Head over to our on-demand library to view sessions from VB Transform 2023. Register Here
Cloud technology has changed the data economy. Data is no longer locked in on-premise silos and servers, but traverses through a dynamic patchwork of cloud service providers, apps, APIs and containers. An unchecked vulnerability or misconfiguration in any of these components can leave critical data exposed. That’s why consolidated cloud security is now essential.
It’s a reality few organizations are prepared to confront, with the average organization using six tools to secure the cloud. A number of cybersecurity vendors are looking to address these challenges by offering a more consolidated approach to cloud security.
One such provider is Wiz, which today raised $300 million as part of a Series D funding round. Wiz provides cloud security posture management (CSPM) and a cloud-native application protection platform (CNAPP) designed to enable security teams to monitor cloud services, APIs and containers for vulnerabilities and misconfigurations.
The latest funding round, led by Lightspeed Venture Partners and Greenoaks Capital Partners, brings Wiz’s valuation to $10 billion and makes it the largest cyber-unicorn, highlighting the fact that investors see securing the cloud as the definitive challenge in protecting enterprise data.
VB Transform 2023 On-Demand
Did you miss a session from VB Transform 2023? Register to access the on-demand library for all of our featured sessions.
Consolidating cloud security
Traditional approaches to cybersecurity simply don’t work in decentralized cloud environments. Research from Venafi finds that 81% of organizations experienced a cloud-related security incident in the last 12 months, with 45% suffering at least four incidents.
There are many reasons for the high rate of cloud breaches, from a cloud skills gap to under-resourced security teams. But perhaps the most significant cause is lack of visibility over data assets and exposures. Most organizations simply don’t have the ability to identify vulnerabilities and misconfigurations across the attack surface.
“Cloud is agile and dynamic — this is the reason it enables companies to grow so fast. However, this is also why it is so hard to secure the cloud. It keeps changing,” said Assad Rappaport, cofounder and CEO of Wiz.
“How can you secure data in the cloud, if it can be stored in dozens of services, routed daily to different places and systems? Legacy approaches completely fail to handle the complexity and agility of cloud. Cloud requires a cloud-native approach,” Rappaport said.
Wiz’s answer to securing the cloud is to consolidate CSPM and CNAPP capabilities into a single platform alongside data security posture management, external attack surface management (EASM) and cloud detection and response (CDR). This combination is designed to help organizations augment and streamline their detection and response capabilities for threats across the cloud.
For instance, security teams can continuously scan for misconfigurations across hybrid cloud environments, infrastructure as code (IaC) and containers, and automatically remediate potential exploits that expose data to threat actors.
The platform also provides a security graph that triages and correlates attack paths so that both developer and security teams can understand the cause of a breach and identify how to respond quickly.
A brief look at the CNAPP market
Wiz’s solution falls within the global CNAPP market, which researchers valued at $7.8 billion in 2022 and estimate will reach $19.3 billion by 2027 as more organizations realize their cloud adoption plans.
Prisma Cloud offers real-time inspection of cloud workloads for misconfigurations and vulnerabilities, using machine learning to identify normal baseline activity, and generating alerts to highlight anomalous activity. Palo Alto Networks earned $84.2 million in revenue last quarter.
Another competitor is Lacework, which offers a CNAPP with infrastructure as code (IaC) scanning, runtime vulnerability scanning for workloads, container images, hosts and language libraries, as well as anomaly detection-based threat detection. Lacework is currently valued at $8.3 billion.
Rappaport argues that the key differentiator between Wiz and these solutions is its emphasis on managing risks in real time.
“Wiz has introduced a new approach, one that enables the business to embrace the cloud securely by continuously identifying and reducing the risks that matter. Wiz is rolled out in minutes via an agentless, API-centered approach to seamlessly scan workloads and give full visibility of cloud environments,” Rappaport said.
VentureBeat's mission is to be a digital town square for technical decision-makers to gain knowledge about transformative enterprise technology and transact. Discover our Briefings.