TGIF! This Friday afternoon, one earth, one Windows, one blue screen!

Wait, these devices share another commonality – they all have CrowdStrike's security software installed, but after the software update, it clashed with Windows!

As a global leader in cybersecurity, Crowdstrike has deployed on around 50 million PCs, second only to Microsoft.

Usually, more endpoints mean more data transmitted back, allowing for quicker issue detection and distribution across the network, enabling other clients to promptly fortify their defenses. At this moment, more endpoints mean... a huge mess, one that will surely go down in history.

Besides a plunge in share prices, Crowdstrike might also face hefty compensation claims... GBU!

In the realm of cybersecurity, Microsoft's "archrival" Google is also brewing something big these days.

According to WSJ, Google's parent company Alphabet plans to splurge $23 billion on acquiring the Israeli cloud security startup Wiz. If successful, this deal will shatter Google's previous record set by the acquisition of Motorola Mobility in 2012 ($12.5 billion).

Why is Wiz worth such a lavish sum to Google? A recent Sequoia article sheds some light.

Starting with "exploring customer & product problem-solving," Sequoia proposed a concise PMF framework encompassing three different prototypes – Hair on Fire, Hard Fact, and Future Vision.

In the "Hair on Fire" scenario, Wiz, as a shining example, was specifically praised.

Sequoia pointed out: If you aim to address your customers' urgent needs, your sector will undoubtedly be crowded. Imagine a residential area plastered with at least three locksmith ads.

What's the unique solution? Provide the optimal solution – a product that not just faster or cheaper but delivers a distinctive customer experience to gain lasting advantages.

So, how did the "latecomer" Wiz find its solution and achieve $200 million in sales within three years, setting a new record as the fastest SaaS company to reach a $10 billion valuation? What growth secrets are worth learning for founders in "crowded sectors"? Let's start from the beginning of the story.

The Underdog Wins: Wiz Muscled Out the Pioneers with a Blitzkrieg

In Israel, there's a legendary intelligence unit, Unit 8200.

Each year, Unit 8200 selects 50-100 outstanding high school graduates and, through rigorous IQ, comprehensive ability tests, and interviews, identifies the "superbrains."

Wiz's CEO Assaf Rappaport is a top "superbrain," even serving as the unit's captain.

After retiring, Rappaport joined the smaller, more elite Unit 81 and then spent two years as a consultant at McKinsey.

In 2012, driven by his passion for security, Rappaport gathered former comrades Luttwak and Reznik to found the cloud security company Adallom. In 2014, comrade Costica joined Adallom, having once saved Rappaport's life during a "dormitory inspection."

In 2015, Adallom was acquired by Microsoft for $320 million. Subsequently, the four founders embarked on a life as "Microsoft's senior employees." Microsoft CEO Satya Nadella imparted wisdom to Rappaport: "I make the rules here, and you break them here." What a charming sentiment.

Over five years, Rappaport indeed broke various rules. When he checked off the last task on his "Microsoft list," a new journey began.

In 2020, Rappaport and his three comrades left Microsoft to found Wiz, ready to make a big splash.

Initially, they weren't clear on their target, experimenting with over a dozen business ideas, even dabbling in online payments, before returning to cloud security.

The reason was simple: In conversations with dozens of Chief Information Security Officers (CISOs), Rappaport discovered that cloud security remained their biggest concern.

A "favorable condition" existed then – the COVID-19 pandemic propelled companies to migrate core workloads and data to the cloud. For instance, companies with 70% local and 30% cloud operations started considering a full cloud migration.

However, the cloud security sector was already crowded, with established players like Palo Alto Networks and startups like Orca Security.

How to carve out a path? By offering a unique experience, even a crowded sector can yield gold.

Imagine the cloud as a company's house and software as the streets. You want to open some windows for ventilation while preventing bad guys from breaking in. The best approach is installing "surveillance" to constantly track which windows are left open, which have the biggest holes, and which need priority repairs.

This "surveillance" is Cloud Security Posture Management (CSPM).

Installing CSPM "surveillance" is often the first step in establishing cloud security infrastructure, especially for enterprises with over 15 virtual machines under management – they're particularly interested in CSPM.

The opportunity lies here. At that time, most CSPM relied on "agents" that needed deployment on every server – meaning the IT team had to set up servers and distribute cloud accounts to business units. In reality, many units bypassed the IT team, privately migrating to the cloud first, creating "dangerous yet alluring" Shadow IT.

In 2018, Logicalis' global CIO survey found that 90% of lines of business (LOB) bypassed the IT department and leveraged cloud services to complete their work. By 2022, Gartner data showed that 41% of employees acquired, modified, or created technology invisible to IT, projected to climb to 75% by 2027.

In summary, when Wiz was founded, many enterprises' urgent need was to migrate core operations securely, conveniently, and swiftly to the cloud.

Finding a seamless CSPM solution equals finding the coordinates of a "gold mine."

Wiz offered precisely that – a seamless "agentless" CSPM.

Its product's biggest advantage is speed. Within minutes of customers providing AWS or Azure credentials, Wiz can inspect every connection and path to the outside world. Once connected, Wiz can uncover vulnerabilities during a 15-minute customer demo. Moreover, developers can glance at the "risk map" dashboard to identify urgent issues and allocate work hours accordingly.

At the time, Rappaport and his team engineers became the most dedicated, working on products during the day and sales at night, as Israel's evenings are the US's days.

Fortune smiled upon them. Three months later, Wiz's revenue jumped from zero to $2.8 million; 18 months later, it reached a staggering $100 million, setting a new record for the fastest-growing software company at the time.

In fact, Orca Security, another startup, pioneered the "agentless" CSPM solution, not Wiz.

Wiz's stealth success stemmed from the team's insight into customers' urgent needs and adopting a "blitzkrieg" approach to acquire them.

Meanwhile, Rappaport's strategy was highly effective: target the market's largest clients.

Big clients prefer spending more on a "safe box" than constantly worrying. Thus, Wiz often prices its products above $500,000, tailored to each enterprise.

Big clients agree they're getting their money's worth. In fall 2021, Bridgewater's CTO Igor Tsyganskiy signed Wiz's largest multi-year contract to date. He stated that while tools abound, only Wiz instantly delivers ROI. Wiz helped Bridgewater discover multiple risks exposed to the Log4j zero-day vulnerability within a week, potentially saving over $100 billion in assets from hackers.

Thanks to its successful enterprise GTM strategy, Wiz now serves 20% of Fortune 500 and 30% of Fortune 100 companies.

This year, Wiz raised $1 billion in funding, reaching a $12 billion valuation, a feat particularly challenging in the "AI-obsessed" 2024.

How Google Plays the Security Card

If the story ended here, Wiz might not have welcomed an acquisition.

Forbes wrote last August: "Don't expect Wiz to slow down soon, even as it tightens operations for a potential IPO next year. It's eyeing its first acquisitions and seeking a CFO."

Rappaport said at the time: It feels strange – I'm doing the opposite of what every newspaper and venture capital firm is telling everyone else to do. But with the right team, funding, and product, Wiz will keep "charging ahead."

But does the current landscape permit Wiz to keep charging ahead?

Customers may still face urgent needs, but what if your product is no longer unique?

Like the Achilles' heel of blitzkrieg, Wiz's success relies on its "speed and precision," but its underlying architecture largely "honors" Orca's. This means its core competitive edge, or "internal strength," is not profound.

Moreover, now players like Palo Alto Networks, Zscaler, Datadog, and even the "blue screen" culprit Crowdstrike have entered the fray.

Even amidst the AI wave, players won't go hungry. But without the next-gen architecture, Wiz's advantages will only weaken, turning its colossal valuation into a bloated figure.

Therefore, Google's $23 billion olive branch might be a blessing in disguise.

How is Google weighing its options?

Synergy Research Group data shows Amazon held a 31% market share in cloud services in Q4 2023, followed by Microsoft at 24% and Google at 11%.

But Google doesn't want to lag behind. The company is heavily investing in cloud computing, with the business growing rapidly. Last year, Google Cloud's revenue surged 26%, achieving profitability for the first time.

Globally, cybersecurity remains a key transaction area. Earlier this year, Cisco acquired Splunk for $28 billion. Google's acquisition of Wiz aims to significantly bolster its cloud services' security capabilities, enhancing competitiveness in the cloud security market and attracting more enterprise clients.

More importantly, Google wants to regain ground lost in "AI security."

In recent years, Microsoft, Google's "archrival," has had continuous cloud security mishaps. Tenable's CEO Amit Yoran stated: Microsoft's cybersecurity is worse than you think. His company discovered another Azure vulnerability that could leak sensitive data, immediately notifying Microsoft. But it took Microsoft over 90 days to partially fix it!?

That efficiency begs the question of similarities with Boeing (joking aside).

Even in Microsoft's recent mishap, Crowdstrike, the protagonist, intervened, overnight launching Falcon for Defender to protect Microsoft Defender users.

Wonder if users are more impressed now.

Interestingly, in May, Google released a white paper, taking jabs at Microsoft's security incidents and promoting itself as a safer alternative, offering discounts for clients to switch.

This costly acquisition clearly continues Google's "security strategy." However, despite the mutual agreement, many challenges remain. On one hand, given Google's recent difficulties with antitrust scrutiny, this acquisition is likely to attract special attention from regulators. On the other hand, after four years, Wiz's four founders will transition from being "Microsoft employees" to "Google employees," which will undoubtedly require some readjustment.

Editor: Rika

Image source: Internet illustrations