> Wiz has raised a total of $1.9 billion from a combination of venture capital funds and private investors
> Wiz agreed to acquire Tel Aviv-based Raftt, a cloud-based developer collaboration platform, for $50 million in December 2023. In April 2024, the company acquired cloud detection and response startup, Gem Security, for around $350 million
> Wiz was founded in January 2020 by Assaf Rappaport, Yinon Costica, Roy Reznik, and Ami Luttwak, all of whom previously founded Adallom.
> Adallom was founded in 2012 by Assaf Rappaport, Ami Luttwak and Roy Reznik, who are former members of the Israeli Intelligence Corps’ Unit 8200 and alumni of the Talpiot program.
> Adallom was reportedly acquired by Microsoft for $320 million in July 2015
> On March 18, 2025, Google announced an all-cash acquisition of Wiz for $32 billion
Had never heard of Wiz until they posted the blog post about the DeepSeek database being public earlier this year.
Thats the kind of a company everyone wants to build in enterprise security.
Incognito unicorns.
There are many companies like these in security space. Another company I can think of is Rubrik. All these large security companies under the radar success.
Security is a big field. I’m in the CSPM space and Wiz is a major player here, I actually had a bit of an existential crisis about what we were building when I first saw a demo of their platform.
Most of their competitors, like Palo Alto, have a very convoluted offering from gluing together several acquisitions. Wiz is very cohesive with a much nicer API and great UX, which is very underrated in the security space imo.
I have zero trust in Google’s promise to keep supporting the tool for multiple clouds or maintain the high quality of product design that makes Wiz great. It’s great for my job security, but I’d call it a net loss for the industry.
> Wiz is very cohesive with a much nicer API and great UX
I actually don't care for Wiz's UX.
If you're a manager and just want to get an idea of what your security posture looks like, it's great. They have a million dashboards for you.
But if you're an AppSec Engineer that just wants to see which EC2 instances have which CVEs, it's kind of a pain in the pass and takes way too many clicks.
There's a single button I click that'll list all my VMs, then a single click (usually a middle click to open a new tab) to view all the CVEs in each VM.
I've been a cybersecurity SWE, PM, and VC for a decade at this point and I've almost never found any relevant security or enterprise SaaS related content on HN.
For a hot second (around 2018-2019) there was solid conversations around eBPF, io_uring, or cloud posture management, but that doesn't happen on here anymore.
Same with MLOps and ML Infra as well - almost no one on here understands Infiniband, RDMA, or BLAS
The tech industry is MASSIVE - and most people are only clued into their own little niche. And according to HN, the only tech companies that exist are FAANG, Nvidia, Tesla, TSMC, and BYD.
>I've been a cybersecurity SWE, PM, and VC for a decade at this point and I've almost never found any relevant security or enterprise SaaS related content on HN.
FWIW "here" could mean "in this thread". It's pretty normal (and very visible here) that threads about X attract people working in X. I'm not sure this is happening here, I work in IT security but I clicked the thread because 32B caught my eye.
Lobste.rs for technical stuff. But most security related conversations by security SMEs aren't happening online anymore. We have specific user conferences and regional user groups now.
The cybersecurity industry is almost entirely located in the Bay, Seattle, Tel Aviv, and Blr/Hyd, so the really active user groups are mostly in those cities.
Cybersecurity goes hand-in-hand with IT, DBA, Networking, DevOps, and OS/Systems Programming - all functions that were previously looked down upon over the last 15-20 years.
Furthermore, most American CS programs made OS internals, Computer Architecture, or Distributed Systems optional, so the junior portion of the ecosystem doesn't exist in the US anymore.
I don't use Lobste.rs anymore because the owner irrationally blocked the browser I'm using, and I refuse to switch to a different browser just to read Lobste.rs. The owner seems like he has some issues to say the least.
Well, it depends what it does to your liability. If, in case of attack, it ends up shifting the blame to a third party, then yes, that's considered adding security in enterprise space.
If you're in security and you haven't at least heard of Wiz, I have doubts about what you actually do. I'm not saying you have to be a CSPM expert, but not even hearing about Wiz, when they are the largest CSPM, is somewhat concerning.
I am in security for many years now, my main focus is reverse engineering (but I did many diverse things, including cryptography, some exploit development and the opposite, AV work, I did R&D in security automation and some development of security tools and engines).
I never even looked at a CSPM, and from my point of view[1] CSPMs are a tool only relevant for a small part of security teams focused on enterprise cloud security. Today is the first time I heard of Wiz.
edit Actually my partner works in policy/compliance/legal side of security, and I'm pretty sure she never heard of Wiz too.
[1] I wrote this only to stress how different people in the same field can see things differently.
I've heard of Wiz, but would have had a hard time listing out their feature/benefit statement, because I don't work with CSPM tools. I don't think this "I have doubts about what you actually do" line is doing the work you want it to; it may be backfiring on you a bit.
CNAPPs and CSPMs are extremely common tools in cybersecurity. This is my concern. If you're in cyber and don't have knowledge of these things you're either in something insanely niche, in research of some sort, or lack critical knowledge that you should have. There's a big responsibility as a security practitioner to stay up to date on new tools and techniques. CNAPP and CSPM is not some new thing that was invented last year. It's been around for a decade.
> . If you're in cyber and don't have knowledge of these things you're either in something insanely niche, in research of some sort, or lack critical knowledge that you should have
I’ve never heard or seen either of those terms before reading this thread. What you’re calling “CNAPP” I’ve been calling “endpoint security”. I’ve been building internal “CSPM” tooling since 2014 with like raw cloud api calls feeding into graphviz, CI-like tests in a terraform repo, transforming the state of a set of cloud accounts into a form I can shove into z3 and ask questions about, that kind of thing, but never heard it called that.
I suppose if your company prefers to build over buy, you won’t be exposed to the kind of knowledge and vocabulary that buyers in the space use to orient themselves.
CSPM solutions are what corporate buys when they don't want to invest in security. It is rubber-stamping and ass covering. From my experience most people involved with such platforms are rather technical sales people than actual security experts.
> If you're in security and you haven't at least heard of Wiz, I have doubts about what you actually do.
IT security a very wide field. For example, a lot of positions in IT security are actually about compliance (i.e. lots of documentation), and ensuring the rollout of all necessary application patches in the whole company.
I've been securing my cloud instances the same way I would for dedicated hardware. I use the same tools. I periodically eyeball usage data from the service providers to make sure their end is OK. Takes 5-15 minutes. Occasionally run updates. It all mostly just keeps chugging along.
What is a CSPM? Some cloud monitoring tool? What does it provide over open-source security and monitoring tools with years of field use that would make me invest time into it? Also, have these tools been thoroughly audited, scanned, fuzzed, and pentested by reputable people like some of the open source tools we've been using? Since tools are part of the attack surface, do these tools themselves increase or reduce it?
Serious questions since you think I should be very knowledgeable about these tools. My tech stack just works with minimal maintenance. So, I'd have to lose time on more important or fun stuff to even study CSPM or Wiz. Not counting setting it up.
Bullshit. Infosec is not just about highly inflated startups or whatever the fuck CSPM means. I know people who do exploit dev, reverse engineering, blue teaming and they have never heard of wiz. Stop overexaggerating
Would we (i.e. anyone not in the intelligence space) know how intelligence service-y software would look like ? . Aren't all such organizations trained and designed to be inconspicuous and in places we are unlikely to expect.
Mossad aren't the guys doing cyber ops in Israel. They're suave arsim (how else can you blend in Beirut or Tehran).
Also, if you've worked with Israeli government cybersecurity teams, they aren't much different in caliber from the kind you'd find at the NSA, GCHQ, or Netherlands.
> They're suave arsim (how else can you blend in Beirut or Tehran).
To save others looking up what 'suave arsim' meant:
1. suave -- a normal English the word for charming/confident
2. "arsim" [1] -- apparently a former ethnic slur for Mizrahi Jews [2] now repurposed to mean crude, loud and brash (which sound to me like the equivalent of the British slang term 'chav').
It was a bad attempt at humor, but pretty much my point is there are a couple other cybersecurity/sigint specific units unrelated to Mossad. And "arsim" isn't as loaded a term anymore - everyone is mixed in Israel now because it's a melting pot.
And saying "Mossad"-this/"Mossad"-that just feels like it's increasingly being used as a dogwhistle.
> they aren't much different .. NSA, GCHQ, or Netherlands
I (and most here) wouldn't really know what that caliber is in these other organizations either to compare
What we do hear is of how the Hubble's tech stack is hand me down previous gen(i.e. 70s) spy satellites or exploits like Stuxnet, Pegasus or the recent pager supply chain attacks. On pure technical level those are all pretty impressive things well beyond what I or even anyone I may personally know do.
There of course is definitely certain amount of propaganda that would project much higher capability than reality, being mindful of that misdirection and the visible evidence, we civilians can only reasonably conclude that we will never have a clue what these organizations can or cannot actually do.
This is google. They've got everything. I use google password manager, wallet, biometrics to log into my google smartphone and google authenticator for my 2FA. I use google voice and maps, photos, youtube, search, docs, gmail and gemini for AI.
Imagine if you found an authentication backdoor - a way to impersonate any account and you could start sucking down data. You do it for 5 billion people and charged google $6.40 per person not to put it on Tor.
The article talks about Trump inserting himself into larger deals, there is no reason to think this one is an exception.
I’d also bet on this being more of a kickback, rather than an invisible unicorn. Between a visible elephant (Trump/Israel) and an invisible unicorn, betting on an elephant is more reasonable.
I feel like the majority of anti-jew sentiment is from pro-palestine arab people and adjacent. At least In my country. They really believe "jews run the world" once you debate them enough they admit it and there is no changing of their minds.
> I feel like the majority of anti-jew sentiment is from pro-palestine arab people and adjacent
Most people haven't met an Israeli or traveled to Israel.
Also, most users on HN are Americans or Northern European who overwhelmingly use Reddit, so everyone has some weird fringe mentality about one side or the other.
Honestly, most Israelis and Arabs act the same - I mean most Israelis are Mizrahi and normal/collquial Hebrew is heavily Arabic based (where else will you here people say "Yalla" in every other sentence)
> Most people haven't met an Israeli or traveled to Israel.
I have travelled to Israel a bunch of times and worked with a lot (proportionately) of Israelis and Jews. I generally really really like working with them, like their attitude and love the vibe of Tel Aviv.
That doesn't mean that I support or agree with their behaviour in Palestine particularly.
Like, I have often hated US foreign policy, but have always been OK with US citizens. The two things are very different.
Ik. I have friends from Haifa, Nazareth, and Beersheba. There isn't an easy way to write Israel, Israeli Arab, Palestinian Arab, and non-Palestinian Arab.
My point is, anyone who isn't Israeli (be they Mizrahi, Ashkenazi, Ethiopian, Arab, Druze, Chechen, etc) or Palestinian should stfu (me included).
You have wackos saying "Israel is a fake state" or "raze Gaza into a parking lot". Yet if you talk to an actual Israeli their opinions are much more prosaic. It's just a complex situation that outsiders shouldn't comment on.
> My point is, anyone who isn't Israeli (be they Mizrahi, Ashkenazi, Ethiopian, Arab, Druze, Chechen, etc) or Palestinian should stfu (me included).
On the contrary: for the vast sums of money and military power we contribute to keep the lights on over there, US citizens should have two or three votes each in Israeli elections and free airfare to and lodging in the country. Oh, and access to their quite generous healthcare subsidies as well.
Anti-semetic talking point, nice. From an american too. Wow. I keep seeing this talking point, but the money to Israel is nowhere near to fund healthcare. You are just lashing out like a little rat.
You are so right! Only whites can be racist. As a northern European, how can I ever repent and make you happy?
I will never have an opinion on this conflict again, as I am white. I am so sorry. I will listen and learn while pro palestine people protest here in Sweden and advocate for Israel to be wiped off the map.
That is totally unfounded. Their book of business is huge. You think Google is paying 32B of shareholder dollars because of a foreign intelligence agency? Keep your conspiracism to yourself.
2.) I’m only adjacent to security but have heard of Wiz. If you work in security and haven’t, are you sure you’re good enough to subject us to your opinion?
>2.) I’m only adjacent to security but have heard of Wiz. If you work in security and haven’t, are you sure you’re good enough to subject us to your opinion?
For some reason I picked this hill to die on in this thread. I work in IT security for a long time, and I have never heard of Wiz. My focus is malware reverse engineering and adjacent subfields. I have no interest in anything Cloud.
"are you sure you’re good enough to subject us to your opinion" feels a bit dismissive.
Same here, I guess it's the circles you run. I just went to their homepage and I have no idea what they do. I already have CI/CD, code, etc.. "securing" it seems like, use aws secret stores?
In other words, their webpage is not telling me anything. Companies like these, always feel like instead of having a useful product, they hired useful networks of people to "spread the word" and sell sell sell to your network. Apparently I wasn't in the network. Sorry old and salty.
Companies have problems securing their workloads. Not just storing secrets. Off the top of my head, I've personally been able to centralize the following with a single tool (instead of gluing together a dozen different providers)
- scan cloud configurations for policy violations
- detect and remediate infrastructure misconfigurations
- real-time visibility into cloud resource inventories
- early detection of issues
- container vuln. scanning
- runtime anomalous behavior
- alerts and correlate security events
- compliance mappings
- id risky permissions in IAM policies
- track changes and configuration drift over time
- implement zero-trust policies across microservices
- eforce network seg in containerized environments
- run security checks during build and deploy stages
- vulnerability assessments on running VMs and containers
- policy-as-code for consistent security standards
In your opinion, are they a whale because they make a great product... or just have a great marketing/PR/sales team? I am guessing "great product" because I cannot believe that Google cannot just rebuild it themselves (if not a great product).
Wiz is widely considered one of the strongest CNAPP/CSPM products on the market. I haven’t personally tested every single competitor’s solution, but I’ve found Wiz to outperform pan, crowdstrike, and prisma.
To answer your question. Google doesn't acquire Wis because Google can’t build a comparable product themselves. The real driver is that Wiz has already achieved market penetration and trust. Replicating that from scratch would be a massive undertaking, requiring not just a sophisticated product but also the brand credibility, customer relationships, and reputation for reliability. establishing that level of traction and trust is difficult, time-consuming, and expensive. I highly doubt Google would try to build a direct competitor from the ground up when acquiring Wiz allows them to leverage its existing success right away.
The product is great. We’re using it since 2023. Very happy.
Regarding your google comment: Google builds Google products that can also be used by other people. I am pretty confident they cannot build something like Wiz. And not because they don’t have researchers and developers.
It does not make sense. In 2024 Wiz had 10.7% market share. Revenue in the 1,5 to 1,7 Billion but they were not profitable in 2023. Become profitable in 2024 meaning costs are very high.
Also looks like Google is desperate for growth in Cloud and they need to do something.
They are paying as much money as their whole Google Cloud revenue in 2023.
Revenue multiple is like 40x times revenue for Wiz. Exceptionally high, even
for a high-growth company. Clearly overpaying.
Wiz had nine rounds so massive dilution, and VCs need to recover the money...
10% market share in any industry with an even slightly healthy level of competition is huge. The fact that people think it's not for tech feels like an indictment of the overall health of the industry to me.
Perhaps I should have been clearer, but especially compared to the rest of the enterprise tech market, security is unusually fragmented. There is no Microsoft or Cisco of the security market in the way those companies dominate the desktop operating system and core networking markets, respectively.
Analysts sometimes refer to the enterprise networking market as "Cisco and the Seven Dwarves". Nobody has ever said that about Symantec (prior to the Broadcom acquisition) or Palo Alto Networks.
It is often the case that in a new security product category, the products are so different, it is hard to collect them together in a single category with a straight face. Example: next generation AV circa 2015-2016. AV was a well-worn product category. All of the legacy products did basically the same thing. More or less at the same time, a bunch of new products came to market that all claimed the mantle of "next generation AV:"
* Bit9 did process whitelisting, later adding Carbon Black for endpoint forensics
* Fire Eye had a proto-EDR solution
* Cylance did ML-based malware detection
* Palo Alto Networks had an exploit-mitigation focused agent that they bolted ML-based malware detection onto.
The industry slowly converged on EDR as the sort-of successor to endpoint AV budgets.
A few years later, the cloud security space was the same fragmented mess. Some were what we now know as CSPM, some were glorified DLP solutions, some container security solutions, etc.
Microsoft is the Microsoft of the enterprise security market, more or less. They completely dominate email, largely dominate identity, have a plurality if not a majority on endpoint, but don't compete in network.
> The industry slowly converged on EDR as the sort-of successor to endpoint AV budgets.
This was a dedicated effort by CrowdStrike working with analysts back in 2017-2018. EDR capabilities themselves, interestingly, grew out of forensics companies like Guidance Software. HBGary and Mandiant were the early players. FireEye killed Mandiant's EDR off, but HBGary's lives on to some extent today, two or three acquisitions later, at GoSecure.
> Microsoft is the Microsoft of the enterprise security market, more or less. They completely dominate email, largely dominate identity, have a plurality if not a majority on endpoint, but don't compete in network.
The most recent figures I’ve seen are that Microsoft has around 25% of the endpoint market[0], which is a plurality because the market is so fragmented. Proofpoint claims around 24% of the email security market[1].
The only security market you can say they “dominate” is identity, if you ignore the MFA market. AD is, at least, almost everywhere.
> This was a dedicated effort by CrowdStrike working with analysts back in 2017-2018.
That’s one interpretation of events. It’s also completely orthogonal to what I wrote.
> Proofpoint claims around 24% of the email security market
Proofpoint is the clear number two, but Microsoft always sits behind Proofpoint (and Mimecast, IronPort, etc.). They're also always in front of Abnormal and other API-only options. Every big company has E5 with Defender for Office 365 on their email, and the rest either still have E5 or they have EOP.
> That’s one interpretation of events.
In 2017 EPP and EDR were distinct categories, and CrowdStrike had a big internal initiative (driven top-down by Kurtz, but managed by a PM director under Rod Murchison) to merge them, while Cylance and others that had separate SKUs for each area worked to keep them apart. CrowdStrike was more effective.
I mentioned this because it wasn't just a natural market convergence; B2B companies spend absurd amounts of money with the Gartners and Forresters of the world to align their products with line items in budgets. It's capitalism all the way down.
Not speculating on anything here. I was at or worked closely with all of the companies mentioned in both posts.
You like to make absolute statements like “always”, but I know of large organizations (Fortune 500) that use Proofpoint, but not Microsoft email security. And in endpoint, there are shops that license defender as part of an EA, but don’t use it - of course, those seats go into the Forrester figures that Microsoft likes to tout.
Sure, I can enumerate the handful of the Fortune 500 that don't use Microsoft. Palo Alto Networks, for example, has TAP sitting in front of Google. In PANW's case it's because of a broader partnership Nikesh put together with Google in 2018, which also involved moving from AWS to GCP. This is stupendously uncommon, though.
If you were to look through the System -> Inbound Mail settings for every PPS customer, you'd find a sea of x.mail.protection.outlook.com, some on-prem Exchange servers, and practically nothing else. I'm comfortable with "always" as a description of this state of affairs, but you do you.
actually, it makes perfect sense. it's just that you (and I) don't have the right perspective.
these giantcos are sitting on Himalayan ranges worth of cash, which is burning a fiery hole in their butts, and they don't know what to do with it.
and they have more cash than sense, even though they always brag about having some of the smartest people in the world, and also have FOMO (to competitors and upstarts).
Facebook buying WhatsApp for 19 billion did not make sense to us laymen either, but it happened.
I was flabbergasted when I read about it. ignorant me.
wow, faaak. I wrote my above comment off the cuff, although based on my intuition and common sense, but just now thought of googling FOMO, to check what Wikipedia says about it, and it seems they agree with me:
relevant excerpt, from near the top of the above page (emphasis mine):
>FOMO can also affect businesses. Hype and trends can lead business leaders to invest based on perceptions of what others are doing, rather than their own business strategy.[19] This is also the idea of the bandwagon effect, where one individual may see another person or people do something and they begin to think it must be important because everyone is doing it. They might not even understand the meaning behind it, and they may not totally agree with it. Nevertheless, they are still going to participate because they don't want to be left out.[20]
leaders, huh? more like followers, aka sheep. include me out.
$350M ARR in less than 5 years. Aiming towards $1B by the end of 2025.
You never heard of them since perhaps your decisions were not in the cycles of their product. Those who are , heard indeed (type of folks who look at Gartner magic quadrants).
I read their website and there must be something secret they've got cooking behind the scenes cause the valuation makes zero sense to me.
The whole thing reads like all the dozen or so "cloud security" plays out there.
Either I'm missing something big, or their products are outrageously far ahead of all the other similar sounding products out there.
I've been known to roll my eyes at a lot of these sorts of product catalogues in the past though and so I'm definitely biased and not the target audience for their marketing.
Some CIO out there probably really does think that their security problems will finally be over once they purchase another half dozen dashboards click through and look at.
The product though is easy to set up, no friction - like 5 minutes per tenant; and in a few hours you have a really good picture of your security posture with very detailed explanations for every finding.
And the graph… very useful to understand why a finding is marked as high ir critical even though at first glance it does not look like it.
For Google they are worth 32B, they ARE the Google Security business from now on. They don't even have to be profitable themselves, having this aspect working means google get access to additional enterprise clients and in place they weren't previously present.
We use them and the product is very very nice and very lightweight to set up. Like for a cloud environment it takes about 5 minutes to get it up and running for a tenant.
What we use it for:
- vulnerability assessments for containers and VMs (they give a list of vulnerable or outdated packages)
- initial access vulnerabilities: what happens if an internet facing component is compromised because you have a vulnerable package and to what kind of data it has access to (it has some regexes and what not to figure out if in your database you have PII data, HIPAA etc.), what lateral movement is possible etc.
- provides information on what you can do to fix a finding
- IAM checks for overly broad permissions
- Service account age and overdue key rotations
My company just started using them and I was part of the due dilligence evaluation of their product. I had never been so impressed with a cloud security provider before I started using their product. Absolutely phenomenal product offering l.
Yea, good luck with that, especially when 8200 alumni are embedded deeply in the vast R&D sites all major US tech giants have in Israel (Apple alone employs thousands in Israel), whether by direct recruitment or by buying Israelis startups.
It stands for 8 smart people that run it and 200 clueless children that have no idea how the world works. Maybe it's the other way around, I can't tell.
>Adallom was founded in 2012 by Assaf Rappaport, Ami Luttwak and Roy Reznik, who are former members of the Israeli Intelligence Corps’ Unit 8200 and alumni of the Talpiot program.
It's interesting that many people working in intelligence found ways to become very successful in business. I wonder what is the reason.
Tight networks largely. THey've invested heavily into having these "assets" in US tech companies, and so pro-Israel folks in the US work hard to acquire them in.
See [1] to see the flow of people. I explain the connections a lot in [2], and [3] is our initiative to work on it.
Military service in Israel is mandatory and the conscription rate in the core "educated" areas is ~90%. Each year, the intelligence corps then gets what is practically* first pick of the best minds of that year (typically kids who are already skilled in programing). They then get to have them for 4-6 years meaning unlike modern employers, they have time and motivation to invest in training them. Then you get the most apt programming minds of a generation spending six years together learning and building connections with each other in core programming and security skills.
Imagine if all the ivy league graduates in the US would be forced to work together for the same company, for free, for 4-6 years. Would you be surprised if suddenly former employees of that company found ways to become very successful in business?
* - Technically they get something like 3rd pick and there's negotiations and it depends on what sort of roles are involved etc. In practice, conscripts have some influence on where they'll go and if you have a choice in any role in the military, you are going to pick "write code in an air-conditioned office" over any other available option.
Intelligence communities tend to pick very smart people who are particularly good at acquiring niche skills and operating under extreme situational uncertainty. I think those are valuable attributes for someone in business.
When I read the headline, I assumed the IoT platform and smart light brand, the now Wi-Fi arm of Signify, the smart home people who do (Philips) Hue smart lighting.
The primary founder (Nir Zuk) is a Unit 8200 alumni, as are the founders of Checkpoint and a bunch of other cyber security companies. Nir Zuk is also a US citizen and went out of his way to base PANW in the US, including their hardware manufacturing and software engineering operations.
You'll find former-intelligence blob operators in a great many cyber security companies. Including former American intel employees[0]. Hell, the CIA basically has their own VC fund[1].
Also, there is zero evidence any of these people are currently acting at the behest of their former employers, apart from obviously the CIA venture fund acts at the behest of the CIA.
Military service is compulsory in Israel, so being a former member of 8200 isn't exactly unusual. Given the choice between spending two or three years as deployed infantry, or writing code in an air-conditioned office, I suspect a few of us here would choose the latter.
Yup. And more than that, Israel picks the brightest high-school kids to join their special school that trains intelligence officers. The kids learn advanced STEM and analytics in the school. It's not a coincidence that many of the graduates ended up founding good companies.
Arab-Israelis are around 20% of the population and they're not required to enlist. Some religious groups, religious women specifically, are also not required to enlist.
There are exemptions for people with disabilities, health issues with risk factors, extreme poverty, problematic family situations, teen parents, etc, as you would expect there to be in any western democracy.
For any other healthy citizen that's not exempt by law - males in particular - military service is as compulsory as paying taxes.
> It is a choice
I'll never understand why people who aren't Israelis, don't live in Israel, can't read or speak Hebrew, and probably have never even bothered to talk to an Israeli, for some bizarre reason feel qualified to talk so authoritatively about a place half way around the globe that they've never been to.
EDIT Editing your post like this to hide how wrong you were after the fact is misleading, but by now we've seen that this is typical behavior for people in your ideological camp.
Removing all context from this quote and not including a source is misleading.
I was surprised at the quote so I looked up your source[1] and it describes the ways Israelis avoid conscription by using exceptions/deferrals such as being Palestinian, being ultra-Orthodox, having physical or psychological conditions. Others just choose to go to military prison.
Sounds pretty mandatory to me, at least how the word is commonly used.
> Although military service is often described as a national duty in Israel, conscription is in fact far from universal. As little as 50 percent of Israeli citizens actually enlist, according to left-leaning Mesarvot (Hebrew for “I Refuse”), a network of Israeli refusers to which Behar Tsalik belongs.
EDIT: You did update your comment with the full quote, but only after I posted this. That's disingenuous of you, and I'm out of this discussion.
Presumably it's a reference to the fact several of the founders are Unit 8200 alumni, which is part of Israeli intelligence. It's not the same as Mossad, though.
As I understand it, Unit 8200 is the Israeli equivalent of the NSA, and Mossad is their CIA.
If you have a problem with Unit 8200 alumni, you’re going to have a difficult time buying commercially available security products. Palo Alto Networks, Armis, Checkpoint, and many others were either founded by or otherwise have former 8200 folks on staff. Then there’s crowdstrike, founded by a Russian. Or Fortinet, which was founded by Ken Xie (born in Beijing.)
I guess you could base your entire security stack on F Secure. Everyone loves the Finns.
Where do you see Wiz in the above list of products in the post I'm responding to?
In any case, as for wiz..., if companies want to stuff their secrets into a proprietary product that is controlled by intelligence officers of a hostile (as in a lack of respect for international law) foreign country, I don't care. I know I would not.
This thread is talking about Wiz. The comment you responded to was about the fact that security company founders often have intelligence community backgrounds and/or come from adversary states (from a US/European perspective.) It had nothing to do with VPN.
I can chose to what part of a comment I'll respond to. I responded to list of companies providing "VPN" software. Fortinet, paloalto/globalprotect, checkpoint,...
It's the only product I'm sometimes required to come in contact with from these companies. And also the only product of theirs that I inspected in any detail in Ghidra. And the only product of theirs that I have to defend my network against.
So I'm only interested in that aspect of their products. For everything else, all these security companies and their customers can devour each other, for all I care.
> The founders of CrowdStrike—George Kurtz, Dmitri Alperovitch, and Gregg Marston—do not have publicly documented personal connections to Israel. That's the first claim of yours I faield to verify so I won't bother with the rest.
I realize reading is a very difficult skill to master, but maybe -- just maybe -- you couldn't verify that "claim" because I never made it.
I think parent was saying that if someone has a problem with Wiz being ex 8200, they would have problems buying cybersecurity solutions in general because the more established companies founders with foreign non-allies background.
That is clearly a false equivalence though. Being born in a country is qualitatively different to working in a military unit requiring security clearance.
So what? Technologies with military and intelligence origins become available to civilians all the time. That includes the Internet itself, which was originally sponsored by DARPA.
Would you rather they have kept the technology to themselves?
"Now Avishai has left 8200 and went off to co-found Wix, the website building tool.
It’s crazy to think that the co-founder of Wix is an expert hacker, someone who’s broken
into multiple countries and conducted massive amounts of espionage."
"Once you get out of 8200 you’re then a reserve and have to spend up
to three weeks a year going back to 8200, refreshing your skills
all the way until you’re forty"
"There’s also a yearly reunion where you leave your family and
spend a week with your fellow soldiers you served with.
Every year they do that. Keep in mind, all this is happening
in a place not even as big as New Jersey with roughly the same population.
Look at how dedicated they are to keeping these connections with one another.
This has powerful results. Everyone knows everyone."
"Imagine if one 8200 member goes off to work at Google to help
"develop the Chrome browser and then goes back to 8200 as part
of their yearly duty and while there, they see a soldier building
exploits for the Chrome browser. What do they do?
Do they take the exploits from 8200 and patch it in Chrome
or do they help their fellow soldier by sharing the source code?"
The Mossad is a security service of the nation of Israel, which, for all intents and purposes, is a nation designed to house and protect Jews. And Judaism is a religion. So yes, a connection exists.
Did you try applying for Israeli citizenship? AFAIK being a follower of Judaism is a requirement. Source: a Christian Jew being denied a citizenship due to this reason.
No... it isn't (as there are 100s of thousands of Muslim, Christian, etc. citizens in Israel). I am assuming you are a foreign national and you are referring to the Law of Return.
Currently, there is a prohibition on using that right and "professing" another religion. Blame the haredi, according to my granfather they're as*holes.
You could get a visa and naturalize like anyone else that is eligible.
I am eligible because my great grandmother was there before statehood in the Irgun.
Me too, but a lot of (admittedly not all) opposition to Israel's existence, extent, and its security apparatus is rooted in anti-semitism. I'm not going to undertake a long discussion about it, but in short, you can hear the dog whistles and they're inappropriate.
Of course... one side of my family goes way way back in the area. Great grandma was Irgun. Rest of the fam was Austro-Hungarian/Ottoman/Polish/Ukrainian/Russian depending on what decade you looked at. Empires borders kept moving. I think at one point we might even had been Italian (Trieste).
Judaism is not only religion in a sense that you go to synagogue to pray. Being a jew is not only about religion but also about traditions, e.g., celebrating jewish holidays, teaching your kids about history of your people, etc.
If you do nothing jewish, then I would argue that you are not jewish in a cultural sense. You still would be a jew from a religious point of view (if your mom is jewish), but if you do nothing jewish, then you are not jewish.
I guess what I am trying to say is being jewish is not ethnicity only, or religion only, it's both. For example, converts are considered jews despite their non-jewish ethnicity.
Had a Jewish wedding and secular divorce, a few rabbis in the family on fathers side, went to Synagogue for a decade or so, haven't gone in a few decades. Don't really keep to most of the traditions. I'm ethnically Jewish and a big chunk of the family is also culturally Jewish with a smaller bit also religiously Jewish. Oddly the Israeli part of the family isn't religious at all (atheist) but follows more of the traditions because they live in a Jewish nation.
Conflating the state of Israel with all Jewish people & implying all of have (a secret) allegiance to Israel, regardless of their citizenship is actual anti-Semitism. Correctly identifying folk who fought for Israel is not anti-Semitic in any way the allegiance at the time they served in an elite unit is clear to all.
You’re responding to an argument that I’m not making. I said there is a connection, which is true. Obviously not everyone living in Israel is Jewish, nor is everyone there a practicing Jew. But the founders’ purpose remains and is woven throughout society and its constitution.
And people aren’t just “identifying folk.” This thread has devolved into a debate about Israel itself, which invariably happens when Israel is even tangentially involved in a story.
I am highlighting that the "connection" you mention is frequently used in bad faith by actual anti-semites, as well as the pro-Likud propagandists who suggest that any criticism of the government of Israel or its policies is antisemitism, as if the current government and Jewish people are interchangeable.
I agree. The comment that equated an intelligence service with a religion was crude, inappropriate and unnecessarily political. It is downright shameful to invoke the very real phenomenon of religious persecution as a way to discourage mere mention of a specific, relatively small intelligence organization.
Modern antisemitism tends to be rooted in racist prejudice against a Jewish ethnicity more then plain religious discrimination. And tends to be related to a lot of conspiracy theories.
I think its possible to fairly critize a nation state and and intelligence agency but some criticismtends towards mossad shark type conspiracies
The constitution of a nation and its practices are separate axes. Many US states practiced the functional equivalent of apartheid until the 1960s, but the USA was still a democracy nevertheless.
(This is not intended to reflect any opinion I may have about Israel's specific practices.)
I'm well aware of what the commenter was trying to suggest, and was not going to dignify it.
Every time a story involves Israel somehow--even if it's about the success of a business based there--it turns into a debate about Israel itself. It's exhausting and stupid.
I'm confused what you mean by "brigade". I see two comments that are replying to you with clarifying questions. No one has denied your statement, only offered opportunities to clarify your meaning.
From the outset the term "anti-Semitism" bore special racial connotations and meant specifically prejudice against Jews. The term has been described as confusing, for in modern usage 'Semitic' designates a language group, not a race. In this sense, the term is a misnomer, since there are many speakers of Semitic languages (e.g., Arabs, Ethiopians, and Assyrians) who are not the objects of antisemitic prejudices, while there are many Jews who do not speak Hebrew, a Semitic language. Though 'antisemitism' could be construed as prejudice against people who speak other Semitic languages, this is not how the term is commonly used.
The term may be spelled with or without a hyphen (antisemitism or anti-Semitism). Many scholars and institutions favor the unhyphenated form. Shmuel Almog argued, "If you use the hyphenated form, you consider the words 'Semitism', 'Semite', 'Semitic' as meaningful ... [I]n antisemitic parlance, 'Semites' really stands for Jews, just that." Emil Fackenheim supported the unhyphenated spelling, in order to "[dispel] the notion that there is an entity 'Semitism' which 'anti-Semitism' opposes."
Others endorsing an unhyphenated term for the same reason include the International Holocaust Remembrance Alliance," historian Deborah Lipstadt, Padraic O'Hare, professor of Religious and Theological Studies and Director of the Center for the Study of Jewish-Christian-Muslim Relations at Merrimack College; and historians Yehuda Bauer and James Carroll. According to Carroll, who first cites O'Hare and Bauer on "the existence of something called 'Semitism'", "the hyphenated word thus reflects the bipolarity that is at the heart of the problem of antisemitism".
The Associated Press and its accompanying AP Stylebook adopted the unhyphenated spelling in 2021. Style guides for other news organizations such as the New York Times and Wall Street Journal later adopted this spelling as well. It has also been adopted by many Holocaust museums, such as the United States Holocaust Memorial Museum and Yad Vashem.
We use them. The product is genuinely great and I hope Google doesn't mess with it.
For us they replaced a bunch of different tools and a hodgepodge of custom scripts and hacks.
For those who have not heard of them - it's basically asset and vulnerability management for absolutely everything you have running in the cloud. This includes stuff running in your k8s clusters, etc. And they do all this without having to manage a fleet of agents on everything and costing you money in resource usage. Not that Wiz is cheap, far from it :(
They built the core CSPM module themselves. And, yes, their customers really do exist and really do love the product. What they particularly liked was the alert fidelity - most other cloud security vendors back when Wiz started required a host agent to provide a similar level of assurance a given alert was real, whereas Wiz would do offline volume scanning.
Just because you aren’t the target market for something doesn’t mean it isn’t real or valuable.
Source: used to compete against them. I no longer have any dog in this fight.
We've been using Wiz at least from Oct22 (And we do things with Wix API too, so the naming creates plenty of confusion). Cloud Engineer with Google Cloud and AWS.
It can scan a lot of stuff and give you pretty interesting insights and alerts.
And do you know what managers like? It creates Jira tickets automatically with all the findings, and they can assign them to people and say they've done their thing. We hate that because tickets appear and disappear magically in hundreds each time Wiz scans, sometimes with no obvious explanations.
But here come some of the bad things:
- UI/UX: Terrible. It's so difficult and confusing reaching from one place to the other and finding stuff that you had open just instants ago. Slow too. I've seen the security people do nice filters and search queries but it's not intuitive at all.
- Doesn't support very basic features. For example, in Docker Hub they don't support scanning full organizations or using organizational tokens for scanning individual repositories. They personally told me in our support channel that they were looking into it... in April 2023. Still waiting. (The API is slightly different than a regular Docker Hub public repo but, come on, an enterprise security tool that doesn't support connecting to a Docker Hub org... that's just silly)
- Closed docs. You can only check the docs if logged in. I hate that and also limits the work with people that's not a Wiz user.
- Terraform provider:
It's quite limited, that means you need A LOT of manual work to integrate stuff with their scanners
It's changelog URL doesn't work, so good luck with knowing when features appear or when you get breaking changes
No source AFAIK, you just get a binary. Good luck.
- Pricing. Can't remember the specifics but I hear a lot of complaints about how expensive they are. Also, no public pricing.
> Everyone here saying they've used Wiz for years are huge liars.
I have seen Wiz at AWS re:Invent multiple years in a row, and have seen their product used to good success in multiple companies I've worked with. It's not vaporware, it's a real product that really works and has a place in the cloud/container security space. I don't think anyone is lying here at all. The fact it's /also/ an acquisition vehicle as a path to an exit for the founders is a separate thing.
I mean… Hue bulbs are insanely expensive, and Wiz is a much cheaper option. I’ve used their lights since like 2021 and Costco carried them. Does that make me a huge liar?
I can tell you from firsthand experience that people - including people I have personally worked with at large organizations - have absolutely heard of Wiz. Yes, it is a relatively new player, but the people there have been putting out high quality research for years and have also demonstrated a very compelling approach to securing cloud environments. They get a lot of praise, and they've earned it.
Second, I have no idea what you're doing to get Wix results from a search for Wiz. When I search for Wiz, I get a whole bunch of results about Wiz, including links to discussion threads where random people (i.e., not high-rep HN users) also talk about how much they like the product.
Finally, something to consider: would Google actually pay $32B for a company that "nobody has heard of" and doesn't provide any value? Probably not. I would hope not.
These companies are the closest you can get to a legal mafia, they are effectively charging companies around the world to keep them "safe". In other words, a job that is traditionally considered to be a basic service of the government is now being privatized by people that nobody knows if we can really trust.
This is an absurd take. There’s nothing stopping anyone from building their own cloud security tools (many have), and unlike the Mafia, Wiz isn’t threatening anyone who doesn’t buy their service. I’m also not aware of any government agency providing any reasonable analog to what these tools provide in the physical world.
> In other words, a job that is traditionally considered to be a basic service of the government is now being privatized by people that nobody knows if we can really trust.
How on earth is it the government's job to protect people's software? It's a mere digital product, not human life or property.
Besides, people also buy padlocks and door locks for safety. Wiz is no different.
Imho, and as a xoogler who's been in Google Cloud's ecosystem the past few years, Google Cloud's three big focus areas have been AI (this is an evolution from their historical focus on data, then also analytics), Distributed Cloud (Anthos++) and security (post the Mandiant acquisition). They'll never be able to compete on base infra, given their late entry into the game, lack of presence in certain markets, and the lock the competition has in some industries (Azure in industrial/mfg, AWS in pharma, etc), and they know that, so they've lately been focused on what they believe they can control. One of those things is the narrative that Google Cloud is the most secure cloud.
It shouldn't be overlooked that acquiring Wiz is also a way for Google to secure a beachhead in half the Fortune 100, many of which are "enemy" territory.
The price is high, but there aren't many options available and Wiz has the advantage of being built on Google Cloud natively, and already have Marketplace integrations completed.
As a Googler who works in GCP security, security has been a key differentiator for GCP long before the Mandiant acquisition. Google invented BeyondCorp (a primary driver of Zero Trust). Google helped create security keys (U2F, FIDO, Webauthn), and was I think the first major company to adopt them, both for employees, and for consumers. Google was one of the first major companies to offer a bug bounty, in 2010. Google's Project Zero searching for vulnerabilities in other companies'/organizations' software I think was pretty much unprecedented when it was created. Look at the number of times other tech companies get hacked compared to Google. Google got hacked in 2009 by China (I believe that was the first time a major company admitted to being hacked by government). That was a major turning point. Ever since then it's been "never again".
> Look at the number of times other tech companies get hacked compared to Google.
Your whole post is confusing Security of the Cloud with Security in the Cloud. And conflating GCP with Google but those are just examples of why GCP has such a small market percentage.
The security of GCP rests on the security of Google. If Google gets hacked, GCP customers are not secure.
Additionally:
Google offers BeyondCorp products as GCP products. A big example is IAP. Do AWS and Azure offer something like IAP? If so, I think they were created in response to IAP.
Another innovative GCP security product is VPC Service Controls. Do AWS and Azure offer something like that? If so, I think they were created in response to VPC Service Controls.
Bug bounties protect GCP customers by making sure GCP products don't have vulnerabilities.
Project Zero protects GCP customers by finding vulnerabilities in products that GCP customers use (although it also finds vulnerabilities in products that AWS and Azure customers use).
When Microsoft got hacked by China in 2023, China stole Microsoft's signing key, and used it to mint tokens to impersonate Azure AD users of Microsoft customers. That's relevant to security in the Cloud.
The best way to use AWS IAM policies is to not use them at all.
AWS allows to use multiple accounts easily, and accounts are (by default) completely isolated from each other. That's actually how services work internally at AWS, it's not uncommon for a service to have hundreds of AWS accounts (one for each region multipled by the number of environments).
That's quite the claim, can you provide an example?
GCP is permissive out of the box and things like the Compute Engine service account having the basic Editor role by default is a bit of a footgun, but they're trivially turned off.
So many areas where resource-based conditions just do not work with particular GCP product offerings and you're forced to give out much broader access than you should be giving out. It's half-arsed and prevents you implementing PoLP.
AWS has a steeper learning curve here, but I've never been unable to constrain down e.g. access to an SNS topic in the way I want to.
Adding to it: deps.dev, osv.dev, SLSA (all are either free or fully open source)
Google has been great contributor to the AppSec and Software Supply Chain community. I just pray daily that the “google graveyard” curse doesn’t touch these important projects.
> (I believe that was the first time a major company admitted to being hacked by government). That was a major turning point. Ever since then it's been "never again".
I think this is also a good argument for why it is beneficial for society that Chrome stays in Alphabet; Google is good at some things and bad at some things - that people have access to a reasonably safe browser for free should not be underestimated
To me, the security posture of Android (esp, the Pixels) & Chromium stands out as an outstanding contribution to humanity (given the reach of both those platforms).
> Google got hacked in 2009 by China (I believe that was the first time a major company admitted to being hacked by government).
As a GCP user, my view is that Google does Googly things and hopes others will use them. And if not enough people don’t buy into whatever Google builds because it is built by Google, they will cancel it.
> a way for Google to secure a beachhead in half the Fortune 100
If that is their objective, they will fail again, since this is the land of good account management. Being able to call somebody on the phone if required. Something AWS excels on, Microsoft a little bit, while Google is rumored to have humans working there, but they are rarely seen.
We have a relatively modest commit with GCP, around $1M a year, and have a dedicated account rep who I can contact whenever I need to. In fact, we've had a similar relationship even when we were half the size.
Google simply does not have a culture of giving a shit about people's experiences with their product. If you are having a problem you better either have that problem so frequently and severely that it shows up on whatever monitoring system they're using to evaluate release health, or you better get comfortable with it for the long haul.
This is such an underrated weakness of Google. When I was working at AWS ProServe, we never even took GCP as a serious competitor. Their customer service, acount management and enterprise sales team was so horrendous it was laughable.
I don’t think we even had talking points about why AWS was better than GCP like we did Azure.
what drives me mad is that it's not even underrated! everyone knows, everyone has been talking (and complaning) about this for something like 15 years!
I personally know of 2 big GCP customers who, over the years, left GCP because of this and the impact it had in critical situations. This very feedback was given in both cases to people considerably high up on GCP's ladder and... nothing's ever changed.
I'm sure plenty other big migrations off GCP provided the same feedback, to no avail.
When Diane Greene first and then Thomas Kurian became Google Cloud CEOs people thought that finally, due to their previous experiences in very Enterprise-aggressive companies, they would improve massively on that front.
Did they improve the situation? a bit. Massively? bringing GCP finally on-par with anyone else (not better than anyone else, just... the same)? nope, not even close.
Google is, at its core, an advertising company that tries to disguise itself as a technology company. When necessity calls, they will undoubtedly elect to divert resources towards their core business and away from their hobby projects (which GCP is).
I think you'd be quite surprised by how big it is inside Google. & Kurian won himself a lot of favor when Cloud figured out how to make sure it became profitable in Q2? 2023.
It was the last Google organization to have a genuine sustained hiring spree and didn't face nearly the same amount of cutbacks
I can't help feel like this will be rolled into GCP and quickly lose support for Azure and AWS and then just die. That's a lot of money to spend to kill off a business.
I rolled out their "workloads for AWS" stuff recently, it was pretty slick to be able to have AWS IAM roles just translate to GCP roles. You don't have to run your own CA like you do for AWS Anywhere.
I'm slightly baffled by this acquisition but arguing against you actually helps me make some sense of it.
If Google wants to be "the best of the best" at security and some set of potential customers use Wiz as their "best of the best" security, then this is a way to convert those customers to Google.
Consider some org that prioritizes security, like at the board level. They maybe don't really care about the nickel and dime cost of AWS vs. Azure vs. GCP since it comes out to 10s or 100s of millions of opex in the end. What they do care about is the cleanest record possible with respect to security. And Wiz is a key component to their position on security that is communicated to investors - it is a social proof that they are taking security very seriously.
This now becomes a tool for Google when trying to win their business. By degrading the value of Wiz on AWS/Azure/Oracle/Salesforce they are taking away that bullet point on security for a subset of competitors customers. And that may entice some of them to move their entire cloud service to GCP. So whatever revenue they lose on the Wiz side from a dozen or so cancellations they would hope to make up with a few 100 million dollar whales.
I just find it hard to believe that enough whale level cloud compute business will be generated in this way to justify $32b. This is really the best take I have on the acquisition and it feels unsatisfying, as if there is some other decisive information that would provide a justification for such a valuation.
Maybe there is some government mandate coming down the pipeline that isn't very public yet? Some kind of legislation that will force companies to adopt stricter security policies? That could precipitate the kind of changes that would justify this kind of massive valuation.
Customers will not start using GCP more instead of AWS for example just because Google owns Wiz.
Degrading Wiz capabilities on AWS/Azure/etc will not drive more customers to Googke. CSPM and cloud workloads don’t go hand in hand. What will happen is that other companies will capture the market share left by Google. Will the offerings be less then Wiz quality-wise? Sure, but it will be way cheaper than moving to GCP.
The best option will be to leave Wiz as it is - standalone.
That hasn't stopped them before. Fitbit and Nest, for example. Granted, this is an order of magnitude more money to waste. Maybe they'll come up with a better strategy this time.
Google doesn't have a strong record keeping enterprise products around either. I would expect them to absorb this product, release a similar product based on the technology but fully integrated, then sunset Wiz asap.
it's obviously from their own quotes but you can get most of the names in their various customers use cases, joint PRs and the likes (and those required the customers' direct approval )
I don't think that makes much sense in business. They want to move customers from competitors and as an underdog you need to provide some migration path. You don't get these kind of system integration freely. Provide your service in competitors to smooth their transition path but keep the latest and best features in GCP. This was the idea of k8s.
And Apple on an almost 20 years old product, and Microsoft through its enterprise users, like 2 decades ago...Think about it Nvidia in 20 years is still just doing just very fast matrix calculations and idk Toyota is still making hybrids.
This assumption that a tech company is going to keep reinventing or inventing new wheels all the time has very little evidence in human history, while the opposite one, the many great tales of that super company that did so many great things and then is far more common.
The only exceptions are...academic? And that's because innovation and moving the field IS the role of research and academy, not companies returning earnings to investors.
There is a correlation analysis in Jamin Ball's "Clouded Judgement" substack [1] which shows the correlation between next twelve month ("NTM") Revenue Multiples and Revenue Annual Growth Rates for public market tech / SaaS stocks.
The current Slope-Intercept is (NTM Revenue Multiple) = 36.677*(NTM Rev Growth Rate) + 2.0013. If Wiz is doubling revenue (100% Growth Rate) and they are at about $500M of revenue today [2], then the multiple according to that calculation is ~38.7 X Next Twelve Month Revenue ($1B) or $38.7B.
So, the price is in line with the market...or you could argue even a discount to it.
> Assume 1,000 customers each generating $2m in ARR with contracts. That’s $2 billion. Assume generous 6x ARR valuation, that’s $12 billion.
That's the thing , were any numbers released or are we all just gonna speculate here ? What is their growth rate, profit margin etc etc ? How do they fit in Google's business, can current Wiz clients be upsold on GCP more easily now? Can other clients be brought more easily to GCP now that Google has a good (I hope) cyber security solution to go with its cloud? Clearly there is some strategy going on here that is more than just the ARR of Wiz.
As a minor shareholder in GOOG as well I have no freaking idea about any of this, I sort of trust that they probably took a calculate risk and know what they're doing (and even if this is a mistake by 20B, that's not much for a company the size of Google).
It makes more sense if you think about how 2006 looked like:
- the only way to money in 2006 was advertising and the idea of advertising in internet videos was borderline crazy (remember when internet was tv but without ads?)
- it was just one of many potential interesting players. To think it could've been Vimeo, but the founders cared more about their main project: collegehumor
Well 500m/year when they last raised in mid-2024. There are hints as to their growth rate from their post about their 100m ARR milestone [1] and thus one knows they went from 100m to 500m in two years (mid 2022 to mid 2024).
They're thus probably higher than 500m now although the multiple still seems really high to me. But what do I know.
Did you have your conclusion in mind before running your back of the envelope calculation? Many people do this much of the time. That often results in motivated reasoning.
One way to reduce that tendency is to use multiple POVs of analysis. You could phrase it as a question instead: what assumptions would you need to change for the valuation to make sense?
Other questions: What factors are you not including? / What would it take for nepotism to survive scrutiny and how much nepotism would be tolerated?
My guess here is there are long-term strategic factors that the decision makers weighed heavily. I’d be very interested in understanding their world view, since they have much better internal visibility of both companies.
Tin foil hat time, Google regularly complies with LEO. It's often joked they are an unofficial intelligence agency; peers being CIA, NSA, FBI, etc. Wiz is a foreign-owned company with a detailed vulnerability map of more than 50% of the Fortune 100. It can be argued this is a matter of national security, and not simply business.
I don't think Google is buying Wiz because they hope that revenue from Wiz will make it worth their money.
They surely expect some kind of strategic advantage from that, probably something to do with security of their own infrastructure, or maybe competitive advantage for gaining government or gov-adjacent contracts, or maybe they were afraid that Microsoft or Amazon could buy it and hurt their existing business.
Cyber warfare and cyber defense cannot be measured in money easily.
Take a look at other Unit 8200 startups, or even Palantir. Palantir is much much much more worth than what they are on paper, especially with their Lavender AI involvements.
Cyber strategies have become so critical that it's a race between nations right now. The leading ones being Russia, Iran, China, North Korea and the US (while the US is heavily losing control, just in terms of malware and campaigns). Stuxnet forced the hands of the other nations, and they invested fully in Cyber eversince.
How is 6x generous? Alphabet's P/E is 23. That means $2 billion rev implies $46b valuation (assuming high margins)
These deals always have more than meets the eye. Google wouldn't acquire revenue at a fair market price just for revenue's sake - there's some reason they expect to get value beyond the revenue.
That doesn't mean its nepotism. It could be that they think they can triple revenue per customer with some synergy. Or any number of a large set of other possibilities.
If you want to understand this type of transaction better, you can read a book on M&A
Sure, I was not commenting on the deal per se, but that specific argument to compare Alphabet P/E with Wiz revenue multiple of Alphabet is a deeply flawed one, and is all too common among non-finance people.
They advertise "Unified visibility and security across code, CI/CD, and cloud environments" - maybe it's google's way to siphon off proprietary code from private Azure and AWS environments in order to train their AI. Google does not own Github, they must be severely lacking in private training data.
It was a huge bet, it paid off for many reasons, not least luck.
I remember 2005/2006 there were many websites competing for the video-website role, YouTube's luck was that...they were very permissive on uploads while competitors like Vimeo e.g. employed a reasonable amount of content moderators.
I have no basis for this thought other than speculation, but I imagine GCP having previously unaccessible data about a lot of AWS and Azure workloads of potential GCP customers, gotta be worth at least something... if a customer is generating 2m ARR for Wiz, how much of ARR they generate to AWS/Azure if they are not a GCP customer? Again, this is just speculation and I have no idea if it has any basis in reality, but this was my first thought back when they made the first offer.
Imagine you are a company, like Wiz, that is still growing fast.
Sure, your valuation could be based on revenue today. But why would you sell if you're "worth" $12bn right now, but you'll be "worth" 32bn in a few years? Why give up the control?
The only way for a company like Google to buy Wiz is to add a premium. Otherwise the company will just say "no".
This literally happened to Figma as well. And there is a history of this with companies like Instagram/WhatsApp.
In retrospect, was it stupid for Facebook to acquire Instagram/WhatsApp for large premiums?
Disagreements on board levels are less and less frequent in the corporate world.
On top of that, many huge voters are simply ETFs, and their representatives virtually always side with management (state street, vanguard, etc have documents that explain their voting, but they are far from any kind of activist or naysayer.
I'm surprised this acquisition didn't happen sooner. The first time I used Wiz I knew a big cloud provider would be snatching them up at some point. Why? Because every enterprise that decides to use cloud providers then needs to find someone to keep that cloud environment safe.
But also, and may more important, you get to see everyones cloud usage, across all providers, with a high level of permissions. Said differently, Google can now target customers with massive spend across other cloud providers and work to migrate them to GCP, at a price that's just cheap enough to over come the switching cost.
If you'd be so kind for those of us that haven't touched cloud in 5/10 years, what is Wiz? from reading the google announcement: solving the supply chain hybrid cloud security issues? I could google I know but you seem to know what you are talking about, so if you'd be so kind. :)
I don't know anything about cloud VMs, but I'm confused about how this is possible. Wouldn't determining whether you are HIPAA complaint depend on auditing all kinds of application details about how information flows through the system and how authentication and authorization are done? How could this be validated statically by looking at cloud VM config? Is Wiz doing some kind of AI magic over your whole codebase?
I am sure I am misunderstanding something, but I'm not sure what.
They scan for everything they can and report on that. They don't claim to be able to tell you if you're 100% compliant--they just claim to be able to alert you if some subset of the requirements are out of order.
And that still provides a lot of value to the right customers.
It probably appeals to the kind of businesses that see compliance as a list of checkboxes. Just make sure employees have signed the nda and contract and stuff. Doesn't matter if they are a salesperson and the nda says they can't talk about the product.
Figures. Crazy how badly I midsized this problem. When I was working on a cloud provider I suspected this would be a big problem space for building in, but I thought it was in the low billions, I was thinking (I guess stupidly) that the clouds and tools around them would be kind enough to create a lot of standardization so as at least this stuff wasn't junk. I get wanting to create a bit of friction, but thought "this is a bad place to make high friction". I guess it's pretty bad given the size of this acquisition? Or GCP just wants surface area data on other cloud providers (I presume this would aid in that, but I don't know)?
Idk about other clouds, but Google didn’t eat their own cloud dog food when I was there. We had people food (borg) that was kinda impossible to separate from the infrastructure of google3 (and Google dev processes) and so cloud was built different. It wouldn’t surprise me if that organization just had no awareness of how bad the friction really was for long enough for Wiz to get really good at it?
I'm not at Google, but the usual thinking is that the public product fixed a lot of the design warts of the internal one, but it's only 90% feature compatible, and the internal migration has an opportunity cost that's higher than the cost of maintaining two similar products.
I don't see the need for sarcasm. Most mid-size and up companies have security departments. And they use tools to make their jobs easier.
The problem with the cloud, from a security standpoint is that is it much more complex than a traditional on-premise infrastructure, especially if you go the "managed services" route and have minimal code.
And reason they can get recurring revenue for what is indeed basically a linter, is that what it lints your configuration files against is not just best practices but also regulatory compliance. And that gets hairy enough and changes often enough that it's usually worth it to pay for it to be someone else's headache.
The real value is it's linter for _any_ cloud config - you can use terraform or cloudformation or just click around in user interface, and Wiz's rules would still work.
I was worried it was that WiZ, luckily it's not
Their bulbs are one of the few WiFi bulbs that don't require an app to operate (only for the initial configuration)
Shelly does not require an app at all. Initial setup can be done via the WIFI AP it generates by default. Cloud is a checkbox in the app/web interface.
It was going to happen last year but Wiz said they wanted to IPO. Wonder what that implies about the larger IPO/exits market.
Here's the letter sent by the CEO Assaf Rappaport to his team at the time (2024):
"Wizards,
I know the last week has been intense, with the buzz about a potential acquisition. While we are flattered by offers we have received, we have chosen to continue on our path to building Wiz.
Let me cut to the chase: our next milestones are $1 billion in ARR and an IPO.
Saying no to such humbling offers is tough, but with our exceptional team, I feel confident in making that choice."
Wiz by itself is a great business and public markets will price it accordingly, but Google is able to price it much higher because of its unique position. Wiz + GCP sales team will boost adoption of the main product, a Google branded security tool keeps eyes from looking out, and of course, the ability to move huge amounts of revenue from competitors over to GCP is something only a hyper-scaler can tap. At 36x+ valuation, this is still a great deal for Google.
On what are you basing your opinion that this is a "great deal"? Google is going to have to earn close to $100B in profit attributable to this acquisition over the next 10 years in order to financially justify it.
> On what are you basing your opinion that this is a "great deal"? Google is going to have to earn close to $100B in profit attributable to this acquisition over the next 10 years in order to financially justify it.
Maybe like the Motorola acquisition - not so much the profit attributle from the acquisition but the profit they *won't* lose by not acquiring them.
That $100B is a based on a ballpark estimate of how much a passive investor would expect to earn by putting $32B of their money into a high-yield stock fund (yielding 15% per year, which is a conservative annual growth rate for a cloud provider) and sitting on it for 10 years. If Google can't do at least as well as that, the investor would be better off with the stock fund.
It's smart defense, great offense, and a good product behind it. Each eat a big chunk of that $100B target. I don't see Wiz as a 10 year company, I see it as a forever requirement for companies to manage all of their cloud resources (across all providers). It will be here as long as GCP/AWS are here. I expect a short path to ROI on this one.
Wiz is a recognized leader in the CNAPP/DevSecOps market, and so they'd be naturally attractive to any cloud hyperscaler. Google had to either build or buy a similar solution to grow GCP; and they chose to buy. But $32B is an enormous hunk of cheddar, and I don't know why they felt compelled to pay that much. The ROI on such a large investment is unclear.
It gives them (legally debatable) visibility into how customers are using their competitions products. That's part of the reason it didn't happen under the Biden administration. Trump is very much against enforcing anti-competition laws though, so the deal suddenly began to make sense again.
Google would have to be contractually bound not to do that, or Wiz customers would flee like rats off a sinking ship, which would significantly devalue their investment.
A lot has happened in the last 56 days that has resulted in significant uncertainty in the stock markets. That, combined with the higher offer, apparently changed the board's mind.
> But also, and may more important, you get to see everyones cloud usage, across all providers
Yeah - that’s not likely to happen. Even the current in-house developed multi-cloud security stuff Google has doesn’t let internal people see customer data. It’s right there in the T&Cs they publish and agree to.
I suppose they could be violating them in egregious ways, but that wouldn’t last long before one or more of the 170,000 employees got upset and went all whistleblower, which would lead to billions of dollars in lawsuits.
There are ways around it. If they look into specific customer's usage it is looking at customer data. If they look at more customers it will just be called anonymous analytics.
Then you slice and dice the analytics data to extract what you need in the name of planning & improving the product.
For a truly multi cloud customer, your second point switches from being a pro to being a con as soon as Google owns it. Why would you give one of your cloud vendors visibility over your footprint across their competition?
They don’t need to force people, just make them a very good targeted offer. This is also great for seeing which features their customers use most to help GCP catch up to the competition, too.
It doesn't force them to move, it just gets Google the information about how you use competitors products so they can out negotiate them come deal time.
Wiz itself doesn’t. But Wiz knows what is going on in everyone cloud. That data could be fed to GCP sales team though customers might riot if that happens.
>That data could be fed to GCP sales team though customers might riot if that happens
Large enterprises don't sign the stock terms and conditions that would enable this, most do or should have legal teams redlining contracts around how cloud data is accessed and used by vendors. Maybe Wiz is so good they would agree to it, but it would get challenged and negotiated during the sales cycle.
Clients can have their lawyers jump up and down but the data is there, you just KNOW the mothership gonna use it. All they need is some obfuscation and plausible denyability. It's just too good to not use it.
Wiz is used by 45% of Fortune 500 companies and you're thinking someone is making up that they used it? This is unnecessarily mistrustful / conspiracy thinking. What censorship btw?
Google already have one of the best security teams in the industry - Project Zero [0]. They don't need Wiz's "enterprise" expertise for security.
This deal is about DATA. Wiz, as a cybersecurity vendor, have full remote access to their customers cloud compute storage (EC2 EBS volumes, etc) in the name of "security scanning" - this is actually part of their unique selling point - "agent-less scanning" which is unlike traditional security tools that require an agent installed in the OS. Instead, Wiz is able to just clone your full data volume and scan it locally in their cloud accounts/VPC.
With this deal Google has bought a ton of confidential data from Wiz's customers without their explicit knowledge or approval, and they will use it to improve Google's AI models like Gemini and probably several other products.
A year ago Google struck a $60M/yr deal with Reddit to exclusively license their content [1] for the same reason, and that data is probably much smaller and less valuable than the data Wiz has access to from their customers, which include companies like Morgan Stanley, DocuSign, Slack, Plaid, and others. [2]
I find it hard to believe (or maybe I don’t want to believe) that this could ever happen? Even if Wiz has T&C’s that allow full access to clients’ data, and even if the T&C allow some sort of “use” of that data that includes training an LLM, surely you can’t release an AI trained on private information to the public? You can’t have Gemini spitting out internal/private/confidential information?
It's only dumb if they get caught doing it. If they do it once and keep it quiet and then someone finds out 2 years later, it's going to be a footnote in history.
I'm guessing you would be the same guy who wouldn't torrent millions of books and copyrighted works to train your LLM. Zuck can afford not to care about that pesky detail
You are not naive, you are not considering that at certain scales, your concerns are the cost of doing business.
Not the same thing at all. Corporations care about their data a lot and would cancel deals over this. Noone cares if some authors get upset, they have no leverage. Disappointing how people will make confident statements while being so clearly clueless.
Facebook did exactly this with a VPN acquisition. They didn't break into customer data; they just mined it for usage patterns.
So as a pure speculation on Goog's motives, it doesn't sound farfetched enough to call ridiculous. Competitive data is valuable, particularly if you want to strangle the youth in their cradles (or acquire them).
> actually outrageous claim that Google will use this to illegally siphon customer data
Hypothetical question as much as anything: If Google purchases a company and the data the company stores about their customers, is it illegal for them to use this data for whatever they want?
Lets say it would give them an understanding of what features from AWS people tend to use the most, and they use that to improve Google Cloud, would that be illegal?
GDPR, CCPA, HIPAA, etc, as Google has no way of knowing which data they will train on, add to that copyright and that's just off the top of my head
cloud contract obligations are also pretty clear about customer data.
furthermore it would be bad engineering and security if Wiz had actual direct access to customer data, versus having their code having access to said data. That would be a huge issue in due diligence for example
Did you skim through Wiz's Privacy Policy? They're keeping a lot of stuff that isn't "direct access to customer data" and already permitted to be sent to 3rd parties, wouldn't surprise me if you could aggregate what features are most used on AWS by collating some other sources than having actual access to customers cloud.
Obviously, existing agreements would need to continue to be run properly, no question about that. But there is always plenty of other data that probably could be used by Google to gain some insights.
Read through the Wiz MSA [0] at section 6 which discusses “Customer Data” and among other things specifically asks Customer not to send HIPAA data (perhaps to sidestep the issue you just raised) and concludes with this:
—
Customer hereby grants to Wiz a non-exclusive, worldwide, royalty-free right to use Customer Data to provide the Services and perform its obligations under this Agreement.
—
Or if reading terse legal documents isn’t your thing, go ahead and just read through Wiz’s own blog post about how their scanner works, which confirms they have full, direct access to customer EBS volume snapshots in the default “full SaaS” deployment model. [1]
Your point that due diligence would have taken issue with this might not be grounded in Google’s reality.
> [access to use customer data...] *to provide the Services and perform its obligations under this Agreement.*
"Services" – which you'll note is capitalized... lawyers do that for a reason – has a very specific meaning that very obviously does not include "whatever the fuck Google wants to do with it", nor "training general purpose AI models" in particular.
Why are you intentionally and blatantly misinterpreting Wiz's policies? Or are you just that good at ignoring/missing details in order to weave the story you've already decided to believe?
I've been consistently surprised at how common bad engineering and security practices seem to be within the security vendor space though. So idk this just makes it sound more plausible to me cause this would be exactly the type of company to have a scandal like that.
Google isn’t buying Wiz for “security expertise”, they’re buying Wiz for a security product, in a growth area, that customers absolutely love. You’ve provided no evidence for the conspiracy theory that google is buying Wiz to siphon up a bunch of data, and if you’re going to link to Wiz, maybe link to their public list of security certifications, many of which prohibit the type of data harvesting you are suggesting.
"Trust" screams insecurity. Security is in the direction of trustless rather than requiring trust. Do you trust companies which say front and center "you can trust us"?
Wiz is a "security product"? Security isn't something you can buy and bolt on to your systems as an afterthought. It doesn't work like that!
Based on the exceptional level of ignorance and outright delusion in this thread, I'd rather not speculate. Easily 1/3 of the discussion is mired in conspiracy theories about Israel, and another 10 - 20% are people who's comments can be boiled down to "you know, I've never heard of this product/company/industry before, but, by God, the world needs to hear my hot take."
I trust open source code I can see and compile and control. :)
How is "trusting wiz" (trusting some icons on website controlled by wiz leading to publicly inaccessible reports, half of which are done by a single company somewhere in Florida) related to what Google might do with it after aquisition?
That’s great. For you. Most businesses don’t have the ability or desire to build every single security tool they use in-house or use open source for everything. So they buy commercial tools. Which are audited by third parties to give the companies that use the commercial tools some idea of how their data will be used.
If google wants to maintain those audit findings, which they’ll need to do to keep most of their customers, that’s going to limit the kind of data collection they can do. Unless, of course, you want to propose a new conspiracy theory (which I guess would be par for the course in this thread) that Google is going to lie to their auditors to get at that sweet, sweet data (most of which they already have for their GCP customers and don’t need to buy Wiz to obtain.)
I believe you are right in the direction, but wrong on the details. Yes they will now have tons of otherwise inaccessible data about how Wiz customer use GCP’s competitors (AWS/Azure), eg what workloads, how much they pay, how many EC2 / EKS / ECS / RDS / S3 / SageMaker are actually used and how much they pay. This is by itself highly valuable financial information, that any company would love to have about their direct competition.
I highly doubt Google or Wiz have a legal avenue that allows them to use customer data beyond fulfilling their product needs.
Products like Wiz (voluntarily) go through security audits and certifications, from SOC2 type 2 to FedRamp. Also enterprise customers actually do read T&C (their legal team does at least) and having terms and conditions that allow you to train models on customer data without their consent is not going to fly under the radar for long.
To add a few, Chrome was the first browser to introduce process isolation: Every browser tab, every site (second-level domain) and every iframe runs in its own sandboxed process.
With that it's the only end-user software (alongside the other browsers) that actually is secure against Spectre and Meltdown. Operating systems only protect against Specre/Meltdown leaks between processes.
Google invented Certificate Transparency and Chrome enforces CT since years. Firefox added CT enforcement only a few days ago.
CT solves the following: For example, if a rouge Chinese Certificate Authority decides to issue a cert for google.com to the Chinese government for Man-in-the-Middle attacks, CT blows their coverand makes it known to everyone that the CA issued a fraudlent cert.
Using private data to train a public LLM seems like a huge liability that Google's legal team would never approve. I could see them using the data for all sorts of kinds of analytics though. I heard Google deals in those a lot.
Project Zero and Wiz and have very little in common. It's wrong to bring these two up together as if they are comparable. Project Zero focuses on discovering and analysis of new (including zero-day) vulnerabilities. I do not believe Wiz uncovers new vulnerabilities. The skillset of someone working on Project Zero looks very different from someone working on Wiz.
The field of security is huge. It's unhelpful to lump unrelated things together.
A few fun ones are the multiple cross-tenant security exploits they found in Azure (which is why, among the tons of other reasons, Azure is just the worst possible choice for a cloud vendor from the big 3 - their security is a joke, and none of the vulnerabilities below should have passed even a cursory security review, but they did, which means the whole org doesn't take security seriously. Add in the fact that it's slow as hell, and has the UX worthy of an Enterprise vendor, the only reason to choose it is because you're getting a good deal on the golf course for it):
This theory of yours is a conspiracy. Google would never start training off of confidential corporate information without authorization. The legal team would never allow it. And if they ever got caught, it would be a complete disaster for them.
> Wiz combines a graph search for asset management with agentless vuln and malware scanning that clones EBS volumes and scans them on their infrastructure. That's a great combo for vuln management, but has some downsides like delays between scans and cloud costs. They have a sensor with solid detection rules, and are okay at a bunch of other stuff like cloud log threat detection and sensitive data detection. They've basically pushed what you can do without an agent to the limit.
> [Cyberstarts] shows an internal rate of return of more than 100%, an unusual figure even for the best funds in the world.. The first sales come from the loyal CISOs who work with the fund.. Ra'anan offers [CISOs] the big dream of the world of employees - shares in a venture capital fund.. all funds that specialize in cyber go after CISOs and entice them with dinners, conferences, and some also offer them holdings in the fund. However.. he perfected it to a completely different level.. No CISO has ever received compensation for purchasing products.. They receive 4% of the success fees of the general partner (GP) in the fund.
I'm marginally in the IT space... Is there anything to my reaction that at least in dollar terms this is a multiple of the dollar amount of what Whatsapp was acquired back in the day, which was a large consumer facing product that I could see was quite literally taking over messaging all over the world, and this is a... platform I've never heard of?
Wiz is enterprise software aimed at and popular with large companies that need to check all the compliancy boxes, and according to sources used by >40% of the Fortune 500 companies. It's also only 5 years old, so that's a ridiculously fast growth.
Valuation multiples for a free direct to consumer messaging company are very different to a paid-for b2b cybersecurity company. It doesn't really matter whether you've heard about Wiz, the important thing is every CISO has heard of it and many of them are prepared to pay actual money for the product.
True, but the vast majority of people spend zero money on WhatsApp. I actually have no idea how I would give them money. There are no adverts, the metadata is not valuable, and no companies even use WhatsApp business, at least in the UK. Their UK revenue is basically 0, despite 100% market share.
This is an enterprise product in a space where companies spend millions of dollars.
As far as I remember they didn't ever really collect that money though. I certainly never paid it. I'm not sure they ever even implemented payment on Android.
WhatsApp purchase was for that sweet sweet data of everyone's contact lists (this was their original innovation for onboarding — just give us access to your phone book and we'll tell you who else is on WhatsApp). Their earnings were completely irrelevant in price discussions. The billions were paid for the dataset.
How do they spend insane amount of money in targeted ads and all the ads I get are useless?
I constantly get ads to learn how to code. Ok I've been doing that professionally for over a decade and I have a real degree from a real university… why would I do some online programming course?
Just think: This company is 5 years old. That's just 1825 days, or 43800 hours, and they've created $32B of "value" in that time. That's an average rate of almost $750k/hour continuously. Incredible.
I have no idea how these corporate acquisitions are valued.
Craftsman Tools was sold to Black and Decker for $500 Million. This was and is a respected tool brand with an international presence making physical and tangible products and it is apparently worth 1/64th of Wiz.
I'm not even saying Wiz is overvalued, I don't know, I'm just not sure how they come up with these numbers.
I think the main calculus is around estimating future profits. Do they make a profit? Is it a crowded space? Is the market space growing? What assets do they have? People, land, factories, or intellectual IP? Etc etc.
I don’t know the details of either deal but it’s easy to imagine a case where Craftsman tools is just a brand in a crowded market with no special sauce. For example Sears never even made the tools, they outsourced it. Also it sold for 900m, 500m was the initial payment.
> Also it sold for 900m, 500m was the initial payment.
Yep, you're definitely right, I misread. Still less than a billion.
> I think the main calculus is around estimating future profits. Do they make a profit? Is it a crowded space? Is the market space growing? What assets do they have? People, land, factories, or intellectual IP? Etc etc.
Yeah I guess that makes enough sense, though I have to admit that sometimes it feels kind of removed from reality sometimes.
Google has some amazing negotiating skills - paying 50% more for something they literally tried to get not even a year ago... (they tried to get it at 23 billing not even a year ago)
Yeah, but Instagram and WhatsApp have billions of users. Everybody has heard of them. Advertising on Instagram generates revenue.
Wiz is a SaaS b2b startup. Even on a forum for startups most people haven't heard of them.
Wiz reportedly has a revenue of 750m. It would take Google 30 years or more to break even on this deal. But like all bs startups Wiz will fade into irrelevancy 6 months after being acquired.
The difference is that Google is the worse product company among the big tech companies. It’s like the modern day Yahoo! - where acquisitions go to die.
I don't know man, iPhones and Macs are really buggy, bloated/full of unnecessary features, and user hostile. Microsoft products are also hot garbage. The cars we get to pay tens of thousands (or even hundreds) are pretty much garbage now. It's not just Google.
I am not talking about opinions on quality. I’m talking about objective measures in introducing a new product that moves the needle as far as revenue/profit and market share that is not cancelled quickly
Again, the parent's point stands. Apple is not changing the game with Apple Vision Pro or Apple Intelligence. Microsoft isn't getting accolades for Windows 11 and Copilot. It's not always smart to bet the farm on a product that nobody wants to pay for.
Objectively speaking Google is one of the few companies that saw where the puck was headed and skated there. They built TensorFlow, they sponsored serious local AI research. Now they build their own in-house training and inference hardware. Relative to the struggling we see from the rest of FAANG, I would argue Google is perhaps the only successful competitor left. I despise their monopoly abuse of AdSense, but they're not going to be effectively prosecuted with protectionist American policy defending them. Google "won" the services sector and now everyone and their mother is butthurt.
TensorFlow is a technology not a product. Having things in a “research” lab are not products. What product have they introduced in the past decade? 15 years? Android is the only one that has gotten any meaningful traction.
Does Google have a better LLM based product than OpenAI’s ChatGPT? Well personally for my use case, NotebookLM is better for some things. But it isn’t a better product for most people.
Androids position is so bad in the market as far as convincing consumers with money to buy one, Google has to pay Apple $20B+ a year to be the default search engine. I wouldn’t be surprised if Google pays more to be the default search engine on Apple devices than Google makes in mobile for Android.
From a consumer standpoint, Android has seen declining market share in the US, the Nest acquisition is floundering, Stadia was a failure, Pixel ships about the same number in a year that Apple ships iPhone in a a couple of weeks, WearOS has gone nowhere, no real tablet strategy (I Chromebooks have been a success in education so that’s kind of a mitigating factor), their tv strategy has pivoted a half dozen times, their messaging app strategy is schizophrenic (they had 5 separate messaging apps simultaneously at one point), AI summaries for Google search are half baked.
On the business side, GCP is just pathetic. I don’t mean as far as technology. But their account management, enterprise sales team and customer service is lackluster. I mentioned in another comment that when I worked at AWS ProServe, we never considered them a serious competitor.
GSuite has gained some traction in smaller companies. But hasn’t made a dent in government and enterprise where the real money is.
Look at Microsoft and Apple’s product mix as far as successful profit generating products and compare that to Google’s.
Almost every part of the iPhone is also based on acquisitions. Android was a bad BlackBerry knock off before Google acquired. Android as it exists today is mostly Google.
YouTube and even AdSense were based on an acquisition.
Heck, Apple as we know it today was based largely on the Next acquisition.
This is meant to be politically-neutral commentary: this deal doesn't happen without a Republican in office that will squash the antitrust bent that the Biden administration started.
It's also possible the last Wiz deal happens without the antitrust swirling over Google.
> FTC Chairman Ferguson and Omeed Assefi, Acting Assistant Attorney General of the DOJ’s Antitrust Division, announced on February 18, 2025, that the FTC and DOJ will continue to use the 2023 Merger Guidelines as the framework for their merger review process.
Rump likes to play favorites and use any power at his disposal to hurt his political / personal enemies or people he thinks don't "respect" him enough. He also is a fan of extorting people.
So I wouldn't count on it based on some generic "pro-business" position. Google is going to have to kiss the ring one way or another.
I just don't think the anti trust case is as strong in the security industry vs. many other parts of the software industry. I don't think a Biden admin would necessarily have jumped to try and block this sort of acquisition either.
Since Sundar took over as CEO at Google (August 10, 2015):
- Google is up 5.2X - I am not sure how you got 152%
- Apple is up 10X
- Microsoft is up 8.25X
- Netflix is up 7.45X
- Amazon us up 7.28X
- Facebook is up 6.27X
Google has the worst returns in ten years of the FAANG(+M) companies. A 5X increase in ten years is still phenomenal, but it's important to not look at that number in isolation.
And for fun:
- Nvidia is up 207X
- Intel is down 12%
- The S&P 500 is up 2.72X
Microsoft was also up by leaps and bounds when Ballmer was in charge and RIM had its highest market cap in 2010 - three years after the iPhone was introduced.
That has nothing to do with whether Google has the ability to create new great products and it has failed miserably at that over the past decade.
This is probably a dumb question, but what does all cash mean? Does it literally mean that they are putting $32bn in Wiz's bank account (or probably some kind of escrow, who knows) which then gets dispersed to their shareholders?
What usually happens otherwise? Would they do partly google stock, etc? And each shareholder gets some kind of multiple? (you get your N amount of Wiz shares X .72 = your number of google shares), or something of that sort?
> Does it literally mean that they are putting $32bn in Wiz's bank account (or probably some kind of escrow, who knows) which then gets dispersed to their shareholders?
Google pays each of Wiz's shareholders 75-90% of the deal amount. The remainder is held in escrow and paid some time later based on a variety of conditions.
> What usually happens otherwise? Would they do partly google stock, etc? And each shareholder gets some kind of multiple? (you get your N amount of Wiz shares X .72 = your number of google shares), or something of that sort?
In an all cash deal the Vendor (buyer) will purchase all shares of the Target (seller) for cash and cancel those shares. A substantial amount of the cash will be held back in escrow subject to a number of clauses and released at a future date.
This will protect the buyer against misrepresentations.
There are often also targets that have to be met to achieve the full purchase price but not always disclosed
Yes on all of that. All Cash means Google is essentially writing a $32Bn check which is dispersed to the Wiz shareholders. (It wouldn't go to Wiz's bank account since Google owns the bank account once they send the money.
Typically these involve at least some stock (cash + stock or all stock) which would mean that each Wiz share gets some amount of money and some multiple of Google stock per share.
Ultimately they are buying the shares of all existing shareholders. Wiz tells Google who the shareholders are after all triggers of options to shares are resolved. Then Google wires each shareholder after the signatures are complete. No money should go into Wiz bank account. 10-25% of the cash is held back to make sure the company and key employees fulfill promises made as part of the transaction.
There's going to be teams of lawyers and financial managers that will guide that money into various financial structures and / or shell companies so that none of it shows up on the records used to calculate that.
I have had shares that are 1. force sold, 2. shares that were force split into two companies and 3. shares that are force acquired so they become another companies shares.
Lol coincidently had some publoc traded shares force sold last month. Didn't realize (they didn't send me an email). I have a weird ability to pick these kinda stocks! Unfortunately it hasn't been a profitable strategy.
Part of the acquisition process is putting together a “funds flow” which is simply a model that lays out how much $ each shareholder gets and then also you collect all the wire details, etc. But anyway, it can be a bit surreal seeing how much cash will be deposited into various accounts once the deal closes
Otherwise it depends on the deal structure. Especially if it's an acqui-hire, or founders are involved, it can be a combination of shares, options, earn-out, guaranteed bonus, certain salary levels (much higher then their current one) etc etc, and cash. Usually 100% cash deal is the most sought after unless the acquirer has a very solid business (in that case shares and options could be valuable too).
Almost any infosec professional whose company uses an IaaS provider (AWS, GCP, Azure, etc) has heard of them. They are probably the most notable tool for assessing your "Cloud Security Posture". It basically looks at your cloud configuration and alerts you for security issues caused by mis/sub-optimal configurations. It also identifies vulnerabilities, software updates, permissions issues, etc.
I'm sad they're being acquired, especially by a FAANG company. This constant consolidation is bad for IT (and the economy in general). I am happy for the employees holding shares though!
[narrator]: Excellent, until now! Soon, their beloved cloud infra security scanner will to be sucked dry of all the juicy usage data on AWS and Azure customers, bled of its innovation, to be discarded in a few years time...
I like it too. Don't care much for google buying them, it can only end badly.
Would any evidence convince you that wiz-the-product exists? there are tons of comments on the thread, people discussing it on reddit, integrations with all sorts of products, stackoverflow questions about wiz terraform provider, tons of image search results for "wiz.io dashboard" (most outside of wiz.io domains)...
I've seen them at trade shows and heard good things. I had also heard that Google tried buying them last year but it didn't go through, I'm curious about how/why they did it now
What I read is that last year they weren't sure yet if they wanted to go public instead, but the current financial climate isn't good for going public so they went for an acquisition instead.
I feel like there may be better ways to address your points without insulting the person you're replying to... Any chance you'd be willing and able to compose a reply that adds credibility to your claims? Or is this more of a "grudge against that commenter in particular" sorta thing?
I've used wiz in a previous job. Its a good product. I don't know if they invented disk snapshot based security scanning, but they certainly popularized it.
Companies like CrowdStrike have copied a lot of what Wiz has been doing (and I'm sure wiz has copied some CrowdStrike features).
This announcement is pretty disappointing to me. I would have more faith in Wiz as an independent company than as part of Google. I expect their innovation to fall off a cliff.
I am suspicious of the acquisition and critical of its founders. But at the same time I'm sitting here looking a Wiz logs and dashboards. The product is certainly real.
please stop: you're spamming this thread and there are enough people here who have experience with the product and claiming they're lying just doesn'
t pass even the most basic tests.
This seems like a silly and ridiculous acquisition. Surely for $32 billion almost any security technology could be replicated? You could hire several thousand best in class engineers and build whatever Wiz has in house… buying this almost makes it seem like Google has no idea how to build new innovative products, which I guess a lot of people already think.
For Instagram and WhatsApp it was the user base and growth that was being bought, which is much harder to acquire than some random B2B saas security software.
This is the answer, Wiz already has a foot in the door / running contracts with huge cloud consumers, but not all of them are using Google's cloud. I wonder if Google tries to earn more money off of competing cloud platforms by offering services like this.
Revenue from Wiz's customers will not make back $32 billion dollars even in 30 years.
Wiz's technology is irrelevant. I think Google already scans for vulnerabilities and misconfigurations. And can build similar for low millions of dollars.
> You could hire several thousand best in class engineers
How easy is this? Especially if you're doing it on an accelerated timeline, it seems like you'd have to pay above market to poach thousands of best-in-class engineers, and then you're stuck with higher salary expenses forever.
Google already employs some of the best software engineers in the world. In fact they’ve been laying off thousands of them. Google, like most big companies struggles to innovate because succeeding at a big company and making something fresh and new are different and often mutually exclusive skills.
If they could have built it themselves they would have.
Apparently they tried to acquire Wiz last year already, which means they've been thinking about it probably since before they let all those engineers go.
There is actually some drama between Wiz and Orca, a company founded one year before Wiz. Orca alleged Wiz copied them, and Orca does operate in the same space. But a lot of hundred billion dollar companies are built on moats, integration and switching costs.
Yeah but Google is a trillion dollar company. Why do they need to spend $32billion on a company whose only value add seems to be they are good at finding exploits? You could hire every cyber security researcher in the country for $32billion.
It is a difficult question to answer. For example, why did Google acquire YouTube in the early 2010s? A platform technically and engineering wise similar to YouTube would have been very easy to replicate. IMO the best explanation goes back all the way to the days of Standard Oil/Carnegie Steel company - and quite possibly even the East India Company. There's an enormous benefit to consolidate various businesses under you and create a monopoly. Today in tech, monopolies are far from being as straightforward as being the dominant producer of a commodity like oil or steel. But there's undoubtedly some similar mechanisms involved. Synergy is one way to put it, but I think it's too restrictive.
I think the other part of the equation missing is if Google did create their own Wiz, Wiz would still be on the market, and it'd be a bitter fight which they could very well lose.
Google did in fact have a product that was technically similar and in fact superior to YouTube. Remember Google Video? It was better and people hated it.
Extracting this from my comment on a subthread to add color to the discussion here.
They announced in a blog post that they went from $1m ARR to $100m ARR in 18 months (Feb 2021 -> July 2022). [1]
Reuters in the article posted here reports they were at $500m ARR when they last raised in mid-2024, meaning they went from $100m to $500m in around 2 years.
One would thus speculate they are likely a few hundred million above the half-a-billion figure today.
The multiple still appears a little high to me (particularly given it's all-cash, which Google doesn't even have) but what do I know.
Sorry. I pulled my figure from the article in the post which claims "Google had $23.47 billion in cash and cash equivalents as of Dec. 31, implying it might have to seek financing for the deal."
It’s a security-as-a-service platform that monitors whatever clouds or systems you plug into it for security vulnerabilities, but is built specifically for public cloud service providers and their workloads. I quite liked the product, as it would notify my team of erroneous configurations, outdated AMIs, exposed ports, vulnerable workloads, and whatever custom policies we setup (e.g., SSH open between VPCs in AWS, rather than via a Jumpbox).
I loved the product when I used it (huge improvement over Nessus), and am immensely disappointed Google owns it as it means I’ll have to find something else going forward. This is the sort of acquisition a regulator should block, because Wiz really is best-in-class at what they do for every cloud they support, and customers benefit more from it being agnostic.
It is a very legitimate tool. It identifies misconfigurations and vulnerabilities in cloud deployments. Anything from a container with a known-vulnerable package in the manifest to a workload with improper firewall rules.
I understand those (I haven’t used them) to primarily be about software composition analysis. Wiz does that, but they are mainly known for Cloud Security Posture Management (the “you have an exposed S3 bucket”, “you have a workload with no inbound firewall”, “etc.”) and integrating things like SCA to increase alert fidelity (do you care as much that a workload has an inbound ACL allowing MongoDB connections from the Internet if the workload isn’t running MongoDB?)
Wiz is closer to the CNAPP field instead of the software composition analysis tools you mention, Snyk would fit here for SCA.
Sysdig, Palo Alto's Prisma Cloud, or a few others compete with Wiz's CNAPP offering. Wiz also strays into some SCA and SCA-alike tooling for containers, code or XDR with their CDR/XDR products log ingest and agents available for response/quarantine.
Basically give it read access to your cloud account, and it will scan all of the resources to identify potential miss-configurations. Identifying CVE in software is one thing, but it's identifying incorrectly configured resources that would otherwise be secure can dramatically reduce the risk surface.
A lot of cloud providers already have little hints like "hey - did you mean to create this account in God mode?" or "It is recommended not to create this god mode json key file" - Wiz is taking this to the next level of detail
Would also be interested in this. I don't know anyone who uses Wiz. Google says they had 350 million in revenue last year, aiming for 1 billion this year. So 100x revenue TTM. Crazy stuff.
That's because A) big companies that use it don't really like bragging about their security tooling, lest it be used to better profile their infrastructure by attackers, and B) it's basically enterprise-only and insanely expensive.
Source: worked for a large enterprise company that used it, and I loved it. Phenomenal tool, will be a shame to see it die (or at least its non-GCP aspects wither and die) under Alphabet's ownership.
They were the one's to first report on DeepSeek's recent data leak, and they've found a few others.
One exploit I remember Wiz finding was "ChaosDB". A flaw in Microsoft's Cosmos DB allowed anyone to use the default-enabled Jupyter Notebook to basically dump and modify anyone's databases, without authentication. Full admin access.
My last company used it to complement other cloud security scanning products. It’s probably a bit of an understatement to call it a scanning tool. It was easy to integrate with our other systems so we could assign vulns to different teams.
The cloud computing market is ~$600B annually. Google has a market share of 12% in it while Amazon sits at 30% and Microsoft at 21%. I'm assuming this is Google trying to stay competitive in that market.
> Even growth stocks have about 5x the price to revenue.
A PE of 5 is not a growth stock - that’s the kind of PE you’d see on a barely surviving mid-cap in decline…. The combined PE of the S&P500 is in the low to mid 30s these days!
PE is not the same as PS (price to sales or revenue). Startups and growth companies are often valued by PS since they have revenue growth, but are often not yet turning a profit (making their PE < 0).
Interesting, could it be that their software is built by Gemini, the acquisition is managed by Gemini, and the Gemini in Google made a $32B deal with the Gemini at Wiz?
Wiz seems to only be about 4 years old, as per wikipedia. That valuation in such a short amount of time surely must be some kind of record? Or am I missing something?
~5 years by now. But there is a bit of fine print. The founders all founded another cloud security company in 2010, which was acquired by Microsoft. They were all graduates of Israel's famous Unit 8200. So while the literal company was founded in 2020, it is very likely a lot of both the knowledge, expertise and quite possibly product was already in development before it.
Not sure if it's a very wise move to hire foreign intelligence offers and give them access to the core of your tech products and to the customers data.
A dumb conspiracy theory. Israel has mandatory conscription (barring some cases), and many of the smart ones are recruited into Unit 8200. It's not surprising that they go on to start cyber companies once conscription ends, given that's a major focus of the Unit.
For me it's enough that if Chinese intelligence officers were founding software security companies, I'd not use the product. It's the same idea for Israel. Conscription just makes it worse, because more of their citizens are then suspect.
Not supporting people who take part in the crime of persecution, is a nice side effect.
So you think they shouldn't be trusted because they have ties with a foreign nation or they should be trusted because their foreign nation is really a puppet state of your nation?
It's unclear to me what you're thinking besides the wish to troll.
yes, every 8200 founder i know already has the next product ready to launch in alpha the day after the time limit on their previous acquisition runs out
You joke, but something similar happened at my old company, and I suspect it's relatively common for serial entrepreneurs.
The founders, who are now flush with cash, time and ideas; are quickly speedrunning the steps creating their previous company, in the same market, but now with more access to capital and employees from their previous company who would rather work for a startup than a large conglomerate, while fixing all the mistakes from their previous venture.
I 90% meant that it was the skills, industry knowledge and connections/reputations they built before Wiz, but it is true that most companies are conceived and planned far ahead of their actually registrations. Sensible people don't exactly just quit their jobs and start a company in a few days. They conceive, do research, discuss and (I suspect in Wiz's case) prototype before they commit. Its definitely a smart move, there's a very real valuation and PR advantage if you delay your actual founding, so your time to X revenue looks shorter.
This feels like Waze, founder origins and name similarities aside. Google acquired them in 2013 for $1.3 billion, and it is still a standalone app, without being fully integrated into Google Maps.
It makes no sense for a company to have two mapping applications, yet 15 years later, more than a billion paid, one of the most valuable companies in the world failed to integrate another app.
Most people using Waze have no idea that it is owned by Google.
>The stock was down 13% this year before Tuesday on worries over its hefty AI spending against the rise of China's lower-cost DeepSeek and a pullback in tech giants that led the market for the past two years.
Absurd take. Google is the one AI company that is not completely dependent on Nvidia because they now use their own TPU chips for both inference and training.
I think Google sees a fast growing company and is acquiring it. Many GCP related acquisitions are weird, like Looker, Apogee and are awkward fits. Unsure how this goes.
tbh all of this sounds extremely suspicious. nothing they do google can't do, market share is not there for $32B, it's a couple of years old company. If it's not money laundering, which I presume it's not, what is it? It doesn't make any sense.
This is one example of ways that the US empire supports the economy of Israel (the 51st state). I would be very surprised if there isn’t a political element here.
Currently, Crowdstrike, Zscaler and other solutions compete in a similar space than Wiz.
Google likely believes if can offer Wiz sec products bundled with Google Cloud. It isn't a terrible idea.
But Wiz itself works on multiple clouds, so it seems that Google can also grow it on their own.
Cloud security companies are growing a lot, and might be a growth lever for Alphabet, as its other businesses' revenue growth are slowing down.
My assumption is that this will actually make it easier for Crowdstrike and Zscaler to keep their market share, as they are pure-play companies on Cloud security and Alphabet has too many businesses to manage.
For me, it looks overpriced. Wiz has been growing a lot, but under Alphabet it might not perform as well as it did.
The big winners are the founders and whoever owned Wiz options.
There is a not-so well known fact about Wiz. Wiz is backed by Cyberstart. They are notorious for running a pay to use thing for CISOs. TLDR; there is a round about way the CISOs get paid for using tools backed by them. Therefore the startups backed by them appears to be fast growing.
- Businesses pay the cloud providers to allow them to use compute/disk/network
- Businesses pay to hire the engineers who can work on cloud
- Businesses pay to hire security engineers who can secure the applications in cloud
- Businesses pay to hire FinOps to optimize their cloud usage
- Businesses hire security companies to secure their cloud usage (e.g. Wiz was one such company)
- Now cloud provider has to acquire the security company to secure their own cloud?
Either I am too old, or there is something wrong here. Let's not forget that at the same time many big businesses do just fine by not using AWS/GCP/Azure.
> - Now cloud provider has to acquire the security company to secure their own cloud?
No - this acquisition is about selling Wiz to cloud customers. Deploying on cloud securely is a solved problem if you set and follow good policies. Virtually nobody is doing this, ergo companies like Wiz that will tell you when you're doing something stupid.
Is it really that hard? like I listed out, it is definitely not cheap. There isn't a shortage of skilled engineers in IT after massive layoffs. What's the catch then?
You can provision a vm with a click and then after a few years nobody has any clue what these machines do, if they're still needed and if their access levels are reasonable.
Google already owns GCP. Wiz obviously built something that differentiates themselves and fills a need. I am sure they support GCP. If so, why would google not copy and develop this functionality themselves instead of buying them out?
Among the wiz customers if they use GCP already then surely they will be willing to try the functionality of google builds it.
If the customer doesn’t use GCP, chances are they wont move to GCP and probably move away from wiz too after the acquisition.
I don’t get why they bought them instead of copying them
Data for nation state espionage and industrial espionage?
Whoever owns Wiz obtains read only access to large company and government cloud networks. Even in the Wiz outpost model where the scanning engine is deployed into the user's own cloud network, results from scans are sent back to Wiz Cloud, and this includes sensitive information such as "Installed packages, Exposed secrets, Malware detection".[1] For an example real world deployment, GitLab SaaS public documentation expects the "Wiz Runtime Sensor" to be installed in every container.[2] This Wiz software requires highly elevated privileges to a level that the GitLab security risk assessment only briefly describes.[3]
The data Wiz collects on customers appears to allow answering of queries such as:
1. Which containers of government agencies in country X have the xz-utils library installed? Of these containers, what other software is installed alongside? How many of these containers are exposed to the Internet, directly or indirectly?
2. Which government agencies in country X have a publicly exposed service vulnerable to CVE-20xx-xxxx?
3. For top 200 companies, plot the popularity of AWS or Azure service ACME123 over the past 12 months compared to competing Google service ACME456.
Aside from security risks of having sensitive information of entire governments or large organisations hoovered up by Wiz, use of the "Wiz Runtime Sensor" also includes the risk of an incident similar to the failed CrowdStrike Falcon Sensor update of 2024.
The criticisms above are not specific to Wiz. There are many other competing products/services with similarly poor architectures and lack of protection of sensitive IT system information of governments and large organisations.
This deal might be more than just strengthening cloud security—it could be a strategic move for Google’s multi-cloud positioning. If Wiz’s customer insights help drive migrations to GCP, the $32B price tag starts to make more sense beyond just a tech acquisition
In a recent interview , one of the founders claimed that one of Wiz smart moves was using a graph database for mapping cloud resources and their relations, while perhaps all other competitors used SQL or NoSQL.
It helped them “get to the point” quicker and “cleaner”.
"Israel literally owned Congress" - Donald Trump [1]
There has been a full and total coup of Zionist influence peddles over over the United States government. This is the lens in which you should look at this deal.
The Department of Education is on the verge of being abolished, and the remaining skeleton staff have been redirected to investigate cases of "antisemitism". [2]
The administration is weaponizing 'antisemitism' to unleash once unthinkable retributions against opponents of the State of Israel. The Zionist lobby is using the full levers of the US government to direct their wrath against opponents, and no one is being spared, not universities, students and even entire nations.
It would be naive to think the leadership at Alphabet are unaware of that good things happen when you be good to Zionists.
It's really a shame really, from 'Don't be Evil' to funding decades more years of 'Israeli Americans' using this wealth to funnel to AIPAC and other nefarious political causes. [3]
> "Israel literally owned Congress" - Donald Trump [1]
Let me guess, when Trump says some crazy exaggeration you will immediately believe him if it sheds a bad light on Israel - but only then. Otherwise you wouldn't believe him because he's a pathological liar right?
The silly thing is he said it was a decade ago and today its the exact opposite, so that doesn't agree with what you said at all.
My take on why Google bought Wiz is pretty straightforward. First off, Wiz brings a rock-solid CRM loaded with all those juicy contracts from the top cloud players. Add to that a proven enterprise team that knows exactly how to sell the product, and whom to sell to. And you’ve got a recipe for success. Every Wiz win is just a possible upsell for GCP; especially when GCP isn’t even the market leader in cloud. IMO, it opens the door to a whole lot of sales opportunities and deep-rooted relationships with top-tier cloud customers. To me, that all points to a pretty hefty price tag on the table
I imagine Wiz was smart enough to include a big payout if the acquisition doesn't go through. There is a ton of attention on Google by both political parties in the US and the EU is not a fan either.
Wow. I wonder how Google justified this acquisition. I fear they will eventually shutter this service, and likely without even pulling anything good into their own cloud offerings.
What the hell is "Wiz"? Some nobody company that was formed <5 yrs ago and now gets acquired for _$32B_
G might be the modern day IBM.
You would think G would have the brain power to compete and provide out of the box security for their own platform. I guess the MBA losers at the top have been shaving too much from engineering to do this properly.
The acquisition hiring in big tech is wild to me. And the consolidation of power into a few companies continues.
With ~half of the Fortune 100 as paying customers.
I get it - most people here aren’t in cybersecurity, nor do they understand the space, but let me put it this way - if you are looking for the top 5 cybersecurity companies by mindshare of people in the industry, Wiz is in the conversation.
Agree with most of your points, the one correction (that I think is important) is that they were the fastest from 1M ARR - 100M ARR. Not a straight fastest to 100M.
"The first sales come from the loyal CISOs who work with the fund. Although it may be considered "small money", the jumps between the first stages of fundraising are the most difficult. “Until a ‘regular’ startup company reaches sales of $2-10 million it grinds itself to a pulp, but with Gili Ra'anan, this happens in the first year of sales. He creates a mechanism that is difficult to compete against because his companies immediately jump to a valuation of $100-200 million, raise more money, and then also have more resources to compete later,” a partner in an Israeli venture capital fund tells Calcalist. “With a seemingly small purchase of $100,000-$200,000, a CISO increases a startup's value by dozens of times.”"
...
"I recruited a new CISO for a financial organization that I managed out of a desire to refresh the cyber defense system. I gave him a free hand because I trusted him and I see this position as a position of trust. Six months later, I noticed that, surprisingly, almost all of the new logos that the CISO introduced were portfolio companies of Cyberstarts [Of which Wiz is their most notable]," describes a former senior executive at a large financial institution in the U.S. "It's not that these were necessarily bad solutions, but that some of them were a very low priority for us or solved problems that were not particularly urgent. After I confronted the CISO on the subject, he admitted that he is on the list of advisers of Cyberstarts and receives a percentage of the funds from them. Shortly after this, he left the company and immediately upon the appointment of a new CISO, I asked him to inform me if he was contacted by Cyberstarts. Within a few weeks, he had already received an email from them with a description of their kind of 'loyalty program' that details exactly what he will receive the more he works with the fund."
The Craziest part about Eddie was his business plan. Steal from your own company for 10 years, take the company public, gradually reduce your stealing over the course of 5 years to show a rapidly increasing profit margin, sell company to a hedge fund and cash out the profit. Then, go to jail for 8 years.
I believe that ‘cloud-neutral’ companies like Wiz must ensure their neutral positioning in order to gain support from various cloud providers. I strongly doubt the willingness of cloud providers like AWS and Azure to cooperate in the future. Google is not only making a major business gamble but also testing the waters in terms of antitrust and judicial challenges.
I believe this is actually the second time google has tried to buy this company too. They had to give them a too good to refuse offer.
While it seems like we aren't getting a ton of people who have used the product in the comments. I can tell you it checks a lot of boxes to make people sleep better at night with customer data in the cloud.
Is there lock-in for Wiz customers, besides the quality of the product? I understand the crazy revenue growth, fastest to 100m ARR, but surely this needs to saturate. Maybe half the fortune 500 use Wiz,but can you imagine 100% or even 80%? Who are their competitors?
In the meantime, the products that people used to use are decaying. Just today I found out that clicking on the departure date, and viewing the round-trip prices, then changing the departure date is broken in Google Flights. When Pichai leaves, it will be too late.
What changed from last year? The deal that failed?
The article says:
> The price tag is much higher than the roughly $23 billion Google had offered for Wiz last year before antitrust worries forced the startup to shelve the deal.
> Wall Street is optimistic that the Trump administration would drop some antitrust policies
Is that it? It's crazy to announce the deal before there's any actual policy changes. Why the rush? It's not like someone is outbidding them here.
> The price tag is much higher than the roughly $23 billion Google had offered for Wiz last year before antitrust worries forced the startup to shelve the deal. ... A harsh regulatory environment in 2024 had made it difficult for many firms to push through large deals, but Wall Street is optimistic that the Trump administration would drop some antitrust policies.
We use wiz and rapid7, so I can compare these two:
Usability of Wiz and the ability to adapt it is so much better. Everyone can get a seat without extra costs, enabling shift-left for the dev teams. Projects make sure they only see what they need to see.
The query engine is top. There are very good presets. Create Boards to share custom queries with the teams.
Compliance frameworks are available. You could inspect the rules, they are written in OPA rego and you could add your own rules.
Cloudtrail search is also a lot better than the one aws is providing.
I could go on and on and on .. this solution has so many powerful features.
The patents they received from Motorola effectively put an end to Apple's Android witch hunt.
Prior to this acquisition, Apple was determined to sue Android out of existence. They were on a rage-fueled mission to end a product they viewed as a copycat, and they knew Google didn't hold any patents to defend themselves.
When Google acquired Motorola's patents, the tables turned and it was Google that could end Apple or at least turn it into mutually assured destruction.
Those patents alone were worth a hundred billion for the headache they saved Google and the market position they opened up.
This was one of Google's smartest moves of all time.
I definitely did not consider this earlier. Do you know of some other big examples where monetary loss was actually a win when considered in an overall context?
Can’t help but predict that this will be a similar outcome. If they did not have a security division, this acquisition could work. But colliding two heavy security behemoths together is like the collision of two galaxies with a higher enteopy.
What I don't understand is how you get to a valuation of $32B. My quick googling showed me that the revenue for Wiz is about $700M. Even if I assume the existing customers + name + platform/assets is worth several billion, where is this number coming from?
To be clear: I am young and ignorant. I am trying to learn, not criticise
My estimation is that there is another competitor that they wanted to out compete ... like Facebook paid $19B for whatsapp to outcompete google. The maximum market cap Wiz had was $13.2 Billion. So Google is paying 3x times the price.
> Wiz has agreed to a termination fee of more than $3.2 billion, a source told Reuters, one of the highest fees in M&A history.
Not sure how they can afford this if it doesn't work.
Why? I have a hard time believing the engineer at Google see Wiz as innovative. The front page of Wiz.io reads like a bunch of sales bullshit. I built a security posture dashboard for a competitor and I would not say it's worth anywhere near 1b. Is Google such shit now that runtime scanning in a k8 cluster is worth billions?
Does this mean the Wiz app is now going to include free person category filters for their security cameras? Instead of constantly asking you to subscribe
"Enterprise" and "you know what you're doing" don't go hand-in-hand. You might know what you're doing, but does everyone else at your enterprise?
Every single devops person who can push a CL to staging (that may not get properly reviewed)? Every marketing whiz who is using a dataviz tool against a cloud storage bucket you didn't even know existed? Every support engineer who is on-call at 2:#0am and can fix a customer's problem with one tiny IAM change?
That being said, one of the reasons these things sell is that the majority of people sitting behind computers in large enterprises absolutely DO NOT have any idea what they were doing.
Once you get to a certain scale, the idea that you can "just be competent" and maintain high standards and configure your boxes the right way the first time every time btecomes logistically impossible.
Liability and insurance also is a big concern for large companies. The ability to blame somebody else for your security failings and check off all the silly boxes is pretty valuable. I'm sure consumer windows antivirus software would become a big hit again if you were for all intents and purposes being legally strong armed into purchasing it.
This is just how tech has worked forever. Large established companies are not great at developing new products, so they buy startups. Youtube was a startup. Google Docs was a startup. Hell, Network Address Translation was a startup at one point.
Seems like an answer to everyone blaming Firebase,AWS, and other cloud providers for not forcing them to do basic security checks
Wiz will do it.
Always happy to see a good exit, good show.
I've worked with cloud for a long time. I sorta blame myself for not seeing the market for this and not starting up my own company. I was too busy messing with machine learning, but never going much beyond sentiment analysis. Had I also stayed on that path, and maybe had a few million dollars in startup Capital laying around I'd be a billionaire by now ( yes this is hyperbole).
Oh well, time to cry myself asleep as a forever middle class software engineer...
Sounds like Google is compromised through Trump to me, by paying more ( in kickbacks) to his backers. I don't think this will help Google in any way. In fact it will probably cost it, as it may be seen as 'compromised' by other state actors. Not a good thing especially when you are discussing security on your platform.
Because the one thing I don't think you can plausibly say about the security software space is that there is a lack of options.
It uniquely seems to be fragmented and messy compared to most other parts of the software industry,(not sure why, just saying what I observe.
So the market situation looks very different to the ones that the DOJ was going after (like Google in ads,if Wiz was a big ad company then maybe the government would be more interested in trying to block it). Wiz isn't even close to having some kind of insurmountably dominant market share in their specific area of expertise either.
Yeah, does WIZ just have a pile of 0 days that they are sitting on? Or a bunch of data stolen from various cloud providers. This is an extremely weird and suspicious acquisition imo.
Regarding the US I agree. One should not do business with Alphabet either and it would be proper to apply sanctions. This is the response I would have preferred from the EU, rather than some tariffs.
Israel does not represent the jews or judaism, and it is antisemitic to claim otherwise.
Maybe let jews speak of what represents them. Definite majority of jews have direct family connection to Israel as well as cultural ties.
If 75% of Israel’s population are jews, then who do you refer to, when you identify the people of Israel with their government? Do you mean the Arabs, the Druze and the Samaritans? Probably not.
I think most jews have refused to do aliyah, and jews are a common sight in protests against US-Israeli atrocities.
I also think you mean israeli palestinians, not "Arabs", which is a slur in everyday israeli discourse. It's a society with the informal slogan 'death to arabs', as you probably know.
Most israeli jews agree with apartheid and the genocidal politics of the state they live under. There are regular polls that show this, e.g. from the Israel Democracy Institute. Very few take action against the state on this issue, and the large anti-Bibi protests are general opposition protests, they basically want a deal to get hostages and prisoners out, and then resumed genocide, i.e. the line of the parliamentary opposition.
so it it state of israel, or society with a slogan death to arabs? can you decide? For me it’s clear from everything you wrote, so don’t sugar it up with "it’s about state". Here you clearly blame majority of Israelis of wanting a genocide. A generalization like this with so few arguments show your actual true motivation – hate against israelis and jews.
Among israeli jews that's the mainstream position. According to recent polling only 3% say that it would be immoral to ethnically cleanse the Gaza strip, and 80% support it.
You'll come across the slogan a lot if you start to consume israeli mass media.
Israel is more ethnically diverse than almost every country in Europe[1], what are you talking about?
Regardless, do you want us to think that it's fine for the Poles to have Poland, the English to have England, the Castilians/Basques/Catalans/etc to have Spain, etc, but it's somehow wrong for the Jews to have a country?
Would you have preferred they remained scattered across the globe to be at the whims of the majority Christian and Muslim populations in other countries? Historically that arrangement always ended up very badly for the Jews. I'm old enough to remember a time when western leftists saw eye to eye with the Jews about this, rather than take the side of fundamentalist dictatorships and radical Islamists.
I wouldn't be surprised if you consider yourself a progressive, but the comments you posted on this thread clearly show your biases and bigotry. Be better.
It is antisemitic to claim that Israel represents the jews or judaism. The ties between zionism, which is a predominantly christian movement, and antisemitism have also always been quite close.
Why is it fine with you to annihilate the palestinians to make space for the rather antisemitic project to drive jews out of their homelands? The british antisemitic colonialists didn't care, of course, they just wanted the jews out of Europe. Same goes for evangelical christian zionists, that also commonly see it as a perk that muslims die, and don't consider the much older christian communities in Palestine to be real christians. Where do you come from when you join this pretty distasteful movement?
As for "diverse" in Israel, there's a lot of state persecution of minorities, on racial, ethnic as well as religious grounds. Political minorities are also persecuted, you might even get harassed by the state for putting likes on other people's defense of international law on social media, and politicians like Ofer Cassif are constantly harassed and threatened by attempts to bar him from the knesset.
As for "radical Islamists", the israeli establishment is rather cosy with the genocidal and very islamist regime in the UAE. They're also cosy with european fascists and antisemites, because their interests align with zionist ideology, for example expulsion of jews from Europe and the eradication of "weak" yiddisch speaking diaspora jews and related historical revisionism regarding the Holocaust.
Against this backdrop and the ongoing genocide and several occupations I find it surprising that a global corporation decides to invest in israeli business on the scale of tens of billions of dollars.
Maybe it's a shakedown from the FARA violaters that have huge influence in the same government that just happens to be seriously threatening to break up Google. It would be a classic mob play.
It's a good time now that many of Google's employees might have their visas revoked for criticizing Israel. The era when companies felt they had to pretend to have humanist values seems to have come to an end.
You are saying this as if the founder is a normal civilian. The guy served in unit 8200 and 81 around the beginning of the 2000s(Second Intifada, first g a z a war, if not more), and overstayed his mandatory service.
This isn't a normal company, just like every Israeli security "startup" with founders coming from idf intelligence units.
Even ignoring this, 32b for such a company just doesn't make sense.
Of course the founder is a normal civilian. Israel has mandatory conscription so you'd expect any normal civilian to also have served in the IDF at some point.
It might sound weird to people from the US and many other western nations. Most people there aren't concerned with serving in the military - they either leave it to working class folks to serve, or they don't really have any neighboring enemies.
The Israelis aren't as privileged unfortunately. Israel requires all its citizens to serve so that its military is large enough and strong enough to defend against attacks from the many regressive and murderous regimes that surround it, or even better, deter them from even trying to attack.
Even if we took mandatory service as an excuse to serve for an occupation army, the guy overstayed his mandatory service, he chose to continue working in that intelligence unit.
I don't know where you live, but he lives in a country that's surrounded by theocratic dictatorships, failed states, and Islamist terrorists who livestream murders and kidnappings.
It's a military academy program deeply integrated into the research and development of the IDF and israeli military industry. It's where you go if you're really bright and really loyal to the genocidal aspects of israeli society and want to spend six years devoted to that.
There isn't much grey in airstrikes on starving children shivering in tents. No sane, healthy person would approve of such an atrocity.
The israeli political establishment commonly declares genocidal intent against the palestinians, and uses military, sexual, reproductive and other means, including starvation, to realise this intent. This isn't really something to discuss, the reader can just go search for video clips with threats and Amalek rhetoric and how perpetrators of heinous crimes are paraded in israeli television. Whether it will hold in court is uncertain, in part because international law is not just a legal matter.
Buying a corporation that has it's technical division under such a regime seems like a bad idea to me, and I would also find the founders history with that state quite worrying.
there aren’t any airstrikes on starving children shivering in tents if hamas isn’t using their tent for attacking / smuggling / planning terror. what you are doing is inciting hate against A PEOPLE. not criticizing IDF for bad conduct.
Terrorism is not legitimate – that’s pretty basic. And I think IDF is allowed to pursue the destruction of Hamas, because that is what international law says. If someone fires rockets that can kill thousands they are a legitimate target.
"IHL prohibits attacks that may be expected to cause excessive incidental civilian harm in relation to the concrete and direct military advantage anticipated. In the conduct of hostilities, causing incidental harm to civilians and civilian objects is often unavoidable." – Hamas leadership has planned and is planning attacks on Israeli civilians and destroying the Hamas leadership and militants is of a concrete and direct military advantage.
You should seek out palestinian voices that are interested in peace and life, not a death cult. To call the Hamas leadership "legitimate resistance to occupation" is just sick. They are bathing in luxury while Gazans die. They do not let the population to use their tunnels as bomb shelters. They sell the free humanitarian aid to extremely poor people, forcing the family members to sacrifice life and go join hamas, cause obviously that’s the only source of cash in the strip. You must be hating gazans even more than you hate jews, actually.
What do you mean by "Hamas"? In zionist parlance it is usually a euphemism for palestinians or arabs generally.
Do you get payed for hasbara or do you volunteer for some other reason?
Only a few countries consider Hamas to be a terrorist organisation. It's unlikely Bibi does, since he got Qatar to give him money in suitcases to drive into the Gaza strip, because banks didn't want to touch it due to the risk of sanctions. At the time he didn't think he could get away with genocide, but he likely does now.
There is nothing the armed wings of Hamas, PIJ, PFLP and so on has done or could do in the short to medium term that comes even close to what Israel is doing and has been doing for a very long time. You do not care about international humanitarian law or human life.
I've been looking at footage of maimed small children more or less daily for more than a year. Of course I feel hatred, as would any sane person. The difference between you and me is that I would like to see justice, I would like the perpetrators to be brought to the Hague and given due process, while you spread misinformation in the service of heinous crimes to help facilitate genocide and apartheid.
USA, Canada, the EU, the UK, Japan, New Zealand and Israel – all the countries that matter to me. I don’t care what Russia or Iran or other non-democratic, tyrant led countries designate the terrorists as. Especially the ones doing weapon deals with them.
It is a tragic situation where on both sides people lost families and feeling of safety, yet your concentration on hate doesn’t let you see the complexity and the fact that there are two sides to this conflict. You know nothing about me and what I would like to see.
As I said, there is a big difference between labeling the whole nation genocidal, especially ones who protect their families and criticizing government, specific IDF conduct – you are making hateful generalizations that aren’t going to bring any justice to anyone. You are only fueling hate based on lies.
I disengage. You are lying and your hatred has consumed you.
I struggle to see the issue here. Your perspective remains extremely polarized, regardless of the individual involved. You fail to grasp the conflict’s complexity and, as a result, demonize everyone associated with it. Just because someone joins the Israeli army doesn’t mean they endorse every action taken by Israel;
They enlist because they understand that, Israel being such a small country won't exist without an army.
Now you may not care, or even endorse such a development. But you can't blame someone who lived there all their lives and has families and friends all over the country to think and act the same.
Maybe if you explained that supposed complexity and didn't stop at an ad hominem argument your first parapgraph might have had some weight, but you didn't.
There is very little complexity to the "conflict". A political movement supported by antisemites wanting to get rid of jews at home established a state through displacement and eradication of the indigenous population. This state has continued applying these kinds of policies to the indigenous population and neighbouring states, and is dependent on foreign aid and the atrocious pillage of other countries, e.g. to support israeli diamond exports.
After the second world war there was an informal consensus that states that participate in genocide do not deserve sovereignty, a position that has since been eroded, in part by the main supplier of the israeli occupation. I understand how people that grow up in fiercely chauvinist and expansionist societies that are groomed since preschool to participate in military apartheid activities have trouble resisting these, which is why I don't believe israeli society can be a part of the solution to its occupation in the short term.
You literally went after someone just because they’re Israeli-could be my friend, coworker, or even me. If you single someone out like that, don’t be shocked when you get called out in return. And honestly, I’m not convinced my previous comment even counts as a real ad hominem-though sure, if it makes you feel better, let’s call it that.
But let's get one thing straight: calling the Arabs in Israel/Palestine "indigenous" while dismissing the Jewish people’s claim to that land is laughable. The very name "Jew" comes from Judea—this same strip of land-where Jewish history stretches back millennia. I’m not saying Arab families who lived there never had rights; of course, they deserve their own country too. But the idea that they’re the only "indigenous" group is just another cheap piece of propaganda, right up there with labeling the whole situation as "genocide" or "apartheid". People have moved in and out of Israel/Judea for centuries. Plenty of folks calling themselves Palestinian today came around the same time as the Zionists or later-just look at the family names that point to places like Egypt, Syria, Lebanon, and beyond Al-Baghdadi, Al-Masri (the Egyptian), Halabi (Haleb = Allepo, Syria), Hourani (from Houran in southern Syria), Tzurani (from Tyre in southern Lebanon), Hijazi (from the Hijaz province of the Arabian peninsula), Mughrabi (from the Maghreb). Hell, Arafat was born in Egypt.
My basic point is this: both sides do actually have claims. But one side made it pretty clear they weren’t interested in compromise and resorted to terror against civilians, starting way back in the ‘60s. Naturally, the other side fought back, and things escalated.
As for calling Israeli society "chauvinist", give me a break. Israel had a female prime minister in the ’70s, has had women on its Supreme Court since forever, and meanwhile the U.S. is still waiting on its first female president. So, yeah-save the grandstanding about "chauvinism". It’s not as black-and-white as you’re painting it, and if you’re going to throw punches, don’t whine when you get punched back.
> The International Labour Organization's (ILO) Indigenous and Tribal Peoples Convention, 1989 (ILO Convention No. 169), states that the convention covers:
>> peoples in independent countries who are regarded as indigenous on account of their descent from the populations which inhabited the country, or a geographical region to which the country belongs, at the time of conquest or colonisation or the establishment of present state boundaries and who, irrespective of their legal status, retain some or all of their own social, economic, cultural and political institutions.
> Several states do not recognize indigenous ethnic minorities within their territories as being indigenous peoples, and simply refer to them as ethnic minorities. Many of these ethnic minorities are marginalized from the majority ethnic population in relative social, economic and political performance measures, and their indigenous rights are poorly protected.
Note that Israel merely abstained from voting on the latter, rather then voting against like Canada, The US and Australia did (while 143 voted in favor).
The case here is pretty clear cut. By most measures which actually matter for the rights of indigenous people, Palestinians are indigenous to Palestine, while most Israelis are settlers, or close descendants of settlers who gained control over the lands through conquest and colonization.
It is in fact very reasonable to dismiss the (European) Jewish people’s claim to the land if we are talking about legal claims to indigenous peoples. Even though no clear definition has been widely adopted (perhaps for the better) most of the umbrella terms capture Palestinians, and hardly any captures Israelis. Denying the Palestinian claims to their indigenous lands is very much the behavior that the Decleration on the Rights of Indigenous Peoples sought to stop.
To add to this, the zionist movement also attacks jewish ethnicities and seeks to replace them with a new, modern identity. This is why they have a problem with yiddish and seek to replace it with an invented modern language, sometimes engage in Holocaust revisionism, are in constant tension with the haredim, used terrorism and similar tactics to try and force jews to move to Israel, and so on.
It follows from this view that the historical jews were weak, impure due to assimilation, 'freyers', which is why they were persecuted and subjected to genocide, and the new, zionist, jew is strong, muscular and will always make someone else the 'freyer'. And, as many zionists see it, will also be on the frontlines in the final struggle of the endtimes, where they will absorb the brunt of the violence and then convert to protestant christianity if they survive.
No, I did not. I "went after someone" because they have willingly contributed to atrocities. I don't think you should be doing business with people related to the al-Jolani or UAE regimes either, and if you do business in those territories it should be in support of resistance movements.
If you are israeli and support the state of Israel, well, yeah, then I think people ought to try and make you uncomfortable until you stop.
The palestinian indigeneity is much broader than the arabic language. There is no "Jewish people's claim", there is a zionist claim, i.e. a claim from a movement that mostly consists of christians, unless enough hindus have come to support it to outnumber them. Most of the foreign funding would still be from christians, I think. Either way, the territorial claims have little basis in either history or religion, it's an entirely modern idea that fused british and zionist colonial ambitions in the region with antisemitism, and later was inherited by the US.
You have a very colonial outlook, by the way. You look at this and think of people as "Arab", as if the people displaced by Israel that got their homes and homelands eradicated would be the same as people in Morocco or Sudan. It's fine to just drive them away and murder them, because something something Judea, and the empire needs a military presence to offset challenges to its oil extraction.
The zionists brought terrorism to the region and invented parts of modern terrorist tactics, things like market bombings. Palestinians have compromised, while the state of Israel has refused to and systematically murders its negotiating partners and attacks other neighbouring countries. The palestinians got nothing for their compromises, while Hamas has had some success with armed resistance, which, under occupation, is a right.
Israel mainly attacks palestinian civilians, while palestinian militants have for decades tried to avoid civilian harm. This is why the suicide bombings stopped, for example. Israel is also not a democracy, and is illegitimate on this fact alone.
I think the US is severely chauvinist as well. That "female prime minister" infamously said that she could never forgive the palestinians for resisting displacement and murder, and thus "force" the zionists to murder palestinian children.
The zionist occupations are atrocious and criminal. This isn't a grey zone, it's clear from international law and basic morality. You don't get to eradicate people and societies in this way. It was wrong when the russians did it to the circassians, it's wrong when christians and jews do it to the palestinians and lebanese. There are no excuses, and can be no excuses.
First off, to claim that "Palestinian militants have tried for decades to avoid civilian harm" is beyond absurd. Explain the deliberate massacres like the one at the music festival on October 7th—hundreds of unarmed civilians gunned down without mercy, no "selectiveness" involved whatsoever. Are we supposed to believe that’s "avoiding civilian harm"? That’s an absolute joke.
Also, those tens of thousands of rockets fired for over two decades are not exactly precision guided missles. They are very much aware that those rockets can fall anywhere - schools, homes and streets.
Second, saying there’s "no Jewish claim" to the land is straight-up ignorance. There is actually "Jewish claim", you just are not familiar with it. Jews have prayed in the direction of Jerusalem for thousands of years, many prayrs have a part about the return to Israeli homeland (here is one example - https://en.wikipedia.org/wiki/L%27Shana_Haba%27ah). It’s part of the jewish daily practice, woven into the very fabric of jewish identity. Meanwhile, Muslims face Mecca—not Jerusalem. Deny it all you want, but the Jewish connection to this place is ancient, tangible, and undeniable.
And let’s talk about your so-called "colonial outlook." Do you even realize Palestinians self-identify as Arabs? the Middle East is historically tribal and ethnic in its identification. This isn’t some "Western" lens; it’s how people in the region actually see themselves. Ironically, you’re the one imposing a worldview that simplifies everyone into a one-size-fits-all label, acting like it’s morally superior to note these distinctions.
Finally, about this "occupation" nonsense: the land in question was under British control—not owned by any Palestinian state—before Israel’s establishment. There was a U.N. partition plan, one side accepted it, the other side went to war and lost. That’s not some mythical, twisted story—it’s documented history. If you start a war and lose, don’t be shocked that you don’t get to dictate the terms afterward.
Honestly, the sheer amount of mental gymnastics required to frame Israel as pure evil while ignoring the endless terror attacks and outright massacres by Palestinian militant groups is staggering. You’re the one excusing atrocities by claiming they’re a "right" under occupation. It’s as if civilian lives only matter when you they are on your side of the political divide
Apparently you haven't watched any footage from those events. If you had, you'd have noticed that the unorganised second wave consisted of rather confused people mulling around, not knowing what to do, and that mostly they tried to take hostages and prisoners. There is evidence of some cruelty, like a grenade thrown into a shelter, but "hundreds of unarmed civilians gunned down without mercy" just doesn't hold water.
In total 364 corpses were found, including cops and irregular combatants and so on. It's unknown how many of those were Hellfire:d, likely a rather large portion judging from the photos of the aftermath where you can see pretty much every car at the location having been blown up by helicopter.
At the very least it was nothing like the deep cruelty and genocidal mania of the occupation forces. They use snipers to systematically target small children, as you should know.
Palestinians commonly ask 'where are the arabs?' when they're crying and desperate in the aftermath of some israeli atrocity. It is because there is very little community among the arab populations in the Middle East that has allowed for Iran to help supply and train armed resistance groups in Palestine. Palestinians know this better than you or I do.
Last summer the ICJ published their considerations regarding the occupation and deemed it illegal and demanded that it ends immediately. A year ago they found it plausible that Israel is committing genocide and ordered the state to stop with possibly genocidal actions. Consistently and regularly israeli pundits and politicians are confessing to genocide on national television, the Internet and so on. Here's the defense minister in a recent speech:
"Residents of Gaza, this is your final warning. The first Sinwar destroyed Gaza, and the second Sinwar will bring upon it total ruin. The Israeli Air Force's attack against Hamas terrorists was only the first step. What follows will be far harsher, and you will bear the full cost.
Evacuation of the population from combat zones will soon resume. If all Israeli hostages are not released and Hamas is not kicked out of Gaza, Israel will act with force you have not known before.
Take the advice of the U.S. President: return the hostages and kick out Hamas, and new options will open up for you—including relocation to other parts of the world for those who choose. The alternative is destruction and total devastation."
This isn't aimed solely at the palestinians, Israel is doing the same in Lebanon, where they destroy crops and forests with illegal weapons like phosphor bombs, and they systematically destroy homes, historical monuments and infrastructure. They also occupy lebanese territory, and they occupy Syrian territory. Currently they are also in breach of the peace agreement with Egypt. It is a criminal, expansionist state. This is surely evil. If it's pure evil? I don't know, don't care, that difference doesn't mean anything to me.
That's one video with material from the Nova festival, and no, as you can see, the palestinian ran after them for quite some distance rather than just kill them. It is unclear whether he tried to take hostages or not.
I've also explained that this event was unorganised and spontaneous, it wasn't an organised resistance activity such as I meant above.
To me this material prompts the wish for justice, with due process and so on, but you apparently believe it excuses occupation and genocide. I don't think we'll reach common ground here, in part because you also seem to think it should be fine to go on a molly roll next to a concentration camp and not risk harm.
No use arguing with such a hateful person, but other people can easily see what Gaza was before they launched their genocide against Jews on October 7:
https://x.com/imshinhttps://t.me/ImshinJ
Check how does "concentration camp" look before Hamas started a war at expense of the peaceful population on both sides. There are many "Before October 7" videos on there, all with timestamps and sources from clips that Gazans publish themselves. Luxury villas, luxury cars, cute restaurants and good life all around. Also very sick children were routinly treated in Israeli hospitals for free. The main obstacle for poor Gazans was Hamas and their governing. Hamas also managed to smuggle enough concrete to build a tunnel system bigger than NY subway, instead of pumping these resources into Gazan society.
Genocide denial and denial of state atrocities are illegal in some jurisdictions. Are you sure this is a risk you're willing to take?
At October 7th the Gaza strip was under occupation, with the population on the verge of starvation. That is not peaceful. It was also the deadliest year in a long time for palestinians in the occupied West Bank. An openly genocidal, kahanist-likudnik government had taken power in Israel.
Whatever "luxuries" got into the Gaza strip came through the smuggling network. And either way, armed resistance to occupation is a right. I'd argue it should be under apartheid as well.
again, there is documented video footage of good life, better than in most arab countries in the region. the fact you refuse to believe reality goes well with everything that you spew out.
and defense is a real right, unlike terrorism, if you pick violence, the other side will defend itself - so you are just glorifying more death, and are blind to your bloodlust, which is disgusting.
The occupier is the aggressor. ICJ published an advisory opinion last summer. Palestinian armed resistance is legitimate, within the limits of international law.
most basic thing the international law requires is for combatants to wear a uniform (a major reason why hamas is to blame for deaths of palestinian civilians), not to mention indiscriminate targeting of civilians, hostage taking, rape and torture, use of religious, medical and educational facilities for war purposes and more or less anything that is called armed resistance represents.
Right, if you believe that, start holding the IDF to that standard.
As a victim of occupation it's not illegal to form militias and use other irregular means of warfare.
Even if Abu Obeida dressed in babies it would not be allowed to kill them to kill him. The IDF murders civilians systematically and does not try to avoid civilian casualties. Much of israeli society and the IDF considers palestinian children to be "terrorists" in the making and hence legitimate targets, but international and humanitarian law does not support this position. But this is likely why doctors and surgeons commonly see sniper wounds in the head and torso on small kids in the Gaza strip, and it's why it's not uncommon to see video from the West Bank where some unarmed teenager is left bleeding out in the street while the ambulance is held up by the IDF some distance away.
It was illegal to take hostages, sure, but I'm under the impression that most that were taken on 7th were soldiers and that's another thing entirely. You also don't have any evidence of rape perpetrated by palestinians, while there is quite a bit of evidence for use of rape and sexual abuse against palestinians by israelis. Last summer riots erupted in Israel because some soldiers that raped one of their hostages to death were arrested over it, and a couple of the perpetrators were paraded on evening television as heroes.
your impressions don’t interest anyone, the fact is that rocket attacks and the 7th october as well as most of what you call resistance is targeted at civilians and you are a monster to try to find excuses for that.
hey, you, no need to threaten me, south africa doesnt stand a chance and your blood libel will soon bust when this ridiculous allegation will be put to a side. you are a hate mongerer and a liar, i am disgusted by you.
Calling the oct 7 terrorist attacks a genocide against the Jews it at best hyperbolic and at worst an apologia for an actual genocide. Your second paragraph makes me fear you are doing the latter.
I don’t think you realize just how hateful your post actually is. You are trying to paint a picture of victims of genocide that somehow deserved the horrors done against them, or at best denies the very real horrors another state is inflicting upon them.
After months and years of the Khmer Rouge doing the Cambodian Genocide, and after most international experts and commentators (except Noam Chomsky for some reason) concluded that the Cambodian genocide was in fact a genocide. Non-south-east Asians were still allowed to hold opinion on it. And further more, if somebody (like Noam Chomsky) would be spewing apologia for the Cambodian genocide, more people than just South-east Asians were allowed to call it out as such.
I just think you don’t know what you are talking about, not that you aren’t entitled to hold an opinion. You are spewing lies and hate, and the reason is your ignorance. None of the Palestinians who seek peace will agree with anything you typed out here. They understand really well that there are two foul players – Hamas and Religious Settlers (and Bibi who plays to their tune) and they seek ways to establish bridges with Israelis (just like Israelis do with Palestinians). But you have no idea about any of that, because you read Wikipedia, and BBC and random click-baiting press.
I don’t know what I have said constitutes either a lie or hate. I’m not making generalizing statements about racial groups, nor painting a picture about victims of violence which seeks to minimize or justify said violence. What I am doing is interpreting said violence in a less hateful way as you have, and pointing out how you interpretation is harmful.
Now I live around Palestinians, I have spoken with Palestinian refugees, both in Iceland and the USA. I have attended lectures from Palestinians, I follow Palestinians on social media (both the diaspora, from Gaza, West-Bank, and East Jerusalem). And my interaction with them paints a very different picture than you. The Palestinians I have spoken to don care about Hamas, they may even support Hamas, their primary concern is the Israeli occupation, and sometimes the Israeli settler-colonial national psyche (i.e. Zionism). They are way more pissed at the Israeli government, the behavior it has normalized, the support it gets from Israeli citizens, and the complicity from both Western countries, but especially the inactivity of other Arab countries. They may bring up religious settlers, but that would just be one example of a much larger list of the systemic oppression they experience. They may bring up Hamas, but that is getting into the nitty grit of Palestine politics, they are actually more likely to criticize Palestinian Authority than Hamas.
Now my experience in interacting with Palestinians is probably very skewed to the left. I meet people in protests, on social media I follow gay’s rights activists, etc. So no doubt there are more conservative Palestinians who’s primary concern is Hamas and religious settlers, however I don’t think that makes my view ignorant nor hateful, just a little biased. However if I were to reduce the Palestinian opinion to only include the more simplistic and conservative one, that would not only make my option ignorant, but also perhaps a little racist.
it is indeed sad to hear that so few of the palestinians you have talked to are interested in peace and introspection. hamas is objectively the main reason for gazans’ misery and yet you didn’t meet the brave people who speak against them. anyway, it is also shunned in that community (especially expats who go to pro-palestinian demonstrations) to doubt the narrative of the pro-violence factions.
I can recommend you to seek such voices if you really want to know more and to actually contribute anything rational towards peaceful life in the region.
> hamas is objectively the main reason for gazans’ misery and yet you didn’t meet the brave people who speak against them
This is the kind of speech I was talking about. You are shifting the blame of the Gaza genocide, and the Israeli occupation of the Palestinian territories away from the perpetrators of said genocide and occupation and onto the people who are fighting said occupation.
This is exactly the kind of speech which was very common in 19th and 20th century Europe and was used to justify their numerous genocide against indigenous peoples, who fell victims to European colonial conquest and oppression.
> People can be either child killing monsters or complete saints.
That's not OP's claim? Although, I'd expect anyone who claims to be G-d's chosen people (religious fundamentalists pretty much anywhere) to anoint themselves saints. The corner stone for the kind of supremacist race/culture theories popular not so long ago.
No one's fault that a nation conscripts all its adults into what some (I don't) perceive as "killing machine" (especially, post 1967). Those adults could refuse, but most don't, for whatever reason. Post WW2, there's a general disgust for war and its proponents, regardless of who or where; except these folks who are even celebrated in tech / US.
> the world is a very simple, non-complex system
"I hated the notion of occupation since the very beginning. My first memories from after the 67 war are travelling with my children in the occupied territories. There were awnings over groceries stores with Hebrew lettering advertising Osem noodles. I couldn't bear it. I thought that was dreadful because I remembered German lettering in France. I have very strong feelings about Israel as an occupier."
Would you have written the same sentence only with "China" and "Tiananmen Square"?
It's really interesting to see these small mask-off moments when relatively veteran HN users allow themselves to indulge in such obvious bigotry as this comment.
Weird how you only really see this happening when the post has some relation to the Jewish state.
Nothing you wrote actually refutes my point that these people not only escaped consequences, but they were protected by rioters and then becane celebrities in the Israeli late night circuit. Remind me which other countries had a debate in their parliament about whether it was OK to gang r*ape a prisoner in the rectum and send them to the hospital? When countries commit atrocities like that it's normal for there to be backlash.
Apparently it's a mask off moment to notice these things? Or maybe you should examine why you think they're normal.
Did you dig deep into what Syrian regime did to Syrians? What about Russian atrocities? Not to mention Sudan. Maybe you were defending Yezidis? I doubt you ever mentioned any war crimes in any of these conflicts.
The israeli impunity has likely made Russia more ruthless in Ukraine, with for example attacks on hospitals. Sudan is an interesting example to bring up, since the RSF is closely connected with Israel's friends in the UAE, and the UAE has recently asked the US to help them avoid responsibility for what they've done.
The Assad regime clinged to power in part in the way it did because it was what Israel preferred, israeli elites have been very afraid of what would follow the fall of Assad, which is likely why they've bombed Syria more or less constantly since then and occupies a large portion of the country. In the West many people believe the Assad dynasty to have been a clean iranian asset, but this isn't true. Bashar had good relations with security services in many other countries, and was one recipient of people collected by the US for torture during the so called War on Terror. Besides Beirut and possibly Amman it's likely Damascus was the most important spy hub in the region.
The fate of Syria is an enormous tragedy, that could likely have been avoided.
as I assumed, any evil in the world is because of jews (and their "friends") in your eyes. Was it also the jews who made Russia ruthless in Chechnya? How about Gulag? Must have been Israel’s fault! And what about the Khmer Rouge? I’m sure you will find a jewish trace there. Thanks for clarifying, but be aware your hate is always transparent to some.
plurality of opinion is a wonderful thing, but one fringe position doesn’t make a person right or the authority on a subject.
Self reflection is great, and also is greatly missing from how you describe the palestinians. The palestinians don’t have agency in your view, and are only victims which is simply not the case.
The fact the jews are free to speak what they think (unlike majority of palestinians) is great, however one jew’s opinion doesn’t deny the opinion of majority of jews – that’s pretty easy. And your accusations of genocide and hateful intent on the side of all israelis (including these who go to IDF to protect their families), and claims of "shooting children" intentionally are all simply showing the fact that you are an antisemite, and majority of jews will feel the same way, no matter how many exceptions, Finkelsteins, or Shamirs you will find.
I don't know if it's true but I do know for sure America has killed at least 100x more civilians than Israel has in wars that were in no way needed or existential (Vietnam, Iraq x2) and yet no one on his right mind would demonize ordinary Americans and imply they are all bloodthirsty Nazis to be persecuted everywhere they step on earth.
There are polls about this that you could easily look up. Is your position that if most Israelis affirmatively support atrocities like this, the rest of the world should just pretend like we never saw that?
> America has killed at least 100x more civilians than Israel has
These aren't mutually exclusive. Israel is one of America's proxies. I'd support the international community putting sanctions on the US to put a stop to these things, but unfortunately it's not likely to happen because the US is the world's largest superpower and controls the global reserve currency, so it can operate with a degree of impunity. Is that a good situation, that you want to replicate around the world?
> no one on his right mind would demonize ordinary Americans
When the overwhelming majority of a country supports committing atrocities, it's not "demonizing" them to point that out.
> to be persecuted everywhere they step on earth.
Apparently it's "persecution" when people say that enthusiastically participating in a genocidal ethno-state's secret police means your company shouldn't get 32 billion dollars.
> Is your position that if most Israelis affirmatively support atrocities like this, the rest of the world should just pretend like we never saw that?
If the world should generalize over entire populations groups according to some poll then it should at least be consistent and not do it only to Israelis. If I find a poll that shows most Palestinians support October 7th would you immediately denounce every Gazan you talk to? It's also quite obvious many Gazans agreed not only with October 7th but also with the subsequent treatment of the Israeli hostages (which is a type of long lasting torture). Most of these hostages were/are simply kidnapped civilians, the ones you talk about in Sdei Teiman were most likely Hamas fighters connected to extreme cases of violence and terrorism. So there's more nuance here than you make it out to be. I personally think if anyone sexually abused them they should be thrown in jail but I can see why many Israelis have their hearts filled with hatred toward Hamas fighters. It's the job of the state to maintain rule of law.
No, there isn't. There is exactly zero nuance in phenomena like death camps, torture camps and the systematic murder and torture of children and so on. If this is something you engage in, then you cannot be expected to be treated as a sane, full person. If you do this, or defend this, then you should expect harsh resistance, because that is a legitimate and ethical response.
It is telling that your fantasy about "Hamas fighters connected to extreme cases of violence and terrorism" helps you accept and tolerate systematic sexual abuse of palestinian men, but you don't draw similar conclusions from the actual, real, bombing of small children starving in haphazard tents. The palestinians do not have the capability to do "extreme violence", they just don't have the materials and tools and suppliers needed, because they suffer under occupation or in refugee camps.
The reason most jewish israelis are fine with the crimes their state is committing is not the palestinians themselves, which have a right to resist the occupation violently.
> The palestinians do not have the capability to do "extreme violence", they just don't have the materials and tools and suppliers needed, because they suffer under occupation or in refugee camps.
They did. They used that capacity to kill as many people as they could - they reached around 1200 people (+ 250 more kidnapped - many of whom died later) which is not a lack of capacity, and then the war started. Now they have much degraded capacity which is probably a good thing for Israeli civilians. If the Palestinian had a greater capacity to kill on October 7th they would have used it.
Those numbers are pathetic compared to the suffering caused by the israeli occupation of palestinians.
The palestinian armed groups had a lot more weaponry than they brought along on October 7th, in an operation that was explicitly aimed at military personnel and bases, as detailed in the israeli report published a while back. They concluded for example that the palestinians in the unorganised second wave arrived at the Nova festival because they couldn't find the way to a military base.
It is unknown how many of those 1200 were killed by friendly fire. From widely circulated photos it has to be a rather large portion, and you also fail to mention that a lot of those people were soldiers and other combatants.
It's not a war, it's a genocidal occupation that is met with puny resistance. You should stop lying and get help to leave zionism.
There are proofs against everything you wrote here. How can capturing children as hostages be "explicitly aimed at military personnel"? OK, they didn’t find a military base, so why not butcher party goers, right? Completely normal conclusion. Just read what you type out.
The puny resistance with Iranian and Qatari support? Tens of thousands of rockets and drones are "puny"?
> “We have local factories for everything, for rockets with ranges of 250 km, for 160 km, 80km, and 10 km. We have factories for mortars and their shells. … We have factories for Kalashnikovs (rifles) and their bullets. We’re manufacturing the bullets with permission from the Russians. We’re building it in Gaza,” Ali Baraka, head of Hamas National Relations Abroad, is quoted as saying.
You should stop lying and stop the hate against a people who defend themselves.
> Those numbers are pathetic compared to the suffering caused by the israeli occupation of palestinians
The Gaza numbers are pathetic compared to the Vietnam war and the Vietnam war was nothing compared to the Holocaust. Let's keep deteriorating this debate I'm loving it.
I couldn't reply on your other comments along the same lines. I wanted to ask you if you care to elaborate on the things you say about Wiz? Like a lot of people here in the comments I also never heard of Wiz, I'm just curious.
I wonder what level of insight Google will now have in to how AWS, Oracle and Azure’s customers use their cloud. Even just in aggregate I imagine there’s some useful data.
The acquisition of Wiz by Google raises some interesting questions about the future of cloud security. On one hand, it could lead to better integration and innovation in Google Cloud's security offerings. On the other hand, it might concentrate too much power in the hands of a single vendor. It will be interesting to see how this deal affects the competitive landscape and whether other cloud providers will respond with similar acquisitions or partnerships.
#/media/File%3AWiz_company_logo.png){kind=link}
> Wiz agreed to acquire Tel Aviv-based Raftt, a cloud-based developer collaboration platform, for $50 million in December 2023. In April 2024, the company acquired cloud detection and response startup, Gem Security, for around $350 million
> Wiz was founded in January 2020 by Assaf Rappaport, Yinon Costica, Roy Reznik, and Ami Luttwak, all of whom previously founded Adallom.
> Adallom was founded in 2012 by Assaf Rappaport, Ami Luttwak and Roy Reznik, who are former members of the Israeli Intelligence Corps’ Unit 8200 and alumni of the Talpiot program.
> Adallom was reportedly acquired by Microsoft for $320 million in July 2015
> On March 18, 2025, Google announced an all-cash acquisition of Wiz for $32 billion
Had never heard of Wiz until they posted the blog post about the DeepSeek database being public earlier this year.
https://www.wiz.io/blog/wiz-research-uncovers-exposed-deepse...