Google to buy Wiz for $32B

This is wild to me. As someone in security, Wiz is definitely one of the whales.

Thats the kind of a company everyone wants to build in enterprise security.

Incognito unicorns.

There are many companies like these in security space. Another company I can think of is Rubrik. All these large security companies under the radar success.

$350M ARR in less than 5 years. Aiming towards $1B by the end of 2025.

You never heard of them since perhaps your decisions were not in the cycles of their product. Those who are , heard indeed (type of folks who look at Gartner magic quadrants).

You didn't hear about them last time on HN, when it was $23 billion?

My company just started using them and I was part of the due dilligence evaluation of their product. I had never been so impressed with a cloud security provider before I started using their product. Absolutely phenomenal product offering l.

This is an absurd take. There’s nothing stopping anyone from building their own cloud security tools (many have), and unlike the Mafia, Wiz isn’t threatening anyone who doesn’t buy their service. I’m also not aware of any government agency providing any reasonable analog to what these tools provide in the physical world.

Big difference

The mafia charges protection from itself, here the bad actors are out there and wiz help you protect from them.

Wiz selling doors with appropriate locks for your bussines.

You’re stretching here.

Companies hire private physical security all the time. Why is digital security different?

There are other CNAPP solutions. If you do an evaluation you will see why WIZ comes out on top.

It would only be like the Mafia if they launched cyber attacks against your infra if you turned down their services.

Do you think that's what they do,m

> In other words, a job that is traditionally considered to be a basic service of the government is now being privatized by people that nobody knows if we can really trust.

How on earth is it the government's job to protect people's software? It's a mere digital product, not human life or property.

Besides, people also buy padlocks and door locks for safety. Wiz is no different.

1.) What

Military service is compulsory in Israel, so being a former member of 8200 isn't exactly unusual. Given the choice between spending two or three years as deployed infantry, or writing code in an air-conditioned office, I suspect a few of us here would choose the latter.

WTF does that mean?

As a Jew what I think you are trying to ask is: could a Jew in Google have received payment from a Jew in Wiz to make this deal happen? I mean, they all know each other right?

We use them. The product is genuinely great and I hope Google doesn't mess with it.

For us they replaced a bunch of different tools and a hodgepodge of custom scripts and hacks.

For those who have not heard of them - it's basically asset and vulnerability management for absolutely everything you have running in the cloud. This includes stuff running in your k8s clusters, etc. And they do all this without having to manage a fleet of agents on everything and costing you money in resource usage. Not that Wiz is cheap, far from it :(

They built the core CSPM module themselves. And, yes, their customers really do exist and really do love the product. What they particularly liked was the alert fidelity - most other cloud security vendors back when Wiz started required a host agent to provide a similar level of assurance a given alert was real, whereas Wiz would do offline volume scanning.

Just because you aren’t the target market for something doesn’t mean it isn’t real or valuable.

Source: used to compete against them. I no longer have any dog in this fight.

We've been using Wiz at least from Oct22 (And we do things with Wix API too, so the naming creates plenty of confusion). Cloud Engineer with Google Cloud and AWS.

It can scan a lot of stuff and give you pretty interesting insights and alerts.

And do you know what managers like? It creates Jira tickets automatically with all the findings, and they can assign them to people and say they've done their thing. We hate that because tickets appear and disappear magically in hundreds each time Wiz scans, sometimes with no obvious explanations.

But here come some of the bad things:

  - UI/UX: Terrible. It's so difficult and confusing reaching from one place to the other and finding stuff that you had open just instants ago. Slow too. I've seen the security people do nice filters and search queries but it's not intuitive at all.
  - Doesn't support very basic features. For example, in Docker Hub they don't support scanning full organizations or using organizational tokens for scanning individual repositories. They personally told me in our support channel that they were looking into it... in April 2023. Still waiting. (The API is slightly different than a regular Docker Hub public repo but, come on, an enterprise security tool that doesn't support connecting to a Docker Hub org... that's just silly)
  - Closed docs. You can only check the docs if logged in. I hate that and also limits the work with people that's not a Wiz user.
  - Terraform provider:
    It's quite limited, that means you need A LOT of manual work to integrate stuff with their scanners
    It's changelog URL doesn't work, so good luck with knowing when features appear or when you get breaking changes
    No source AFAIK, you just get a binary. Good luck.
  - Pricing. Can't remember the specifics but I hear a lot of complaints about how expensive they are. Also, no public pricing.

> Everyone here saying they've used Wiz for years are huge liars.

I have seen Wiz at AWS re:Invent multiple years in a row, and have seen their product used to good success in multiple companies I've worked with. It's not vaporware, it's a real product that really works and has a place in the cloud/container security space. I don't think anyone is lying here at all. The fact it's /also/ an acquisition vehicle as a path to an exit for the founders is a separate thing.

I’ve been using Wiz for 2-3 years now and the product is

I mean… Hue bulbs are insanely expensive, and Wiz is a much cheaper option. I’ve used their lights since like 2021 and Costco carried them. Does that make me a huge liar?

I can tell you from firsthand experience that people - including people I have personally worked with at large organizations - have absolutely heard of Wiz. Yes, it is a relatively new player, but the people there have been putting out high quality research for years and have also demonstrated a very compelling approach to securing cloud environments. They get a lot of praise, and they've earned it.

Second, I have no idea what you're doing to get Wix results from a search for Wiz. When I search for Wiz, I get a whole bunch of results about Wiz, including links to discussion threads where random people (i.e., not high-rep HN users) also talk about how much they like the product.

Finally, something to consider: would Google actually pay $32B for a company that "nobody has heard of" and doesn't provide any value? Probably not. I would hope not.

P/E is the earnings multiple, not revenue. Your assuming high margins is doing a lot of legwork here. Often untrue for growing startups.

na you're right this would be a dumb move with a huge blow back

Facebook did exactly this with a VPN acquisition. They didn't break into customer data; they just mined it for usage patterns.

So as a pure speculation on Goog's motives, it doesn't sound farfetched enough to call ridiculous. Competitive data is valuable, particularly if you want to strangle the youth in their cradles (or acquire them).

> actually outrageous claim that Google will use this to illegally siphon customer data

Hypothetical question as much as anything: If Google purchases a company and the data the company stores about their customers, is it illegal for them to use this data for whatever they want?

Lets say it would give them an understanding of what features from AWS people tend to use the most, and they use that to improve Google Cloud, would that be illegal?

This is an incredibly useless comment [0]

At least say why you think so and contribute to the conversation a bit.

[0] https://news.ycombinator.com/newsguidelines.html#comments

> Google has the best security.

Care to elaborate?

Having previously used AWS, I would also say that GCP IAM is much better.

Yes, it's a lot less flexible than AWS IAM, but complicated IAM policies with conditions and stuff can be really hard to reason about.

Disclosure: my thoughts are my own.

> Look at the number of times other tech companies get hacked compared to Google.

Your whole post is confusing Security of the Cloud with Security in the Cloud. And conflating GCP with Google but those are just examples of why GCP has such a small market percentage.

To me, the security posture of Android (esp, the Pixels) & Chromium stands out as an outstanding contribution to humanity (given the reach of both those platforms).

> Google got hacked in 2009 by China (I believe that was the first time a major company admitted to being hacked by government).

Do they mind if they're legally "hacked" by a (Western) govt? All that security sophistication couldn't prevent LEAs from owning us all, unfortunately: https://therecord.media/google-refuses-to-deny-it-received-u... / https://archive.vn/mzZtI

I'm slightly baffled by this acquisition but arguing against you actually helps me make some sense of it.

If Google wants to be "the best of the best" at security and some set of potential customers use Wiz as their "best of the best" security, then this is a way to convert those customers to Google.

Consider some org that prioritizes security, like at the board level. They maybe don't really care about the nickel and dime cost of AWS vs. Azure vs. GCP since it comes out to 10s or 100s of millions of opex in the end. What they do care about is the cleanest record possible with respect to security. And Wiz is a key component to their position on security that is communicated to investors - it is a social proof that they are taking security very seriously.

This now becomes a tool for Google when trying to win their business. By degrading the value of Wiz on AWS/Azure/Oracle/Salesforce they are taking away that bullet point on security for a subset of competitors customers. And that may entice some of them to move their entire cloud service to GCP. So whatever revenue they lose on the Wiz side from a dozen or so cancellations they would hope to make up with a few 100 million dollar whales.

I just find it hard to believe that enough whale level cloud compute business will be generated in this way to justify $32b. This is really the best take I have on the acquisition and it feels unsatisfying, as if there is some other decisive information that would provide a justification for such a valuation.

Maybe there is some government mandate coming down the pipeline that isn't very public yet? Some kind of legislation that will force companies to adopt stricter security policies? That could precipitate the kind of changes that would justify this kind of massive valuation.

GCP has been doing more multi cloud stuff lately though: Anthos for K8s in other clouds, BigQuery Omni for bigquery in other clouds

I don't think that makes much sense in business. They want to move customers from competitors and as an underdog you need to provide some migration path. You don't get these kind of system integration freely. Provide your service in competitors to smooth their transition path but keep the latest and best features in GCP. This was the idea of k8s.

that would immediately shed half the value of the company and Google would need to book a huge loss

e.g. half of Fortune 100 use Wiz and I assure you most of them do not use GCP (or do not use only GCP)

This is such an underrated weakness of Google. When I was working at AWS ProServe, we never even took GCP as a serious competitor. Their customer service, acount management and enterprise sales team was so horrendous it was laughable.

I don’t think we even had talking points about why AWS was better than GCP like we did Azure.

Wiz by itself is a great business and public markets will price it accordingly, but Google is able to price it much higher because of its unique position. Wiz + GCP sales team will boost adoption of the main product, a Google branded security tool keeps eyes from looking out, and of course, the ability to move huge amounts of revenue from competitors over to GCP is something only a hyper-scaler can tap. At 36x+ valuation, this is still a great deal for Google.

A lot has happened in the last 56 days that has resulted in significant uncertainty in the stock markets. That, combined with the higher offer, apparently changed the board's mind.

> Wonder what that implies about the larger IPO/exits market

The window is closed and locked. Haven't closed the storm shutters yet.

LOL IPO market is dead for observable future.

When you use a cloud provider to setup a VM, what policies do you apply to it in order to ensure it’s secure?

Wiz and other tools in the same space tell you and tracks compliance across your fleet.

Idk if wiz does this, but their competitors have “compliance packs” which are preset compliance patterns, IE hipaa, finra, etc.

That way you click a button and it tells you every change you need to make to be compliant

Edit: this is all just examples

I thought they made smart lightbulbs (I have some "WiZ" ones installed in fact).

it's a linter for your yaml spaghetti

thank you for asking on behalf of the many of us who are in the same boat.

There are ways around it. If they look into specific customer's usage it is looking at customer data. If they look at more customers it will just be called anonymous analytics.

Then you slice and dice the analytics data to extract what you need in the name of planning & improving the product.

It's pro for Google, not pro for customers.

They don’t need to force people, just make them a very good targeted offer. This is also great for seeing which features their customers use most to help GCP catch up to the competition, too.

It doesn't force them to move, it just gets Google the information about how you use competitors products so they can out negotiate them come deal time.

Wiz itself doesn’t. But Wiz knows what is going on in everyone cloud. That data could be fed to GCP sales team though customers might riot if that happens.

There's no force but Google can now leverage the data from Wiz to target good customers for other services.

It's based on your workload you are using it for basically. So its not a set price.

Revenue and profit are very different. Like, it's easy to pump revenue at a loss.

I don't really see the benefits of this acquisition for Google, but congrats to the Wiz team!

WhatsApp purchase was for that sweet sweet data of everyone's contact lists (this was their original innovation for onboarding — just give us access to your phone book and we'll tell you who else is on WhatsApp). Their earnings were completely irrelevant in price discussions. The billions were paid for the dataset.

Whatsapp when it was acquired cost $1/year (with a year long free trial) and had a billion users and 55 employees. They were printing money.

Just to respond to the Whatsapp part of the comment, apparently Whatsapp made about $1.7 billion in 2024. https://www.businessofapps.com/data/whatsapp-statistics/

Ultimately they are buying the shares of all existing shareholders. Wiz tells Google who the shareholders are after all triggers of options to shares are resolved. Then Google wires each shareholder after the signatures are complete. No money should go into Wiz bank account. 10-25% of the cash is held back to make sure the company and key employees fulfill promises made as part of the transaction.

What if I don't want to pay capital gains?

The press releases say cash deal.

Instagram was roughly 10 people when it got bought and had less than 30M users.

Nobody thought Instagram and WhatsApp were good acquisitions at the time.

This: "But like all bs startups Wiz will fade into irrelevancy 6 months after being acquire"

Some policy is being continued, https://natlawreview.com/article/antitrust-under-trump-initi...

> FTC Chairman Ferguson and Omeed Assefi, Acting Assistant Attorney General of the DOJ’s Antitrust Division, announced on February 18, 2025, that the FTC and DOJ will continue to use the 2023 Merger Guidelines as the framework for their merger review process.

Rump likes to play favorites and use any power at his disposal to hurt his political / personal enemies or people he thinks don't "respect" him enough. He also is a fan of extorting people.

So I wouldn't count on it based on some generic "pro-business" position. Google is going to have to kiss the ring one way or another.

Depends on how many complements Google gives the emperor on his clothes. The DOJ reiterated selling off chrome last week, so it's not off the table.

GOOG is up ~152% since Sundar took over...

I don't know man, iPhones and Macs are really buggy, bloated/full of unnecessary features, and user hostile. Microsoft products are also hot garbage. The cars we get to pay tens of thousands (or even hundreds) are pretty much garbage now. It's not just Google.

>> Growing up in the NYC area this is what I think of when someone says the wiz https://en.wikipedia.org/wiki/The_Wiz_(store)

Growing up in NYC, it is was impossible to not remember the "Nobody Beats the Wiz" jingle

As a fan of British comedy, this is what I think of when I hear wiz: https://en.wiktionary.org/wiki/wiz#Etymology_2

I have 'wiz' lights in my place - home-networked lighting system. Which works. Well. For me....so glad g hasn't acquired them.

In cybersecurity history or the history?

[narrator]: Excellent, until now! Soon, their beloved cloud infra security scanner will to be sucked dry of all the juicy usage data on AWS and Azure customers, bled of its innovation, to be discarded in a few years time...

I like it too. Don't care much for google buying them, it can only end badly.

[flagged]

Wiz is a vehicle created for the purpose of being acquired.

All they ever did was acquire a bunch of companies to be acquired as 1.

Anyone claiming they used their product, they're great, etc. are lying.

What I read is that last year they weren't sure yet if they wanted to go public instead, but the current financial climate isn't good for going public so they went for an acquisition instead.

[flagged]

[flagged]