Sacra Logo
View PDF
View Model
Details
Headquarters
New York, NY
CEO
Assaf Rappaport
Website
Home  >  Companies  >  Wiz
Wiz is an enterprise, multi-cloud cybersecurity platform.

Revenue

$396.00M

2024

Valuation

$10.00B

2024

Growth Rate (y/y)

128%

2024

Funding

$900.00M

2024

Revenue

None

Click here for our full dataset with sources for Wiz’s revenue growth, ACV, and ARR per FTE.

Sacra estimates that Wiz is at $396M ARR as of April 2024, up 128% year-over-year, with about 800 customers for an annual contract value of $393K.

Compare to Palo Alto Networks (NYSE: PANW) at $8B ARR, up 20% year-over-year with 85,000 customers ($94K ACV), and CrowdStrike (NASDAQ: CRWD) at $2.6B ARR, up 49% with 23,000 customers ($167K ACV).

Product

None

Wiz is a cloud security platform that provides agentless vulnerability scanning and risk identification across multi-cloud environments. It was originally launched in 2020, founded by Assaf Rappaport (CEO), Yinon Costica, Ami Luttwak, and Roy Reznik.

The company hit $100M ARR in 18 months, faster than any software company in history, by selling their easy-to-use, multi-cloud-native platform for identifying vulnerable attack surfaces into large enterprises with perfect timing—just as COVID forced them to abruptly enact quick transitions to the cloud.

With infra moving to AWS/Azure/GCP and employees communicating over Slack and Zoom, every Chief Information Security Officer (CISOs) had budget to find a cybersecurity solution that worked across everything—Wiz was first-to-market, creating the cloud native application protection platform (CNAPP) category in their image.

The core tech opportunity that the Wiz team identified was that there were various agent-based cybersecurity platforms that required manual deployment into clouds, and there were automatic platforms like Microsoft's that plugged directly into Azure, but there was no simple tool for enterprises to continuously scan for potential vulnerabilities across a multi-cloud environment: AWS, Azure, GCP, and others.

Customers connect Wiz to their cloud environment via API, granting it read-only access to scan for misconfigurations, vulnerabilities, and security risks. Wiz gives them a dashboard with a comprehensive view of their cloud security posture: showing them all of their organization's attack surfaces and surfacing the most critical issues.

Over time, Wiz has expanded from a cloud security posture management (CSPM) tool to a full-fledged cloud native application protection platform (CNAPP). In addition to identifying vulnerabilities and misconfigurations, Wiz now offers capabilities for cloud infrastructure entitlements management (CIEM), Kubernetes security, and secrets management. The platform also integrates with existing security tools and workflows, providing a unified view of an organization's cloud security posture.

Business Model

Wiz is a subscription SaaS company with a usage-based pricing model based on the number of cloud workloads a customer wants to protect across their compute, data, and runtime environments.

Wiz pursued a so-called “suicide plan” to speedrun building a cybersecurity giant—raising $900M, hiring 750 employees, and aggressively going after big, top-down enterprise deals. That plan has largely panned out as of 2024: Wiz has won over companies like Morgan Stanley, Fox, LVMH, with some customers like Salesforce switching to Wiz from Palo Alto Networks for cloud security.

Wiz offers two main product tiers: Wiz Essential and Wiz Advanced. Wiz Essential is designed for earlier-stage organizations, with a focus on providing rapid time-to-value through the core Wiz product of posture management.

Wiz Advanced, targeted at later-stage organizations, includes advanced capabilities such as deep risk analysis and detection and response.

Complementing their core top-down enterprise sales motion, Wiz Essential offers an affordable entry point into the product and letting Wiz acquire customers early in their cloud journey that can then grow from there.

Competition

None

Wiz faces competition from both established cybersecurity vendors and emerging startups in the cloud security space.

Incumbents

In 2022-2023, we saw a wave of CNAPP startups acquired as incumbents fought back against Wiz, from PingSafe (acq. by SentinelOne) to the Israel-based Bionic (acq. by CrowdStrike), Lightspin (acq. by Cisco), and Dig Security (acq. by Palo Alto Networks).

These companies, and particularly Palo Alto Networks, are bundling Wiz-like functionality into their existing platforms and leveraging their revenue scale in pricing, offering their CNAPP for free for two years to retain customers.

Palo Alto Networks, a well-established cybersecurity giant, has made significant investments in cloud security in recent years. Its Prisma Cloud platform offers CSPM, CWPP, and CNAPP capabilities, making it a direct competitor to Wiz. Palo Alto Networks has the advantage of a large existing customer base and deep relationships with enterprises, which it can leverage to cross-sell its cloud security offerings.

However, Wiz's agentless approach and ease of use have allowed it to win customers from Palo Alto Networks, including notable examples like Salesforce.

Orca Security

Orca Security, another Israeli cybersecurity startup, is a direct competitor to Wiz in the CNAPP space. Like Wiz, Orca offers an agentless platform for multi-cloud security and has seen rapid growth, reaching a $1.8 billion valuation in 2021. In July 2023, Orca filed a lawsuit against Wiz, alleging that Wiz had stolen its intellectual property and copied its go-to-market strategy.

The outcome of this lawsuit could have significant implications for the competitive dynamics between the two companies. However, Wiz's early mover advantage and its success in landing large enterprise customers may give it a strong position even in the face of legal challenges.

Thoma Bravo

Private equity firm Thoma Bravo has been actively consolidating the cybersecurity industry, acquiring over 15 companies worth more than $30 billion since 2009. Its portfolio includes notable cloud security players like Barracuda, Sophos, and Veracode. If Thoma Bravo were to merge some of these companies into a single entity, it could create a formidable competitor with a broad range of capabilities.

TAM Expansion

Wiz is in the midst of actively expanding its total addressable market (TAM) by evolving from a cloud security posture management (CSPM) tool (a $4B market) to a comprehensive cloud native application protection platform (CNAPP)—a category which Wiz brought into being, but which is growing increasingly crowded with competitors among both startups and cybersecurity incumbents.

To further expand its capabilities as a CNAPP and compete more directly against incumbents like Palo Alto Networks, Wiz has built and released its own new products as well as making strategic acquisitions, such as Gem Security for threat detection and response and Raftt for runtime security.

By expanding into adjacent areas like cloud infrastructure entitlements management (CIEM), Kubernetes security, and secrets management, Wiz has significantly increased its TAM.

From a go-to-market perspective, Wiz's expanded product capabilities also enable it to increase its average contract value (ACV) and land larger deals. As Wiz moves from a point solution for CSPM to a platform play, it can sell higher-value contracts that encompass multiple security functions. This shift towards larger, more strategic deals is key to sustaining Wiz's rapid growth trajectory.

Disclaimers

This report is for information purposes only and is not to be used or considered as an offer or the solicitation of an offer to sell or to buy or subscribe for securities or other financial instruments. Nothing in this report constitutes investment, legal, accounting or tax advice or a representation that any investment or strategy is suitable or appropriate to your individual circumstances or otherwise constitutes a personal trade recommendation to you.

This research report has been prepared solely by Sacra and should not be considered a product of any person or entity that makes such report available, if any.

Information and opinions presented in the sections of the report were obtained or derived from sources Sacra believes are reliable, but Sacra makes no representation as to their accuracy or completeness. Past performance should not be taken as an indication or guarantee of future performance, and no representation or warranty, express or implied, is made regarding future performance. Information, opinions and estimates contained in this report reflect a determination at its original date of publication by Sacra and are subject to change without notice.

Sacra accepts no liability for loss arising from the use of the material presented in this report, except that this exclusion of liability does not apply to the extent that liability arises under specific statutes or regulations applicable to Sacra. Sacra may have issued, and may in the future issue, other reports that are inconsistent with, and reach different conclusions from, the information presented in this report. Those reports reflect different assumptions, views and analytical methods of the analysts who prepared them and Sacra is under no obligation to ensure that such other reports are brought to the attention of any recipient of this report.

All rights reserved. All material presented in this report, unless specifically indicated otherwise is under copyright to Sacra. Sacra reserves any and all intellectual property rights in the report. All trademarks, service marks and logos used in this report are trademarks or service marks or registered trademarks or service marks of Sacra. Any modification, copying, displaying, distributing, transmitting, publishing, licensing, creating derivative works from, or selling any report is strictly prohibited. None of the material, nor its content, nor any copy of it, may be altered in any way, transmitted to, copied or distributed to any other party, without the prior express written permission of Sacra. Any unauthorized duplication, redistribution or disclosure of this report will result in prosecution.

News