Google to buy Wiz for $32B
950 comments
·March 18, 2025czk
detourdog
I never heard of them until they were purchased for $32 billion.
debarshri
Thats the kind of a company everyone wants to build in enterprise security.
Incognito unicorns.
There are many companies like these in security space. Another company I can think of is Rubrik. All these large security companies under the radar success.
udev4096
Rubrik had pretty bad breaches in the past:
https://www.bleepingcomputer.com/news/security/rubrik-rotate...
https://www.bleepingcomputer.com/news/security/rubrik-confir...
This one is straight up embarrassing:
https://techcrunch.com/2019/01/29/rubrik-data-leak/
> The exposed server wasn’t protected with a password, allowing access to anyone who knew where to find the server.
So much about "zero trust", at this point it's nothing but a marketing term and has lost it's true meaning
1oooqooq
most people here are also in security and still haven't heard.
It's more likely backroom kickbacks (and/or mossad) than invisible unicorn.
ryanSrich
This is wild to me. As someone in security, Wiz is definitely one of the whales.
almosthere
Same here, I guess it's the circles you run. I just went to their homepage and I have no idea what they do. I already have CI/CD, code, etc.. "securing" it seems like, use aws secret stores?
In other words, their webpage is not telling me anything. Companies like these, always feel like instead of having a useful product, they hired useful networks of people to "spread the word" and sell sell sell to your network. Apparently I wasn't in the network. Sorry old and salty.
alberth
It's a whale, but a young whale.
Wiz has only been around for 5-years.
throwaway2037
In your opinion, are they a whale because they make a great product... or just have a great marketing/PR/sales team? I am guessing "great product" because I cannot believe that Google cannot just rebuild it themselves (if not a great product).
belter
It does not make sense. In 2024 Wiz had 10.7% market share. Revenue in the 1,5 to 1,7 Billion but they were not profitable in 2023. Become profitable in 2024 meaning costs are very high.
Also looks like Google is desperate for growth in Cloud and they need to do something.
They are paying as much money as their whole Google Cloud revenue in 2023. Revenue multiple is like 40x times revenue for Wiz. Exceptionally high, even for a high-growth company. Clearly overpaying.
Wiz had nine rounds so massive dilution, and VCs need to recover the money...
marcus0x62
10% market share in security is huge. It is an extremely fragmented market, across almost all product segments.
fuzztester
>It does not make sense
actually, it makes perfect sense. it's just that you (and I) don't have the right perspective.
these giantcos are sitting on Himalayan ranges worth of cash, which is burning a fiery hole in their butts, and they don't know what to do with it.
and they have more cash than sense, even though they always brag about having some of the smartest people in the world, and also have FOMO (to competitors and upstarts).
Facebook buying WhatsApp for 19 billion did not make sense to us laymen either, but it happened.
I was flabbergasted when I read about it. ignorant me.
https://en.m.wikipedia.org/wiki/Himalayas
https://en.m.wikipedia.org/wiki/WhatsApp
go figure (pun intended)
edit: you answered your own doubt about why does not make sense:
>Also looks like Google is desperate for growth in Cloud and they need to do something.
that's what I said, FOMO.
man, if i sold even one of my software products for even a zillionth of such amounts, I would be on Mount Kailash (cloud 9 to you :)
grrr. envy emoji here.
tzury
$350M ARR in less than 5 years. Aiming towards $1B by the end of 2025.
You never heard of them since perhaps your decisions were not in the cycles of their product. Those who are , heard indeed (type of folks who look at Gartner magic quadrants).
null
zifpanachr23
I read their website and there must be something secret they've got cooking behind the scenes cause the valuation makes zero sense to me.
The whole thing reads like all the dozen or so "cloud security" plays out there.
Either I'm missing something big, or their products are outrageously far ahead of all the other similar sounding products out there.
I've been known to roll my eyes at a lot of these sorts of product catalogues in the past though and so I'm definitely biased and not the target audience for their marketing.
Some CIO out there probably really does think that their security problems will finally be over once they purchase another half dozen dashboards click through and look at.
ExoticPearTree
Yeah, the website is not very helpful.
The product though is easy to set up, no friction - like 5 minutes per tenant; and in a few hours you have a really good picture of your security posture with very detailed explanations for every finding.
And the graph… very useful to understand why a finding is marked as high ir critical even though at first glance it does not look like it.
amitport
IMHO you are missing something big...
For Google they are worth 32B, they ARE the Google Security business from now on. They don't even have to be profitable themselves, having this aspect working means google get access to additional enterprise clients and in place they weren't previously present.
Barrin92
>Either I'm missing something big,
I mean, their revenue? They're apparently on track to do a billion this year, growing pretty fast, so 30 billion seems fair enough.
kyawzazaw
You didn't hear about them last time on HN, when it was $23 billion?
ExoticPearTree
We use them and the product is very very nice and very lightweight to set up. Like for a cloud environment it takes about 5 minutes to get it up and running for a tenant.
They add features weekly or faster.
OriginalMrPink
Just curious, what problem do I need to have that they'll solve for me?
x3n0ph3n3
My company just started using them and I was part of the due dilligence evaluation of their product. I had never been so impressed with a cloud security provider before I started using their product. Absolutely phenomenal product offering l.
admiralrohan
I am hearing for first time, I thought Google is buying Wix the website builder and was thinking why!
DeathArrow
>Adallom was founded in 2012 by Assaf Rappaport, Ami Luttwak and Roy Reznik, who are former members of the Israeli Intelligence Corps’ Unit 8200 and alumni of the Talpiot program.
It's interesting that many people working in intelligence found ways to become very successful in business. I wonder what is the reason.
pbiggar
Tight networks largely. THey've invested heavily into having these "assets" in US tech companies, and so pro-Israel folks in the US work hard to acquire them in.
See [1] to see the flow of people. I explain the connections a lot in [2], and [3] is our initiative to work on it.
[1] https://www.instagram.com/p/DAYsSPxpHFP/?img_index=1
[2] https://www.youtube.com/watch?v=LxvaembyMcQ&list=PLjHqnRFDnc...
drdrek
[flagged]
Adverblessly
Military service in Israel is mandatory and the conscription rate in the core "educated" areas is ~90%. Each year, the intelligence corps then gets what is practically* first pick of the best minds of that year (typically kids who are already skilled in programing). They then get to have them for 4-6 years meaning unlike modern employers, they have time and motivation to invest in training them. Then you get the most apt programming minds of a generation spending six years together learning and building connections with each other in core programming and security skills.
Imagine if all the ivy league graduates in the US would be forced to work together for the same company, for free, for 4-6 years. Would you be surprised if suddenly former employees of that company found ways to become very successful in business?
* - Technically they get something like 3rd pick and there's negotiations and it depends on what sort of roles are involved etc. In practice, conscripts have some influence on where they'll go and if you have a choice in any role in the military, you are going to pick "write code in an air-conditioned office" over any other available option.
rubenvanwyk
Intelligence communities tend to pick very smart people who are particularly good at acquiring niche skills and operating under extreme situational uncertainty. I think those are valuable attributes for someone in business.
menaerus
It surely must be exactly that.
elAhmo
Network
CokeFaultSoyuz
Blackmail
stdclass
well you might get downvoted, but its still true, just look what Robert Maxwell did with the PROMIS software. That was also coincidentally Mossad.
hristov
Looks like a payoff to me.
layoric
I swear some tech company acquisitions appear like more expensive art purchases for for when you need to launder larger amounts of money...
Rodmine
You are on to something. It is a company of the chosen.
Nexxxeh
When I read the headline, I assumed the IoT platform and smart light brand, the now Wi-Fi arm of Signify, the smart home people who do (Philips) Hue smart lighting.
badc0ffee
This is the logo I envision in my head when hearing Wiz.
brightball
Didn’t Palo Alto Networks come out of 8200 too?
marcus0x62
The primary founder (Nir Zuk) is a Unit 8200 alumni, as are the founders of Checkpoint and a bunch of other cyber security companies. Nir Zuk is also a US citizen and went out of his way to base PANW in the US, including their hardware manufacturing and software engineering operations.
You'll find former-intelligence blob operators in a great many cyber security companies. Including former American intel employees[0]. Hell, the CIA basically has their own VC fund[1].
Also, there is zero evidence any of these people are currently acting at the behest of their former employers, apart from obviously the CIA venture fund acts at the behest of the CIA.
0 - Robert M Lee https://dragos.com, Keith Alexander (formerly https://ironnet.com,) amongst many others
1 - In Q Tel https://www.iqt.org/
singularity2001
[flagged]
weatherlite
[flagged]
dandellion
From the guidelines:
> Please respond to the strongest plausible interpretation of what someone says, not a weaker one that's easier to criticize. Assume good faith.
arandomusername
in times like this I'm reminded of "every accusation is a confession"
SalmoShalazar
Seems like a disingenuous and cynical reading to me.
pjc50
[flagged]
gnfargbl
Military service is compulsory in Israel, so being a former member of 8200 isn't exactly unusual. Given the choice between spending two or three years as deployed infantry, or writing code in an air-conditioned office, I suspect a few of us here would choose the latter.
hintymad
Yup. And more than that, Israel picks the brightest high-school kids to join their special school that trains intelligence officers. The kids learn advanced STEM and analytics in the school. It's not a coincidence that many of the graduates ended up founding good companies.
wahnfrieden
[flagged]
otterley
WTF does that mean?
monooso
Presumably it's a reference to the fact several of the founders are Unit 8200 alumni, which is part of Israeli intelligence. It's not the same as Mossad, though.
As I understand it, Unit 8200 is the Israeli equivalent of the NSA, and Mossad is their CIA.
belter
Are you aware Wiz’s co-founders were part of Israeli cyber intelligence division known as Unit 8200? The “Israeli NSA”
rrr_oh_man
[flagged]
eitally
Imho, and as a xoogler who's been in Google Cloud's ecosystem the past few years, Google Cloud's three big focus areas have been AI (this is an evolution from their historical focus on data, then also analytics), Distributed Cloud (Anthos++) and security (post the Mandiant acquisition). They'll never be able to compete on base infra, given their late entry into the game, lack of presence in certain markets, and the lock the competition has in some industries (Azure in industrial/mfg, AWS in pharma, etc), and they know that, so they've lately been focused on what they believe they can control. One of those things is the narrative that Google Cloud is the most secure cloud.
It shouldn't be overlooked that acquiring Wiz is also a way for Google to secure a beachhead in half the Fortune 100, many of which are "enemy" territory.
The price is high, but there aren't many options available and Wiz has the advantage of being built on Google Cloud natively, and already have Marketplace integrations completed.
Thorrez
>and security (post the Mandiant acquisition)
As a Googler who works in GCP security, security has been a key differentiator for GCP long before the Mandiant acquisition. Google invented BeyondCorp (a primary driver of Zero Trust). Google helped create security keys (U2F, FIDO, Webauthn), and was I think the first major company to adopt them, both for employees, and for consumers. Google was one of the first major companies to offer a bug bounty, in 2010. Google's Project Zero searching for vulnerabilities in other companies'/organizations' software I think was pretty much unprecedented when it was created. Look at the number of times other tech companies get hacked compared to Google. Google got hacked in 2009 by China (I believe that was the first time a major company admitted to being hacked by government). That was a major turning point. Ever since then it's been "never again".
Disclosure: my thoughts are my own.
belter
> Look at the number of times other tech companies get hacked compared to Google.
Your whole post is confusing Security of the Cloud with Security in the Cloud. And conflating GCP with Google but those are just examples of why GCP has such a small market percentage.
Thorrez
The security of GCP rests on the security of Google. If Google gets hacked, GCP customers are not secure.
Additionally:
Google offers BeyondCorp products as GCP products. A big example is IAP. Do AWS and Azure offer something like IAP? If so, I think they were created in response to IAP.
Another Google/GCP security product related to zero trust is Chrome Enterprise Premium: https://cloud.google.com/blog/products/identity-security/int... .
Another innovative GCP security product is VPC Service Controls. Do AWS and Azure offer something like that? If so, I think they were created in response to VPC Service Controls.
Security keys: I mentioned in my previous comment how they're used by consumers (that includes GCP customers). GCP is making MFA mandatory this year: https://cloud.google.com/blog/products/identity-security/man...
Bug bounties protect GCP customers by making sure GCP products don't have vulnerabilities.
Project Zero protects GCP customers by finding vulnerabilities in products that GCP customers use (although it also finds vulnerabilities in products that AWS and Azure customers use).
When Microsoft got hacked by China in 2023, China stole Microsoft's signing key, and used it to mint tokens to impersonate Azure AD users of Microsoft customers. That's relevant to security in the Cloud.
GCP products are also recognized for security:
https://cloud.google.com/resources/forrester-unstructured-da...
https://www.varonis.com/blog/forrester-wave-data-security-pl...
https://cloud.google.com/blog/products/infrastructure-modern...
https://cloud.google.com/blog/products/identity-security/goo...
https://www.teradata.com/press-releases/2020/forrester-2020-...
jopsen
Having previously used AWS, I would also say that GCP IAM is much better.
Yes, it's a lot less flexible than AWS IAM, but complicated IAM policies with conditions and stuff can be really hard to reason about.
Disclosure: my thoughts are my own.
cyberax
The best way to use AWS IAM policies is to not use them at all.
AWS allows to use multiple accounts easily, and accounts are (by default) completely isolated from each other. That's actually how services work internally at AWS, it's not uncommon for a service to have hundreds of AWS accounts (one for each region multipled by the number of environments).
It's not so easy with GCP.
bfeynman
That is insane. AWS has more complicated policies, GCP literally lacks ability to even have easy security posture in many cases.
eranation
Adding to it: deps.dev, osv.dev, SLSA (all are either free or fully open source) Google has been great contributor to the AppSec and Software Supply Chain community. I just pray daily that the “google graveyard” curse doesn’t touch these important projects.
shalmanese
> (I believe that was the first time a major company admitted to being hacked by government). That was a major turning point. Ever since then it's been "never again".
There was one other time Google was hacked by a major government that also spurred massive internal security posture changes! https://en.wikipedia.org/wiki/Snowden_effect#Tech_industry
karencarits
I think this is also a good argument for why it is beneficial for society that Chrome stays in Alphabet; Google is good at some things and bad at some things - that people have access to a reasonably safe browser for free should not be underestimated
ignoramous
To me, the security posture of Android (esp, the Pixels) & Chromium stands out as an outstanding contribution to humanity (given the reach of both those platforms).
> Google got hacked in 2009 by China (I believe that was the first time a major company admitted to being hacked by government).
Do they mind if they're legally "hacked" by a (Western) govt? All that security sophistication couldn't prevent LEAs from owning us all, unfortunately: https://therecord.media/google-refuses-to-deny-it-received-u... / https://archive.vn/mzZtI
darthwalsh
I thought your link would be
https://www.bbc.com/news/world-us-canada-24751821 > Snowden leaks: Google 'outraged' at alleged NSA hacking
ExoticPearTree
As a GCP user, my view is that Google does Googly things and hopes others will use them. And if not enough people don’t buy into whatever Google builds because it is built by Google, they will cancel it.
underdeserver
These are all Google things. How do I benefit from them as a GCP customer?
Thorrez
See my reply here: https://news.ycombinator.com/item?id=43399981
belter
> a way for Google to secure a beachhead in half the Fortune 100
If that is their objective, they will fail again, since this is the land of good account management. Being able to call somebody on the phone if required. Something AWS excels on, Microsoft a little bit, while Google is rumored to have humans working there, but they are rarely seen.
fastest963
We have a relatively modest commit with GCP, around $1M a year, and have a dedicated account rep who I can contact whenever I need to. In fact, we've had a similar relationship even when we were half the size.
belter
And did you ever had the need to escalate something? : https://www.reddit.com/r/googlecloud/comments/1ey0rx8/gcp_su...
amputect
Google simply does not have a culture of giving a shit about people's experiences with their product. If you are having a problem you better either have that problem so frequently and severely that it shows up on whatever monitoring system they're using to evaluate release health, or you better get comfortable with it for the long haul.
VirusNewbie
I previously worked for a startup that used GCP with a less than 7 figure spend each year and we had no problems talking to people at Google.
belter
An experience not shared by others: https://www.reddit.com/r/googlecloud/comments/1ey0rx8/gcp_su...
scarface_74
This is such an underrated weakness of Google. When I was working at AWS ProServe, we never even took GCP as a serious competitor. Their customer service, acount management and enterprise sales team was so horrendous it was laughable.
I don’t think we even had talking points about why AWS was better than GCP like we did Azure.
ABS
what drives me mad is that it's not even underrated! everyone knows, everyone has been talking (and complaning) about this for something like 15 years!
I personally know of 2 big GCP customers who, over the years, left GCP because of this and the impact it had in critical situations. This very feedback was given in both cases to people considerably high up on GCP's ladder and... nothing's ever changed.
I'm sure plenty other big migrations off GCP provided the same feedback, to no avail.
When Diane Greene first and then Thomas Kurian became Google Cloud CEOs people thought that finally, due to their previous experiences in very Enterprise-aggressive companies, they would improve massively on that front.
Did they improve the situation? a bit. Massively? bringing GCP finally on-par with anyone else (not better than anyone else, just... the same)? nope, not even close.
chairmansteve
Yep. That is top of my list when choosing a cloud provider.
VirusNewbie
Why do you think some of the largest companies are using GCP though? If there customer support is really that atrocious, what is the explanation?
hadlock
Inertia
mrweasel
I can't help feel like this will be rolled into GCP and quickly lose support for Azure and AWS and then just die. That's a lot of money to spend to kill off a business.
arccy
GCP has been doing more multi cloud stuff lately though: Anthos for K8s in other clouds, BigQuery Omni for bigquery in other clouds
glenngillen
They even had a whole campaign recently (maybe reInvent?) that said something to the effect of “we know we’re you’re second cloud”
klooney
I rolled out their "workloads for AWS" stuff recently, it was pretty slick to be able to have AWS IAM roles just translate to GCP roles. You don't have to run your own CA like you do for AWS Anywhere.
zoogeny
I'm slightly baffled by this acquisition but arguing against you actually helps me make some sense of it.
If Google wants to be "the best of the best" at security and some set of potential customers use Wiz as their "best of the best" security, then this is a way to convert those customers to Google.
Consider some org that prioritizes security, like at the board level. They maybe don't really care about the nickel and dime cost of AWS vs. Azure vs. GCP since it comes out to 10s or 100s of millions of opex in the end. What they do care about is the cleanest record possible with respect to security. And Wiz is a key component to their position on security that is communicated to investors - it is a social proof that they are taking security very seriously.
This now becomes a tool for Google when trying to win their business. By degrading the value of Wiz on AWS/Azure/Oracle/Salesforce they are taking away that bullet point on security for a subset of competitors customers. And that may entice some of them to move their entire cloud service to GCP. So whatever revenue they lose on the Wiz side from a dozen or so cancellations they would hope to make up with a few 100 million dollar whales.
I just find it hard to believe that enough whale level cloud compute business will be generated in this way to justify $32b. This is really the best take I have on the acquisition and it feels unsatisfying, as if there is some other decisive information that would provide a justification for such a valuation.
Maybe there is some government mandate coming down the pipeline that isn't very public yet? Some kind of legislation that will force companies to adopt stricter security policies? That could precipitate the kind of changes that would justify this kind of massive valuation.
ExoticPearTree
Customers will not start using GCP more instead of AWS for example just because Google owns Wiz.
Degrading Wiz capabilities on AWS/Azure/etc will not drive more customers to Googke. CSPM and cloud workloads don’t go hand in hand. What will happen is that other companies will capture the market share left by Google. Will the offerings be less then Wiz quality-wise? Sure, but it will be way cheaper than moving to GCP.
The best option will be to leave Wiz as it is - standalone.
ABS
that would immediately shed half the value of the company and Google would need to book a huge loss
e.g. half of Fortune 100 use Wiz and I assure you most of them do not use GCP (or do not use only GCP)
Miraste
That hasn't stopped them before. Fitbit and Nest, for example. Granted, this is an order of magnitude more money to waste. Maybe they'll come up with a better strategy this time.
VirusNewbie
I would think the majority of f100 is multi cloud and absolutely uses GCP for at least some workloads.
Keyframe
half of Fortune 100 use Wiz
gonna need a citation on that. All I could find was their own quotes.
summerlight
I don't think that makes much sense in business. They want to move customers from competitors and as an underdog you need to provide some migration path. You don't get these kind of system integration freely. Provide your service in competitors to smooth their transition path but keep the latest and best features in GCP. This was the idea of k8s.
kccqzy
Even before the Mandiant acquisition they integrated Chronicle into Cloud. It's clear that they were focusing on security very early on.
dinobones
This makes no sense.
Assume 1,000 customers each generating $2m in ARR with contracts. That’s $2 billion. Assume generous 6x ARR valuation, that’s $12 billion.
Where is this $20 billion premium coming from? How could the board approve this? How is this fair to shareholders?
Heck, as a minor shareholder in GOOG, I don’t find this financially responsible at all.
I can’t help but think sometimes these tech acquisitions have some hint of nepotism/deeper underlying motivations behind them than meets the eye.
debarshri
It is one of the fastest growing companies in the cybersecurity space. 6x ARR is quite low for that. 15x is a great deal for Google.
I think Wiz accepted 15x because it is all-cash.
The rate at which they are still growing, a series C/D company would dream of.
[1] https://www.wiz.io/blog/100m-arr-in-18-months-wiz-becomes-th...
csomar
Except their ARR is $500m and not $2bn. So that's x60?
asdfman123
Google's whole business for the last 20 years has been buying, growing, and profiting handsomely from acquisitions.
epolanski
And Apple on an almost 20 years old product, and Microsoft through its enterprise users, like 2 decades ago...Think about it Nvidia in 20 years is still just doing just very fast matrix calculations and idk Toyota is still making hybrids.
This assumption that a tech company is going to keep reinventing or inventing new wheels all the time has very little evidence in human history, while the opposite one, the many great tales of that super company that did so many great things and then is far more common.
The only exceptions are...academic? And that's because innovation and moving the field IS the role of research and academy, not companies returning earnings to investors.
rockmeamedee
Fastest growing but because they participated in a pay-for-play kickback scheme [1][2]?
So that number isn't really signal. Now that they're not paying CISOs to adopt the product they're not going to be growing as fast.
[1] https://www.bankinfosecurity.com/blogs/cyberstarts-program-s... [2] https://www.calcalistech.com/ctechnews/article/b1a1jn00hc
twakefield
There is a correlation analysis in Jamin Ball's "Clouded Judgement" substack [1] which shows the correlation between next twelve month ("NTM") Revenue Multiples and Revenue Annual Growth Rates for public market tech / SaaS stocks.
The current Slope-Intercept is (NTM Revenue Multiple) = 36.677*(NTM Rev Growth Rate) + 2.0013. If Wiz is doubling revenue (100% Growth Rate) and they are at about $500M of revenue today [2], then the multiple according to that calculation is ~38.7 X Next Twelve Month Revenue ($1B) or $38.7B.
So, the price is in line with the market...or you could argue even a discount to it.
[1] https://cloudedjudgement.substack.com/p/clouded-judgement-31... [2] https://www.barrons.com/articles/google-stock-price-wiz-deal...
weatherlite
> Assume 1,000 customers each generating $2m in ARR with contracts. That’s $2 billion. Assume generous 6x ARR valuation, that’s $12 billion.
That's the thing , were any numbers released or are we all just gonna speculate here ? What is their growth rate, profit margin etc etc ? How do they fit in Google's business, can current Wiz clients be upsold on GCP more easily now? Can other clients be brought more easily to GCP now that Google has a good (I hope) cyber security solution to go with its cloud? Clearly there is some strategy going on here that is more than just the ARR of Wiz.
As a minor shareholder in GOOG as well I have no freaking idea about any of this, I sort of trust that they probably took a calculate risk and know what they're doing (and even if this is a mistake by 20B, that's not much for a company the size of Google).
jll29
We all know a lot of people frowned when YouTube was acquired.
Now we know that was an excellent deal for Google (now Alphabet), despite being a long bet.
Good to have top security talent and good cloud security tooling if you're in a cloud play.
epolanski
It makes more sense if you think about how 2006 looked like: - the only way to money in 2006 was advertising and the idea of advertising in internet videos was borderline crazy (remember when internet was tv but without ads?)
- it was just one of many potential interesting players. To think it could've been Vimeo, but the founders cared more about their main project: collegehumor
croes
What about the other companies Google acquired?
csomar
According to a few articles (and Reuters) it is $500m/year
yakkomajuri
Well 500m/year when they last raised in mid-2024. There are hints as to their growth rate from their post about their 100m ARR milestone [1] and thus one knows they went from 100m to 500m in two years (mid 2022 to mid 2024).
They're thus probably higher than 500m now although the multiple still seems really high to me. But what do I know.
[1] https://www.wiz.io/blog/100m-arr-in-18-months-wiz-becomes-th...
xpe
Did you have your conclusion in mind before running your back of the envelope calculation? Many people do this much of the time. That often results in motivated reasoning.
One way to reduce that tendency is to use multiple POVs of analysis. You could phrase it as a question instead: what assumptions would you need to change for the valuation to make sense?
Other questions: What factors are you not including? / What would it take for nepotism to survive scrutiny and how much nepotism would be tolerated?
My guess here is there are long-term strategic factors that the decision makers weighed heavily. I’d be very interested in understanding their world view, since they have much better internal visibility of both companies.
i_play_stax
Tin foil hat time, Google regularly complies with LEO. It's often joked they are an unofficial intelligence agency; peers being CIA, NSA, FBI, etc. Wiz is a foreign-owned company with a detailed vulnerability map of more than 50% of the Fortune 100. It can be argued this is a matter of national security, and not simply business.
perlgeek
I don't think Google is buying Wiz because they hope that revenue from Wiz will make it worth their money.
They surely expect some kind of strategic advantage from that, probably something to do with security of their own infrastructure, or maybe competitive advantage for gaining government or gov-adjacent contracts, or maybe they were afraid that Microsoft or Amazon could buy it and hurt their existing business.
h4ck_th3_pl4n3t
Cyber warfare and cyber defense cannot be measured in money easily.
Take a look at other Unit 8200 startups, or even Palantir. Palantir is much much much more worth than what they are on paper, especially with their Lavender AI involvements.
Cyber strategies have become so critical that it's a race between nations right now. The leading ones being Russia, Iran, China, North Korea and the US (while the US is heavily losing control, just in terms of malware and campaigns). Stuxnet forced the hands of the other nations, and they invested fully in Cyber eversince.
Taek
How is 6x generous? Alphabet's P/E is 23. That means $2 billion rev implies $46b valuation (assuming high margins)
These deals always have more than meets the eye. Google wouldn't acquire revenue at a fair market price just for revenue's sake - there's some reason they expect to get value beyond the revenue.
That doesn't mean its nepotism. It could be that they think they can triple revenue per customer with some synergy. Or any number of a large set of other possibilities.
If you want to understand this type of transaction better, you can read a book on M&A
tgma
P/E is the earnings multiple, not revenue. Your assuming high margins is doing a lot of legwork here. Often untrue for growing startups.
null
encoderer
It’s the growing part that increases the multiple.
bflesch
They advertise "Unified visibility and security across code, CI/CD, and cloud environments" - maybe it's google's way to siphon off proprietary code from private Azure and AWS environments in order to train their AI. Google does not own Github, they must be severely lacking in private training data.
film42
I'm surprised this acquisition didn't happen sooner. The first time I used Wiz I knew a big cloud provider would be snatching them up at some point. Why? Because every enterprise that decides to use cloud providers then needs to find someone to keep that cloud environment safe.
But also, and may more important, you get to see everyones cloud usage, across all providers, with a high level of permissions. Said differently, Google can now target customers with massive spend across other cloud providers and work to migrate them to GCP, at a price that's just cheap enough to over come the switching cost.
neom
If you'd be so kind for those of us that haven't touched cloud in 5/10 years, what is Wiz? from reading the google announcement: solving the supply chain hybrid cloud security issues? I could google I know but you seem to know what you are talking about, so if you'd be so kind. :)
Atotalnoob
When you use a cloud provider to setup a VM, what policies do you apply to it in order to ensure it’s secure?
Wiz and other tools in the same space tell you and tracks compliance across your fleet.
Idk if wiz does this, but their competitors have “compliance packs” which are preset compliance patterns, IE hipaa, finra, etc.
That way you click a button and it tells you every change you need to make to be compliant
Edit: this is all just examples
allturtles
I don't know anything about cloud VMs, but I'm confused about how this is possible. Wouldn't determining whether you are HIPAA complaint depend on auditing all kinds of application details about how information flows through the system and how authentication and authorization are done? How could this be validated statically by looking at cloud VM config? Is Wiz doing some kind of AI magic over your whole codebase?
I am sure I am misunderstanding something, but I'm not sure what.
neom
Figures. Crazy how badly I midsized this problem. When I was working on a cloud provider I suspected this would be a big problem space for building in, but I thought it was in the low billions, I was thinking (I guess stupidly) that the clouds and tools around them would be kind enough to create a lot of standardization so as at least this stuff wasn't junk. I get wanting to create a bit of friction, but thought "this is a bad place to make high friction". I guess it's pretty bad given the size of this acquisition? Or GCP just wants surface area data on other cloud providers (I presume this would aid in that, but I don't know)?
Aeolun
You are telling me it’s a huge excel sheet with all my cloud resources (some colored red) in?
jms703
But...don't these companies already have cloud security engineers on their payrolls?
/s
SSLy
it's a linter for your yaml spaghetti
Tuna-Fish
And reason they can get recurring revenue for what is indeed basically a linter, is that what it lints your configuration files against is not just best practices but also regulatory compliance. And that gets hairy enough and changes often enough that it's usually worth it to pay for it to be someone else's headache.
theamk
That's just one part.
The real value is it's linter for _any_ cloud config - you can use terraform or cloudformation or just click around in user interface, and Wiz's rules would still work.
bigfatfrock
^ Poetry! If only we had linters for all the yaml spaghetti out there in ops land.
JKCalhoun
I thought they made smart lightbulbs (I have some "WiZ" ones installed in fact).
Kipters
I was worried it was that WiZ, luckily it's not Their bulbs are one of the few WiFi bulbs that don't require an app to operate (only for the initial configuration)
swyx
thank you for asking on behalf of the many of us who are in the same boat.
rakkhi
If you don't mind a short blog post I run though the capabilities of something like Wiz: https://rakkhi.substack.com/p/choosing-the-best-cloud-native...
light_triad
It was going to happen last year but Wiz said they wanted to IPO. Wonder what that implies about the larger IPO/exits market.
Here's the letter sent by the CEO Assaf Rappaport to his team at the time (2024):
"Wizards,
I know the last week has been intense, with the buzz about a potential acquisition. While we are flattered by offers we have received, we have chosen to continue on our path to building Wiz.
Let me cut to the chase: our next milestones are $1 billion in ARR and an IPO.
Saying no to such humbling offers is tough, but with our exceptional team, I feel confident in making that choice."
https://techcrunch.com/2024/07/22/wiz-walks-away-from-google...
film42
Wiz by itself is a great business and public markets will price it accordingly, but Google is able to price it much higher because of its unique position. Wiz + GCP sales team will boost adoption of the main product, a Google branded security tool keeps eyes from looking out, and of course, the ability to move huge amounts of revenue from competitors over to GCP is something only a hyper-scaler can tap. At 36x+ valuation, this is still a great deal for Google.
otterley
On what are you basing your opinion that this is a "great deal"? Google is going to have to earn close to $100B in profit attributable to this acquisition over the next 10 years in order to financially justify it.
otterley
A lot has happened in the last 56 days that has resulted in significant uncertainty in the stock markets. That, combined with the higher offer, apparently changed the board's mind.
dehrmann
> Wonder what that implies about the larger IPO/exits market
The window is closed and locked. Haven't closed the storm shutters yet.
varjag
LOL IPO market is dead for observable future.
happyopossum
> But also, and may more important, you get to see everyones cloud usage, across all providers
Yeah - that’s not likely to happen. Even the current in-house developed multi-cloud security stuff Google has doesn’t let internal people see customer data. It’s right there in the T&Cs they publish and agree to.
I suppose they could be violating them in egregious ways, but that wouldn’t last long before one or more of the 170,000 employees got upset and went all whistleblower, which would lead to billions of dollars in lawsuits.
devsda
There are ways around it. If they look into specific customer's usage it is looking at customer data. If they look at more customers it will just be called anonymous analytics.
Then you slice and dice the analytics data to extract what you need in the name of planning & improving the product.
yujzgzc
For a truly multi cloud customer, your second point switches from being a pro to being a con as soon as Google owns it. Why would you give one of your cloud vendors visibility over your footprint across their competition?
theamk
It's pro for Google, not pro for customers.
byteknight
How on earth does buying Wiz force other developers to move? I think the tinfoil is too tight.
acdha
They don’t need to force people, just make them a very good targeted offer. This is also great for seeing which features their customers use most to help GCP catch up to the competition, too.
stevenAthompson
It doesn't force them to move, it just gets Google the information about how you use competitors products so they can out negotiate them come deal time.
stackskipton
Wiz itself doesn’t. But Wiz knows what is going on in everyone cloud. That data could be fed to GCP sales team though customers might riot if that happens.
creaghpatr
>That data could be fed to GCP sales team though customers might riot if that happens
Large enterprises don't sign the stock terms and conditions that would enable this, most do or should have legal teams redlining contracts around how cloud data is accessed and used by vendors. Maybe Wiz is so good they would agree to it, but it would get challenged and negotiated during the sales cycle.
disgruntledphd2
There's no force but Google can now leverage the data from Wiz to target good customers for other services.
savanaly
How is this not a good thing for everyone involved? Or am I wrong for reading the comment in a tone that I perceived to be critical?
alberth
So is Wiz just a CASB?
(Cloud Access Security Broker)
warkdarrior
Wiz is a CNAPP provider. (Cloud Native App Protection Platform)
Cthulhu_
They wanted it to happen last year, but Wiz wasn't sure yet whether they would want to go public instead.
belter
If you know the Cloud market you know nobody is moving to GCP :-)
majestik
This deal isn't about security, it's about data.
Google already have one of the best security teams in the industry - Project Zero [0]. They don't need Wiz's "enterprise" expertise for security.
This deal is about DATA. Wiz, as a cybersecurity vendor, have full remote access to their customers cloud compute storage (EC2 EBS volumes, etc) in the name of "security scanning" - this is actually part of their unique selling point - "agent-less scanning" which is unlike traditional security tools that require an agent installed in the OS. Instead, Wiz is able to just clone your full data volume and scan it locally in their cloud accounts/VPC.
With this deal Google has bought a ton of confidential data from Wiz's customers without their explicit knowledge or approval, and they will use it to improve Google's AI models like Gemini and probably several other products.
A year ago Google struck a $60M/yr deal with Reddit to exclusively license their content [1] for the same reason, and that data is probably much smaller and less valuable than the data Wiz has access to from their customers, which include companies like Morgan Stanley, DocuSign, Slack, Plaid, and others. [2]
Sources:
0: https://googleprojectzero.blogspot.com
1: https://www.reuters.com/technology/reddit-ai-content-licensi...
laweijfmvo
I find it hard to believe (or maybe I don’t want to believe) that this could ever happen? Even if Wiz has T&C’s that allow full access to clients’ data, and even if the T&C allow some sort of “use” of that data that includes training an LLM, surely you can’t release an AI trained on private information to the public? You can’t have Gemini spitting out internal/private/confidential information?
Am I just naive?
bilater
na you're right this would be a dumb move with a huge blow back
nerdponx
It's only dumb if they get caught doing it. If they do it once and keep it quiet and then someone finds out 2 years later, it's going to be a footnote in history.
Izikiel43
I'm guessing you would be the same guy who wouldn't torrent millions of books and copyrighted works to train your LLM. Zuck can afford not to care about that pesky detail
You are not naive, you are not considering that at certain scales, your concerns are the cost of doing business.
Nimitz14
Not the same thing at all. Corporations care about their data a lot and would cancel deals over this. Noone cares if some authors get upset, they have no leverage. Disappointing how people will make confident statements while being so clearly clueless.
breppp
So many sources yet no source of the actually outrageous claim that Google will use this to illegally siphon customer data
maybe this deal is about a company with a lot of revenue in an area google is heavily investing in: cloud security?
billjings
Facebook did exactly this with a VPN acquisition. They didn't break into customer data; they just mined it for usage patterns.
So as a pure speculation on Goog's motives, it doesn't sound farfetched enough to call ridiculous. Competitive data is valuable, particularly if you want to strangle the youth in their cradles (or acquire them).
breppp
google is not facebook, and an ad-supported consumer software is not cloud. OP talked about AI training which is a bit more than metadata
also, the vpn example ended in court
diggan
> actually outrageous claim that Google will use this to illegally siphon customer data
Hypothetical question as much as anything: If Google purchases a company and the data the company stores about their customers, is it illegal for them to use this data for whatever they want?
Lets say it would give them an understanding of what features from AWS people tend to use the most, and they use that to improve Google Cloud, would that be illegal?
breppp
yes, due to privacy and contract obligations
as well as this is the surest way for GCP to spectacularly commit suicide
null
danielmarkbruce
This is an incredibly stupid take on the deal.
petargyurov
This is an incredibly useless comment [0]
At least say why you think so and contribute to the conversation a bit.
[0] https://news.ycombinator.com/newsguidelines.html#comments
HDThoreaun
theres no need to wrestle with pigs
danielmarkbruce
The comment effectively says "wake up to yourself, this nonsense isn't welcome".
Some things are self evidently stupid, cynical and/or disingenuous to anyone with a modicum of intelligence and a cursory understanding of the field.
Use your hall monitoring energy to add value. The type of post I call out here reduces the value of the forum.
marcus0x62
Google isn’t buying Wiz for “security expertise”, they’re buying Wiz for a security product, in a growth area, that customers absolutely love. You’ve provided no evidence for the conspiracy theory that google is buying Wiz to siphon up a bunch of data, and if you’re going to link to Wiz, maybe link to their public list of security certifications, many of which prohibit the type of data harvesting you are suggesting.
tasuki
"Trust" screams insecurity. Security is in the direction of trustless rather than requiring trust. Do you trust companies which say front and center "you can trust us"?
Wiz is a "security product"? Security isn't something you can buy and bolt on to your systems as an afterthought. It doesn't work like that!
marcus0x62
I’m honestly not sure what your point, if any, is.
megous
I trust open source code I can see and compile and control. :)
How is "trusting wiz" (trusting some icons on website controlled by wiz leading to publicly inaccessible reports, half of which are done by a single company somewhere in Florida) related to what Google might do with it after aquisition?
marcus0x62
That’s great. For you. Most businesses don’t have the ability or desire to build every single security tool they use in-house or use open source for everything. So they buy commercial tools. Which are audited by third parties to give the companies that use the commercial tools some idea of how their data will be used.
If google wants to maintain those audit findings, which they’ll need to do to keep most of their customers, that’s going to limit the kind of data collection they can do. Unless, of course, you want to propose a new conspiracy theory (which I guess would be par for the course in this thread) that Google is going to lie to their auditors to get at that sweet, sweet data (most of which they already have for their GCP customers and don’t need to buy Wiz to obtain.)
eranation
I believe you are right in the direction, but wrong on the details. Yes they will now have tons of otherwise inaccessible data about how Wiz customer use GCP’s competitors (AWS/Azure), eg what workloads, how much they pay, how many EC2 / EKS / ECS / RDS / S3 / SageMaker are actually used and how much they pay. This is by itself highly valuable financial information, that any company would love to have about their direct competition.
I highly doubt Google or Wiz have a legal avenue that allows them to use customer data beyond fulfilling their product needs. Products like Wiz (voluntarily) go through security audits and certifications, from SOC2 type 2 to FedRamp. Also enterprise customers actually do read T&C (their legal team does at least) and having terms and conditions that allow you to train models on customer data without their consent is not going to fly under the radar for long.
nolist_policy
Google has the best security. But it is hard to market real security (as oposed to snake-oil), so maybe this acquisition will help.
johnisgood
> Google has the best security.
Care to elaborate?
nolist_policy
Google was owned pretty hard in 2009 (Operation Aurora). Following that they put security front and center in a way that few other vendors do.
You can read my praise of ChromeOS here: https://news.ycombinator.com/item?id=41178525
To add a few, Chrome was the first browser to introduce process isolation: Every browser tab, every site (second-level domain) and every iframe runs in its own sandboxed process.
With that it's the only end-user software (alongside the other browsers) that actually is secure against Spectre and Meltdown. Operating systems only protect against Specre/Meltdown leaks between processes.
Google invented Certificate Transparency and Chrome enforces CT since years. Firefox added CT enforcement only a few days ago.
CT solves the following: For example, if a rouge Chinese Certificate Authority decides to issue a cert for google.com to the Chinese government for Man-in-the-Middle attacks, CT blows their coverand makes it known to everyone that the CA issued a fraudlent cert.
qwertox
Project Zero is about finding security issues, not about developing products to increase security.
czk
Using private data to train a public LLM seems like a huge liability that Google's legal team would never approve. I could see them using the data for all sorts of kinds of analytics though. I heard Google deals in those a lot.
kmfrk
Rejecting a $23B offer to get $32B less than a year later doesn't sound half bad.
https://www.theverge.com/2024/7/23/24204198/google-wiz-acqui...
phendrenad2
I was trying to figure out where the deja vu was coming from. This explains it!
dcchambers
Google's M&A team: Oops we switched the 2 and 3 on that offer document, let's fix it and try again.
Sohcahtoa82
Jimmy switched the numbers!
walterbell
Customer feedback (2024), https://old.reddit.com/r/cybersecurity/comments/1c1s9r2/wiz_...
> Wiz combines a graph search for asset management with agentless vuln and malware scanning that clones EBS volumes and scans them on their infrastructure. That's a great combo for vuln management, but has some downsides like delays between scans and cloud costs. They have a sensor with solid detection rules, and are okay at a bunch of other stuff like cloud log threat detection and sensitive data detection. They've basically pushed what you can do without an agent to the limit.
VC approach to enterprise sales, https://www.calcalistech.com/ctechnews/article/b1a1jn00hc & https://news.ycombinator.com/item?id=41042462
> [Cyberstarts] shows an internal rate of return of more than 100%, an unusual figure even for the best funds in the world.. The first sales come from the loyal CISOs who work with the fund.. Ra'anan offers [CISOs] the big dream of the world of employees - shares in a venture capital fund.. all funds that specialize in cyber go after CISOs and entice them with dinners, conferences, and some also offer them holdings in the fund. However.. he perfected it to a completely different level.. No CISO has ever received compensation for purchasing products.. They receive 4% of the success fees of the general partner (GP) in the fund.
g8oz
Isn't this a roundabout kickback scheme?
walterbell
Discussed last year in the linked HN subthread.
ChicagoBoy11
I'm marginally in the IT space... Is there anything to my reaction that at least in dollar terms this is a multiple of the dollar amount of what Whatsapp was acquired back in the day, which was a large consumer facing product that I could see was quite literally taking over messaging all over the world, and this is a... platform I've never heard of?
I'm just trying to make sense of the numbers.
zck
Whatsapp was $1/person/year for a license. Wiz is "contact sales for pricing". Presumably that's more than $1/year.
According to Amazon's Wiz integration (https://aws.amazon.com/marketplace/pp/prodview-ibgbkrqusncsm), the lowest cost they have is $24,000/year.
craigkilgo
It's based on your workload you are using it for basically. So its not a set price.
Cthulhu_
Wiz is enterprise software aimed at and popular with large companies that need to check all the compliancy boxes, and according to sources used by >40% of the Fortune 500 companies. It's also only 5 years old, so that's a ridiculously fast growth.
seanhunter
Valuation multiples for a free direct to consumer messaging company are very different to a paid-for b2b cybersecurity company. It doesn't really matter whether you've heard about Wiz, the important thing is every CISO has heard of it and many of them are prepared to pay actual money for the product.
IshKebab
True, but the vast majority of people spend zero money on WhatsApp. I actually have no idea how I would give them money. There are no adverts, the metadata is not valuable, and no companies even use WhatsApp business, at least in the UK. Their UK revenue is basically 0, despite 100% market share.
This is an enterprise product in a space where companies spend millions of dollars.
Still seems like an insane amount though.
quantumwannabe
Whatsapp when it was acquired cost $1/year (with a year long free trial) and had a billion users and 55 employees. They were printing money.
IshKebab
As far as I remember they didn't ever really collect that money though. I certainly never paid it. I'm not sure they ever even implemented payment on Android.
Obviously hard to source this old stuff but I found an old Reddit comment that backs up my recollection: https://www.reddit.com/r/whatsapp/comments/xesw29/comment/io...
zck
Just to respond to the Whatsapp part of the comment, apparently Whatsapp made about $1.7 billion in 2024. https://www.businessofapps.com/data/whatsapp-statistics/
steventhedev
That is suspiciously equal to the "Other revenue" line in Meta's 10-K.
Given that likely rolls up other products I doubt it's all coming from Whatsapp.
[0]: https://d18rn0p25nwr6d.cloudfront.net/CIK-0001326801/1f8bf8e...
null
guappa
Like for whatsapp, they're buying the database, not the product.
yen223
I don't think WhatsApp had the same kind of revenue that Wiz has, even normalised for 2014 numbers.
disgruntledphd2
Revenue and profit are very different. Like, it's easy to pump revenue at a loss.
I don't really see the benefits of this acquisition for Google, but congrats to the Wiz team!
noboostforyou
> I don't really see the benefits of this acquisition for Google
At the very least it's a giant book of sales leads.
null
atemerev
WhatsApp purchase was for that sweet sweet data of everyone's contact lists (this was their original innovation for onboarding — just give us access to your phone book and we'll tell you who else is on WhatsApp). Their earnings were completely irrelevant in price discussions. The billions were paid for the dataset.
WhyNotHugo
Indeed. It's not just an incredible dataset, it's a self-updating one too.
Marsymars
I'd expect a lot of the money was also to prevent a competitor with WhatsApp's ubiquity from existing. (Or selling to another competitor.)
dataflow
Any idea what profitable things they do with that data?
smlacy
Just think: This company is 5 years old. That's just 1825 days, or 43800 hours, and they've created $32B of "value" in that time. That's an average rate of almost $750k/hour continuously. Incredible.
tombert
I have no idea how these corporate acquisitions are valued.
Craftsman Tools was sold to Black and Decker for $500 Million. This was and is a respected tool brand with an international presence making physical and tangible products and it is apparently worth 1/64th of Wiz.
I'm not even saying Wiz is overvalued, I don't know, I'm just not sure how they come up with these numbers.
therealdrag0
I think the main calculus is around estimating future profits. Do they make a profit? Is it a crowded space? Is the market space growing? What assets do they have? People, land, factories, or intellectual IP? Etc etc.
I don’t know the details of either deal but it’s easy to imagine a case where Craftsman tools is just a brand in a crowded market with no special sauce. For example Sears never even made the tools, they outsourced it. Also it sold for 900m, 500m was the initial payment.
tombert
> Also it sold for 900m, 500m was the initial payment.
Yep, you're definitely right, I misread. Still less than a billion.
> I think the main calculus is around estimating future profits. Do they make a profit? Is it a crowded space? Is the market space growing? What assets do they have? People, land, factories, or intellectual IP? Etc etc.
Yeah I guess that makes enough sense, though I have to admit that sometimes it feels kind of removed from reality sometimes.
kubb
Almost... unbelievable.
amazingamazing
Google has some amazing negotiating skills - paying 50% more for something they literally tried to get not even a year ago... (they tried to get it at 23 billing not even a year ago)
https://news.ycombinator.com/item?id=41042034
That being said, Instagram and WhatsApp were expensive for Facebook and those ended up being a steal. Time will tell, as usual.
kats
Yeah, but Instagram and WhatsApp have billions of users. Everybody has heard of them. Advertising on Instagram generates revenue.
Wiz is a SaaS b2b startup. Even on a forum for startups most people haven't heard of them.
Wiz reportedly has a revenue of 750m. It would take Google 30 years or more to break even on this deal. But like all bs startups Wiz will fade into irrelevancy 6 months after being acquired.
Google is getting completely scammed.
nosefrog
Nobody thought Instagram and WhatsApp were good acquisitions at the time.
askafriend
Instagram was roughly 10 people when it got bought, had less than 30M users and $0 in revenue.
totallyunknown
This: "But like all bs startups Wiz will fade into irrelevancy 6 months after being acquire"
scarface_74
The difference is that Google is the worse product company among the big tech companies. It’s like the modern day Yahoo! - where acquisitions go to die.
apercu
I don't know man, iPhones and Macs are really buggy, bloated/full of unnecessary features, and user hostile. Microsoft products are also hot garbage. The cars we get to pay tens of thousands (or even hundreds) are pretty much garbage now. It's not just Google.
scarface_74
I am not talking about opinions on quality. I’m talking about objective measures in introducing a new product that moves the needle as far as revenue/profit and market share that is not cancelled quickly
ebiester
This is meant to be politically-neutral commentary: this deal doesn't happen without a Republican in office that will squash the antitrust bent that the Biden administration started.
It's also possible the last Wiz deal happens without the antitrust swirling over Google.
walterbell
Some policy is being continued, https://natlawreview.com/article/antitrust-under-trump-initi...
> FTC Chairman Ferguson and Omeed Assefi, Acting Assistant Attorney General of the DOJ’s Antitrust Division, announced on February 18, 2025, that the FTC and DOJ will continue to use the 2023 Merger Guidelines as the framework for their merger review process.
SJC_Hacker
Rump likes to play favorites and use any power at his disposal to hurt his political / personal enemies or people he thinks don't "respect" him enough. He also is a fan of extorting people.
So I wouldn't count on it based on some generic "pro-business" position. Google is going to have to kiss the ring one way or another.
Workaccount2
Depends on how many complements Google gives the emperor on his clothes. The DOJ reiterated selling off chrome last week, so it's not off the table.
zifpanachr23
I just don't think the anti trust case is as strong in the security industry vs. many other parts of the software industry. I don't think a Biden admin would necessarily have jumped to try and block this sort of acquisition either.
jordanb
Turns out McKinsey is really bad at business and letting a McKinsey ghoul run your company is a good way to run it into the ground.
jtgverde
GOOG is up ~152% since Sundar took over...
dcchambers
Since Sundar took over as CEO at Google (August 10, 2015):
- Google is up 5.2X - I am not sure how you got 152%
- Apple is up 10X
- Microsoft is up 8.25X
- Netflix is up 7.45X
- Amazon us up 7.28X
- Facebook is up 6.27X
And for fun:
- Nvidia is up 207X
- Intel is down 12%
- The S&P 500 is up 2.72Xscarface_74
Microsoft was also up by leaps and bounds when Ballmer was in charge and RIM had its highest market cap in 2010 - three years after the iPhone was introduced.
That has nothing to do with whether Google has the ability to create new great products and it has failed miserably at that over the past decade.
_countzero_
Not the flex you think this is.
underdeserver
What do you know, Assaf Rappaport also worked at McKinsey.
atonse
This is probably a dumb question, but what does all cash mean? Does it literally mean that they are putting $32bn in Wiz's bank account (or probably some kind of escrow, who knows) which then gets dispersed to their shareholders?
What usually happens otherwise? Would they do partly google stock, etc? And each shareholder gets some kind of multiple? (you get your N amount of Wiz shares X .72 = your number of google shares), or something of that sort?
mlyle
> Does it literally mean that they are putting $32bn in Wiz's bank account (or probably some kind of escrow, who knows) which then gets dispersed to their shareholders?
Google pays each of Wiz's shareholders 75-90% of the deal amount. The remainder is held in escrow and paid some time later based on a variety of conditions.
> What usually happens otherwise? Would they do partly google stock, etc? And each shareholder gets some kind of multiple? (you get your N amount of Wiz shares X .72 = your number of google shares), or something of that sort?
Yup, that's exactly how it works.
exhibitapp
In an all cash deal the Vendor (buyer) will purchase all shares of the Target (seller) for cash and cancel those shares. A substantial amount of the cash will be held back in escrow subject to a number of clauses and released at a future date.
This will protect the buyer against misrepresentations.
There are often also targets that have to be met to achieve the full purchase price but not always disclosed
kgermino
Yes on all of that. All Cash means Google is essentially writing a $32Bn check which is dispersed to the Wiz shareholders. (It wouldn't go to Wiz's bank account since Google owns the bank account once they send the money.
Typically these involve at least some stock (cash + stock or all stock) which would mean that each Wiz share gets some amount of money and some multiple of Google stock per share.
jaimebuelta
They say that's an all-cash purchase. So it seems that they really put $32bn in the bank account.
bklyn11201
Ultimately they are buying the shares of all existing shareholders. Wiz tells Google who the shareholders are after all triggers of options to shares are resolved. Then Google wires each shareholder after the signatures are complete. No money should go into Wiz bank account. 10-25% of the cash is held back to make sure the company and key employees fulfill promises made as part of the transaction.
mikeyouse
Right - the Wiz bank account is about to be the Google bank account, so it wouldn't make any sense for them to receive the funds.
limaoscarjuliet
It means if you were a shareholder of Wiz, you will have cash in your checking/savings account within few days and you will no longer have the shares.
timcobb
What if I don't want to pay capital gains?
Cthulhu_
There's going to be teams of lawyers and financial managers that will guide that money into various financial structures and / or shell companies so that none of it shows up on the records used to calculate that.
lotsofpulp
Then you should not have owned assets that someone else had the power to sell.
financetechbro
Part of the acquisition process is putting together a “funds flow” which is simply a model that lays out how much $ each shareholder gets and then also you collect all the wire details, etc. But anyway, it can be a bit surreal seeing how much cash will be deposited into various accounts once the deal closes
epolanski
Acquisitions often involve swaps of shares.
bhouston
The press releases say cash deal.
whereismyacc
The question was about what happens in other cases.
thinkindie
Otherwise it depends on the deal structure. Especially if it's an acqui-hire, or founders are involved, it can be a combination of shares, options, earn-out, guaranteed bonus, certain salary levels (much higher then their current one) etc etc, and cash. Usually 100% cash deal is the most sought after unless the acquirer has a very solid business (in that case shares and options could be valuable too).
kamranjon
I’m just curious if anyone here has actually heard of this company before this announcement? If you have, what is your opinion on this acquisition?
ang_cire
Almost any infosec professional whose company uses an IaaS provider (AWS, GCP, Azure, etc) has heard of them. They are probably the most notable tool for assessing your "Cloud Security Posture". It basically looks at your cloud configuration and alerts you for security issues caused by mis/sub-optimal configurations. It also identifies vulnerabilities, software updates, permissions issues, etc.
I'm sad they're being acquired, especially by a FAANG company. This constant consolidation is bad for IT (and the economy in general). I am happy for the employees holding shares though!
popol1991
They are huge in the cybersecurity space, led by veteran founders, solve real problems, fastest growth to $100M ARR in the history...
mi_lk
In cybersecurity history or the history?
happyopossum
In history - until Cursor, so like 6 months ago they still held the record.
sudo-i
Growing up in the NYC area this is what I think of when someone says the wiz https://en.wikipedia.org/wiki/The_Wiz_(store)
Ylpertnodi
I have 'wiz' lights in my place - home-networked lighting system. Which works. Well. For me....so glad g hasn't acquired them.
philshem
I also thought at first that G acquired the budget smart bulb company but then I realized it’s “WiZ” and not “Wiz”.
TuringNYC
>> Growing up in the NYC area this is what I think of when someone says the wiz https://en.wikipedia.org/wiki/The_Wiz_(store)
Growing up in NYC, it is was impossible to not remember the "Nobody Beats the Wiz" jingle
sundarurfriend
As a fan of British comedy, this is what I think of when I hear wiz: https://en.wiktionary.org/wiki/wiz#Etymology_2
mousetree
We've been using them for 2-3 years. Excellent.
isoprophlex
[narrator]: Excellent, until now! Soon, their beloved cloud infra security scanner will to be sucked dry of all the juicy usage data on AWS and Azure customers, bled of its innovation, to be discarded in a few years time...
I like it too. Don't care much for google buying them, it can only end badly.
bschmidt60
[flagged]
bschmidt65
[flagged]
theamk
Would any evidence convince you that wiz-the-product exists? there are tons of comments on the thread, people discussing it on reddit, integrations with all sorts of products, stackoverflow questions about wiz terraform provider, tons of image search results for "wiz.io dashboard" (most outside of wiz.io domains)...
what makes you so sure there is no product?
tnolet
Last Kubecon / Cloudnative Con they had a HUGE stand. Hard to miss them if you are in this space.
fdgjgbdfhgb
I've seen them at trade shows and heard good things. I had also heard that Google tried buying them last year but it didn't go through, I'm curious about how/why they did it now
Cthulhu_
What I read is that last year they weren't sure yet if they wanted to go public instead, but the current financial climate isn't good for going public so they went for an acquisition instead.
bschmidt66
[flagged]
dcchambers
Yes. We use them for container vulnerability scanning - maybe other things as well.
psanford
I've used wiz in a previous job. Its a good product. I don't know if they invented disk snapshot based security scanning, but they certainly popularized it.
Companies like CrowdStrike have copied a lot of what Wiz has been doing (and I'm sure wiz has copied some CrowdStrike features).
This announcement is pretty disappointing to me. I would have more faith in Wiz as an independent company than as part of Google. I expect their innovation to fall off a cliff.
bschmidt62
[flagged]
> Wiz has raised a total of $1.9 billion from a combination of venture capital funds and private investors
> Wiz agreed to acquire Tel Aviv-based Raftt, a cloud-based developer collaboration platform, for $50 million in December 2023. In April 2024, the company acquired cloud detection and response startup, Gem Security, for around $350 million
> Wiz was founded in January 2020 by Assaf Rappaport, Yinon Costica, Roy Reznik, and Ami Luttwak, all of whom previously founded Adallom.
> Adallom was founded in 2012 by Assaf Rappaport, Ami Luttwak and Roy Reznik, who are former members of the Israeli Intelligence Corps’ Unit 8200 and alumni of the Talpiot program.
> Adallom was reportedly acquired by Microsoft for $320 million in July 2015
> On March 18, 2025, Google announced an all-cash acquisition of Wiz for $32 billion
Had never heard of Wiz until they posted the blog post about the DeepSeek database being public earlier this year.
https://www.wiz.io/blog/wiz-research-uncovers-exposed-deepse...