they made the first offer.
| Taek wrote:
| How is 6x generous? Alphabet's P/E is 23. That means $2 billion
| rev implies $46b valuation (assuming high margins)
|
| These deals always have more than meets the eye. Google
| wouldn't acquire revenue at a fair market price just for
| revenue's sake - there's some reason they expect to get value
| beyond the revenue.
|
| That doesn't mean its nepotism. It could be that they think
| they can triple revenue per customer with some synergy. Or any
| number of a large set of other possibilities.
|
| If you want to understand this type of transaction better, you
| can read a book on M&A
| tgma wrote:
| P/E is the _earnings_ multiple, not revenue. Your _assuming
| high margins_ is doing a lot of legwork here. Often untrue
| for growing startups.
| encoderer wrote:
| It's the _growing_ part that increases the multiple.
| tgma wrote:
| Sure, I was not commenting on the deal per se, but that
| specific argument to compare Alphabet P/E with Wiz
| revenue multiple of Alphabet is a deeply flawed one, and
| is all too common among non-finance people.
| bflesch wrote:
| They advertise "Unified visibility and security across code,
| CI/CD, and cloud environments" - maybe it's google's way to
| siphon off proprietary code from private Azure and AWS
| environments in order to train their AI. Google does not own
| Github, they must be severely lacking in private training
| data.
| freeqaz wrote:
| Imagine you are a company, like Wiz, that is still growing
| fast.
|
| Sure, your valuation could be based on revenue today. But why
| would you sell if you're "worth" $12bn right now, but you'll be
| "worth" 32bn in a few years? Why give up the control?
|
| The only way for a company like Google to buy Wiz is to add a
| premium. Otherwise the company will just say "no".
|
| This literally happened to Figma as well. And there is a
| history of this with companies like Instagram/WhatsApp.
|
| In retrospect, was it stupid for Facebook to acquire
| Instagram/WhatsApp for large premiums?
| xvector wrote:
| The top shareholders might want to cash out and move on to
| their next venture, thus netting more money
| xpe wrote:
| Did you have your conclusion in mind before running your back
| of the envelope calculation? Many people do this much of the
| time. That often results in motivated reasoning.
|
| One way to reduce that tendency is to use multiple POVs of
| analysis. You could phrase it as a question instead: what
| assumptions would you need to change for the valuation to make
| sense?
|
| Other questions: What factors are you not including? / What
| would it take for nepotism to survive scrutiny and how much
| nepotism would be tolerated?
|
| My guess here is there are long-term strategic factors that the
| decision makers weighed heavily. I'd be very interested in
| understanding their world view, since they have much better
| internal visibility of both companies.
| debarshri wrote:
| It is one of the fastest growing companies in the cybersecurity
| space. 6x ARR is quite low for that. 15x is a great deal for
| Google.
|
| I think Wiz accepted 15x because it is all-cash.
|
| The rate at which they are still growing, a series C/D company
| would dream of.
|
| [1] https://www.wiz.io/blog/100m-arr-in-18-months-wiz-becomes-
| th...
| asdfman123 wrote:
| Google's whole business for the last 20 years has been
| buying, growing, and profiting handsomely from acquisitions.
| deepsun wrote:
| Same fears we're very loud when Google bought YouTube. GOOG
| fell 15% because of that IIRC.
| weatherlite wrote:
| > Assume 1,000 customers each generating $2m in ARR with
| contracts. That's $2 billion. Assume generous 6x ARR valuation,
| that's $12 billion.
|
| That's the thing , were any numbers released or are we all just
| gonna speculate here ? What is their growth rate, profit margin
| etc etc ? How do they fit in Google's business, can current Wiz
| clients be upsold on GCP more easily now? Can other clients be
| brought more easily to GCP now that Google has a good (I hope)
| cyber security solution to go with its cloud? Clearly there is
| some strategy going on here that is more than just the ARR of
| Wiz.
|
| As a minor shareholder in GOOG as well I have no freaking idea
| about any of this, I sort of trust that they probably took a
| calculate risk and know what they're doing (and even if this is
| a mistake by 20B, that's not much for a company the size of
| Google).
| jll29 wrote:
| We all know a lot of people frowned when YouTube was
| acquired.
|
| Now we know that was an excellent deal for Google (now
| Alphabet), despite being a long bet.
|
| Good to have top security talent and good cloud security
| tooling if you're in a cloud play.
| wildekek wrote:
| There are always ulterior motives and I've seen personal and
| strategic being the most frequent ones.
| encoderer wrote:
| 6x arr is not a generous multiple for this size of business.
| twakefield wrote:
| There is a correlation analysis in Jamin Ball's "Clouded
| Judgement" substack [1] which shows the correlation between
| next twelve month ("NTM") Revenue Multiples and Revenue Annual
| Growth Rates for public market tech / SaaS stocks.
|
| The current Slope-Intercept is (NTM Revenue Multiple) =
| 36.677*(NTM Rev Growth Rate) + 2.0013. If Wiz is doubling
| revenue (100% Growth Rate) and they are at about $500M of
| revenue today [2], then the multiple according to that
| calculation is ~38.7 X Next Twelve Month Revenue ($1B) or
| $38.7B.
|
| So, the price is in line with the market...or you could argue
| even a discount to it.
|
| [1] https://cloudedjudgement.substack.com/p/clouded-
| judgement-31... [2] https://www.barrons.com/articles/google-
| stock-price-wiz-deal...
| Ancalagon wrote:
| This make's Twitter's acquisition look like an absolute steal by
| comparison.
| cft wrote:
| In the meantime, the products that people used to use are
| decaying. Just today I found out that clicking on the departure
| date, and viewing the round-trip prices, then changing the
| departure date is broken in Google Flights. When Pichai leaves,
| it will be too late.
| hard_times wrote:
| This is one super weird acquisition
| bitlad wrote:
| There is a not-so well known fact about Wiz. Wiz is backed by
| Cyberstart. They are notorious for running a pay to use thing for
| CISOs. TLDR; there is a round about way the CISOs get paid for
| using tools backed by them. Therefore the startups backed by them
| appears to be fast growing.
|
| [1] https://www.bankinfosecurity.com/blogs/cyberstarts- program-
| sparks-debate-over-ethical-boundaries-p-3763
|
| [2] https://www.forbes.com/sites/iainmartin/2024/10/28/this-
| vc-b...
| Zaheer wrote:
| Great article on the genesis of Wiz:
|
| https://www.forbes.com/sites/iainmartin/2024/10/28/this-vc-b...
|
| https://web.archive.org/web/20250312193110/https://www.forbe...
| siliconc0w wrote:
| A good test for the new Trump DOJ to see how much TRUMP coin and
| $5 million dinners at Mar-a-Lago will be needed to get this
| through.
| Wheaties466 wrote:
| I believe this is actually the second time google has tried to
| buy this company too. They had to give them a too good to refuse
| offer.
|
| While it seems like we aren't getting a ton of people who have
| used the product in the comments. I can tell you it checks a lot
| of boxes to make people sleep better at night with customer data
| in the cloud.
| tinyhouse wrote:
| The founder's previous exit in the same space was sold to
| Microsoft for $350. What a steal.
|
| The most amazing thing is that Wiz is a fairly young company.
| Founded in early 2000.
|
| One thing for sure. If this guy ever starts another company, I'm
| sending my resume :)
| smlacy wrote:
| Just think: This company is 5 years old. That's just 1825 days,
| or 43800 hours, and they've created $32B of "value" in that time.
| That's an average rate of almost $750k/hour continuously.
| Incredible.
| kubb wrote:
| Almost... unbelievable.
| tombert wrote:
| I have no idea how these corporate acquisitions are valued.
|
| Craftsman Tools was sold to Black and Decker for $500 Million.
| This was and is a respected tool brand with an international
| presence making physical and tangible products and it is
| apparently worth 1/64th of Wiz.
|
| I'm not even saying Wiz is overvalued, I don't know, I'm just
| not sure how they come up with these numbers.
| jonjojojon wrote:
| Is there lock-in for Wiz customers, besides the quality of the
| product? I understand the crazy revenue growth, fastest to 100m
| ARR, but surely this needs to saturate. Maybe half the fortune
| 500 use Wiz,but can you imagine 100% or even 80%? Who are their
| competitors?
| lrae wrote:
| The biggest competitor is Orca (pretty much the same product)
| and they even accuse Wiz of patent infringement. Trial starts
| in December.
| https://www.calcalistech.com/ctechnews/article/ryjc8dgnr
|
| Being owned by Google probably would help in those regards too
| now.
| odysseus wrote:
| Does this mean the Wiz app is now going to include free person
| category filters for their security cameras? Instead of
| constantly asking you to subscribe
| jimnotgym wrote:
| Can someone tell me what Wiz actually does, I can't make head nor
| tail of it from their website. Cloud security is pretty
| meaningless as a phrase
| 9cb14c1ec0 wrote:
| I dunno which VCs invested in them, but whoever did is headed for
| a very, very big payday.
| heraldgeezer wrote:
| Why is this thread so anti-Semitic all of a sudden? Why so many
| pro pally people on HN? Or Nazis? I'm not sure what at this
| point.
| drukenemo wrote:
| RIP Wiz. Everything that Google puts their hands on, dies within
| years.
| subarctic wrote:
| I take it this isn't Wiz the smart bulb company but some other
| Wiz?
| gregmac wrote:
| Yeah, I was afraid for a second there. I have a few Wiz bulbs
| and was hoping that ecosystem wouldn't suddenly die
| dtquad wrote:
| >The stock was down 13% this year before Tuesday on worries over
| its hefty AI spending against the rise of China's lower-cost
| DeepSeek and a pullback in tech giants that led the market for
| the past two years.
|
| Absurd take. Google is the one AI company that is not completely
| dependent on Nvidia because they now use their own TPU chips for
| both inference and training.
| darylteo wrote:
| I had this confused with Wix
| topherPedersen wrote:
| They should have used that money to buy Perplexity.
| antirez wrote:
| From every angle I try to look at this, it does not make 32B
| sense.
| aussieguy1234 wrote:
| I have a "wiz" app on my phone that controls my lights. When I
| read the headline I initially thought it was about this.
___________________________________________________________________
(page generated 2025-03-18 23:00 UTC)