> Wiz has raised a total of $1.9 billion from a combination of venture capital funds and private investors
> Wiz agreed to acquire Tel Aviv-based Raftt, a cloud-based developer collaboration platform, for $50 million in December 2023. In April 2024, the company acquired cloud detection and response startup, Gem Security, for around $350 million
> Wiz was founded in January 2020 by Assaf Rappaport, Yinon Costica, Roy Reznik, and Ami Luttwak, all of whom previously founded Adallom.
> Adallom was founded in 2012 by Assaf Rappaport, Ami Luttwak and Roy Reznik, who are former members of the Israeli Intelligence Corps’ Unit 8200 and alumni of the Talpiot program.
> Adallom was reportedly acquired by Microsoft for $320 million in July 2015
> On March 18, 2025, Google announced an all-cash acquisition of Wiz for $32 billion
Had never heard of Wiz until they posted the blog post about the DeepSeek database being public earlier this year.
Thats the kind of a company everyone wants to build in enterprise security.
Incognito unicorns.
There are many companies like these in security space. Another company I can think of is Rubrik. All these large security companies under the radar success.
Security is a big field. I’m in the CSPM space and Wiz is a major player here, I actually had a bit of an existential crisis about what we were building when I first saw a demo of their platform.
Most of their competitors, like Palo Alto, have a very convoluted offering from gluing together several acquisitions. Wiz is very cohesive with a much nicer API and great UX, which is very underrated in the security space imo.
I have zero trust in Google’s promise to keep supporting the tool for multiple clouds or maintain the high quality of product design that makes Wiz great. It’s great for my job security, but I’d call it a net loss for the industry.
> Wiz is very cohesive with a much nicer API and great UX
I actually don't care for Wiz's UX.
If you're a manager and just want to get an idea of what your security posture looks like, it's great. They have a million dashboards for you.
But if you're an AppSec Engineer that just wants to see which EC2 instances have which CVEs, it's kind of a pain in the pass and takes way too many clicks.
There's a single button I click that'll list all my VMs, then a single click (usually a middle click to open a new tab) to view all the CVEs in each VM.
I've been a cybersecurity SWE, PM, and VC for a decade at this point and I've almost never found any relevant security or enterprise SaaS related content on HN.
For a hot second (around 2018-2019) there was solid conversations around eBPF, io_uring, or cloud posture management, but that doesn't happen on here anymore.
Same with MLOps and ML Infra as well - almost no one on here understands Infiniband, RDMA, or BLAS
The tech industry is MASSIVE - and most people are only clued into their own little niche. And according to HN, the only tech companies that exist are FAANG, Nvidia, Tesla, TSMC, and BYD.
>I've been a cybersecurity SWE, PM, and VC for a decade at this point and I've almost never found any relevant security or enterprise SaaS related content on HN.
FWIW "here" could mean "in this thread". It's pretty normal (and very visible here) that threads about X attract people working in X. I'm not sure this is happening here, I work in IT security but I clicked the thread because 32B caught my eye.
Lobste.rs for technical stuff. But most security related conversations by security SMEs aren't happening online anymore. We have specific user conferences and regional user groups now.
The cybersecurity industry is almost entirely located in the Bay, Seattle, Tel Aviv, and Blr/Hyd, so the really active user groups are mostly in those cities.
Cybersecurity goes hand-in-hand with IT, DBA, Networking, DevOps, and OS/Systems Programming - all functions that were previously looked down upon over the last 15-20 years.
Furthermore, most American CS programs made OS internals, Computer Architecture, or Distributed Systems optional, so the junior portion of the ecosystem doesn't exist in the US anymore.
I don't use Lobste.rs anymore because the owner irrationally blocked the browser I'm using, and I refuse to switch to a different browser just to read Lobste.rs. The owner seems like he has some issues to say the least.
Well, it depends what it does to your liability. If, in case of attack, it ends up shifting the blame to a third party, then yes, that's considered adding security in enterprise space.
If you're in security and you haven't at least heard of Wiz, I have doubts about what you actually do. I'm not saying you have to be a CSPM expert, but not even hearing about Wiz, when they are the largest CSPM, is somewhat concerning.
I am in security for many years now, my main focus is reverse engineering (but I did many diverse things, including cryptography, some exploit development and the opposite, AV work, I did R&D in security automation and some development of security tools and engines).
I never even looked at a CSPM, and from my point of view[1] CSPMs are a tool only relevant for a small part of security teams focused on enterprise cloud security. Today is the first time I heard of Wiz.
edit Actually my partner works in policy/compliance/legal side of security, and I'm pretty sure she never heard of Wiz too.
[1] I wrote this only to stress how different people in the same field can see things differently.
I've heard of Wiz, but would have had a hard time listing out their feature/benefit statement, because I don't work with CSPM tools. I don't think this "I have doubts about what you actually do" line is doing the work you want it to; it may be backfiring on you a bit.
CNAPPs and CSPMs are extremely common tools in cybersecurity. This is my concern. If you're in cyber and don't have knowledge of these things you're either in something insanely niche, in research of some sort, or lack critical knowledge that you should have. There's a big responsibility as a security practitioner to stay up to date on new tools and techniques. CNAPP and CSPM is not some new thing that was invented last year. It's been around for a decade.
> . If you're in cyber and don't have knowledge of these things you're either in something insanely niche, in research of some sort, or lack critical knowledge that you should have
I’ve never heard or seen either of those terms before reading this thread. What you’re calling “CNAPP” I’ve been calling “endpoint security”. I’ve been building internal “CSPM” tooling since 2014 with like raw cloud api calls feeding into graphviz, CI-like tests in a terraform repo, transforming the state of a set of cloud accounts into a form I can shove into z3 and ask questions about, that kind of thing, but never heard it called that.
I suppose if your company prefers to build over buy, you won’t be exposed to the kind of knowledge and vocabulary that buyers in the space use to orient themselves.
CSPM solutions are what corporate buys when they don't want to invest in security. It is rubber-stamping and ass covering. From my experience most people involved with such platforms are rather technical sales people than actual security experts.
> If you're in security and you haven't at least heard of Wiz, I have doubts about what you actually do.
IT security a very wide field. For example, a lot of positions in IT security are actually about compliance (i.e. lots of documentation), and ensuring the rollout of all necessary application patches in the whole company.
I've been securing my cloud instances the same way I would for dedicated hardware. I use the same tools. I periodically eyeball usage data from the service providers to make sure their end is OK. Takes 5-15 minutes. Occasionally run updates. It all mostly just keeps chugging along.
What is a CSPM? Some cloud monitoring tool? What does it provide over open-source security and monitoring tools with years of field use that would make me invest time into it? Also, have these tools been thoroughly audited, scanned, fuzzed, and pentested by reputable people like some of the open source tools we've been using? Since tools are part of the attack surface, do these tools themselves increase or reduce it?
Serious questions since you think I should be very knowledgeable about these tools. My tech stack just works with minimal maintenance. So, I'd have to lose time on more important or fun stuff to even study CSPM or Wiz. Not counting setting it up.
Bullshit. Infosec is not just about highly inflated startups or whatever the fuck CSPM means. I know people who do exploit dev, reverse engineering, blue teaming and they have never heard of wiz. Stop overexaggerating
Would we (i.e. anyone not in the intelligence space) know how intelligence service-y software would look like ? . Aren't all such organizations trained and designed to be inconspicuous and in places we are unlikely to expect.
Mossad aren't the guys doing cyber ops in Israel. They're suave arsim (how else can you blend in Beirut or Tehran).
Also, if you've worked with Israeli government cybersecurity teams, they aren't much different in caliber from the kind you'd find at the NSA, GCHQ, or Netherlands.
> They're suave arsim (how else can you blend in Beirut or Tehran).
To save others looking up what 'suave arsim' meant:
1. suave -- a normal English the word for charming/confident
2. "arsim" [1] -- apparently a former ethnic slur for Mizrahi Jews [2] now repurposed to mean crude, loud and brash (which sound to me like the equivalent of the British slang term 'chav').
It was a bad attempt at humor, but pretty much my point is there are a couple other cybersecurity/sigint specific units unrelated to Mossad. And "arsim" isn't as loaded a term anymore - everyone is mixed in Israel now because it's a melting pot.
And saying "Mossad"-this/"Mossad"-that just feels like it's increasingly being used as a dogwhistle.
> they aren't much different .. NSA, GCHQ, or Netherlands
I (and most here) wouldn't really know what that caliber is in these other organizations either to compare
What we do hear is of how the Hubble's tech stack is hand me down previous gen(i.e. 70s) spy satellites or exploits like Stuxnet, Pegasus or the recent pager supply chain attacks. On pure technical level those are all pretty impressive things well beyond what I or even anyone I may personally know do.
There of course is definitely certain amount of propaganda that would project much higher capability than reality, being mindful of that misdirection and the visible evidence, we civilians can only reasonably conclude that we will never have a clue what these organizations can or cannot actually do.
This is google. They've got everything. I use google password manager, wallet, biometrics to log into my google smartphone and google authenticator for my 2FA. I use google voice and maps, photos, youtube, search, docs, gmail and gemini for AI.
Imagine if you found an authentication backdoor - a way to impersonate any account and you could start sucking down data. You do it for 5 billion people and charged google $6.40 per person not to put it on Tor.
The article talks about Trump inserting himself into larger deals, there is no reason to think this one is an exception.
I’d also bet on this being more of a kickback, rather than an invisible unicorn. Between a visible elephant (Trump/Israel) and an invisible unicorn, betting on an elephant is more reasonable.
I feel like the majority of anti-jew sentiment is from pro-palestine arab people and adjacent. At least In my country. They really believe "jews run the world" once you debate them enough they admit it and there is no changing of their minds.
> I feel like the majority of anti-jew sentiment is from pro-palestine arab people and adjacent
Most people haven't met an Israeli or traveled to Israel.
Also, most users on HN are Americans or Northern European who overwhelmingly use Reddit, so everyone has some weird fringe mentality about one side or the other.
Honestly, most Israelis and Arabs act the same - I mean most Israelis are Mizrahi and normal/collquial Hebrew is heavily Arabic based (where else will you here people say "Yalla" in every other sentence)
> Most people haven't met an Israeli or traveled to Israel.
I have travelled to Israel a bunch of times and worked with a lot (proportionately) of Israelis and Jews. I generally really really like working with them, like their attitude and love the vibe of Tel Aviv.
That doesn't mean that I support or agree with their behaviour in Palestine particularly.
Like, I have often hated US foreign policy, but have always been OK with US citizens. The two things are very different.
Ik. I have friends from Haifa, Nazareth, and Beersheba. There isn't an easy way to write Israel, Israeli Arab, Palestinian Arab, and non-Palestinian Arab.
My point is, anyone who isn't Israeli (be they Mizrahi, Ashkenazi, Ethiopian, Arab, Druze, Chechen, etc) or Palestinian should stfu (me included).
You have wackos saying "Israel is a fake state" or "raze Gaza into a parking lot". Yet if you talk to an actual Israeli their opinions are much more prosaic. It's just a complex situation that outsiders shouldn't comment on.
> My point is, anyone who isn't Israeli (be they Mizrahi, Ashkenazi, Ethiopian, Arab, Druze, Chechen, etc) or Palestinian should stfu (me included).
On the contrary: for the vast sums of money and military power we contribute to keep the lights on over there, US citizens should have two or three votes each in Israeli elections and free airfare to and lodging in the country. Oh, and access to their quite generous healthcare subsidies as well.
Anti-semetic talking point, nice. From an american too. Wow. I keep seeing this talking point, but the money to Israel is nowhere near to fund healthcare. You are just lashing out like a little rat.
You are so right! Only whites can be racist. As a northern European, how can I ever repent and make you happy?
I will never have an opinion on this conflict again, as I am white. I am so sorry. I will listen and learn while pro palestine people protest here in Sweden and advocate for Israel to be wiped off the map.
That is totally unfounded. Their book of business is huge. You think Google is paying 32B of shareholder dollars because of a foreign intelligence agency? Keep your conspiracism to yourself.
2.) I’m only adjacent to security but have heard of Wiz. If you work in security and haven’t, are you sure you’re good enough to subject us to your opinion?
>2.) I’m only adjacent to security but have heard of Wiz. If you work in security and haven’t, are you sure you’re good enough to subject us to your opinion?
For some reason I picked this hill to die on in this thread. I work in IT security for a long time, and I have never heard of Wiz. My focus is malware reverse engineering and adjacent subfields. I have no interest in anything Cloud.
"are you sure you’re good enough to subject us to your opinion" feels a bit dismissive.
Same here, I guess it's the circles you run. I just went to their homepage and I have no idea what they do. I already have CI/CD, code, etc.. "securing" it seems like, use aws secret stores?
In other words, their webpage is not telling me anything. Companies like these, always feel like instead of having a useful product, they hired useful networks of people to "spread the word" and sell sell sell to your network. Apparently I wasn't in the network. Sorry old and salty.
Companies have problems securing their workloads. Not just storing secrets. Off the top of my head, I've personally been able to centralize the following with a single tool (instead of gluing together a dozen different providers)
- scan cloud configurations for policy violations
- detect and remediate infrastructure misconfigurations
- real-time visibility into cloud resource inventories
- early detection of issues
- container vuln. scanning
- runtime anomalous behavior
- alerts and correlate security events
- compliance mappings
- id risky permissions in IAM policies
- track changes and configuration drift over time
- implement zero-trust policies across microservices
- eforce network seg in containerized environments
- run security checks during build and deploy stages
- vulnerability assessments on running VMs and containers
- policy-as-code for consistent security standards
In your opinion, are they a whale because they make a great product... or just have a great marketing/PR/sales team? I am guessing "great product" because I cannot believe that Google cannot just rebuild it themselves (if not a great product).
Wiz is widely considered one of the strongest CNAPP/CSPM products on the market. I haven’t personally tested every single competitor’s solution, but I’ve found Wiz to outperform pan, crowdstrike, and prisma.
To answer your question. Google doesn't acquire Wis because Google can’t build a comparable product themselves. The real driver is that Wiz has already achieved market penetration and trust. Replicating that from scratch would be a massive undertaking, requiring not just a sophisticated product but also the brand credibility, customer relationships, and reputation for reliability. establishing that level of traction and trust is difficult, time-consuming, and expensive. I highly doubt Google would try to build a direct competitor from the ground up when acquiring Wiz allows them to leverage its existing success right away.
The product is great. We’re using it since 2023. Very happy.
Regarding your google comment: Google builds Google products that can also be used by other people. I am pretty confident they cannot build something like Wiz. And not because they don’t have researchers and developers.
It does not make sense. In 2024 Wiz had 10.7% market share. Revenue in the 1,5 to 1,7 Billion but they were not profitable in 2023. Become profitable in 2024 meaning costs are very high.
Also looks like Google is desperate for growth in Cloud and they need to do something.
They are paying as much money as their whole Google Cloud revenue in 2023.
Revenue multiple is like 40x times revenue for Wiz. Exceptionally high, even
for a high-growth company. Clearly overpaying.
Wiz had nine rounds so massive dilution, and VCs need to recover the money...
10% market share in any industry with an even slightly healthy level of competition is huge. The fact that people think it's not for tech feels like an indictment of the overall health of the industry to me.
Perhaps I should have been clearer, but especially compared to the rest of the enterprise tech market, security is unusually fragmented. There is no Microsoft or Cisco of the security market in the way those companies dominate the desktop operating system and core networking markets, respectively.
Analysts sometimes refer to the enterprise networking market as "Cisco and the Seven Dwarves". Nobody has ever said that about Symantec (prior to the Broadcom acquisition) or Palo Alto Networks.
It is often the case that in a new security product category, the products are so different, it is hard to collect them together in a single category with a straight face. Example: next generation AV circa 2015-2016. AV was a well-worn product category. All of the legacy products did basically the same thing. More or less at the same time, a bunch of new products came to market that all claimed the mantle of "next generation AV:"
* Bit9 did process whitelisting, later adding Carbon Black for endpoint forensics
* Fire Eye had a proto-EDR solution
* Cylance did ML-based malware detection
* Palo Alto Networks had an exploit-mitigation focused agent that they bolted ML-based malware detection onto.
The industry slowly converged on EDR as the sort-of successor to endpoint AV budgets.
A few years later, the cloud security space was the same fragmented mess. Some were what we now know as CSPM, some were glorified DLP solutions, some container security solutions, etc.
Microsoft is the Microsoft of the enterprise security market, more or less. They completely dominate email, largely dominate identity, have a plurality if not a majority on endpoint, but don't compete in network.
> The industry slowly converged on EDR as the sort-of successor to endpoint AV budgets.
This was a dedicated effort by CrowdStrike working with analysts back in 2017-2018. EDR capabilities themselves, interestingly, grew out of forensics companies like Guidance Software. HBGary and Mandiant were the early players. FireEye killed Mandiant's EDR off, but HBGary's lives on to some extent today, two or three acquisitions later, at GoSecure.
> Microsoft is the Microsoft of the enterprise security market, more or less. They completely dominate email, largely dominate identity, have a plurality if not a majority on endpoint, but don't compete in network.
The most recent figures I’ve seen are that Microsoft has around 25% of the endpoint market[0], which is a plurality because the market is so fragmented. Proofpoint claims around 24% of the email security market[1].
The only security market you can say they “dominate” is identity, if you ignore the MFA market. AD is, at least, almost everywhere.
> This was a dedicated effort by CrowdStrike working with analysts back in 2017-2018.
That’s one interpretation of events. It’s also completely orthogonal to what I wrote.
> Proofpoint claims around 24% of the email security market
Proofpoint is the clear number two, but Microsoft always sits behind Proofpoint (and Mimecast, IronPort, etc.). They're also always in front of Abnormal and other API-only options. Every big company has E5 with Defender for Office 365 on their email, and the rest either still have E5 or they have EOP.
> That’s one interpretation of events.
In 2017 EPP and EDR were distinct categories, and CrowdStrike had a big internal initiative (driven top-down by Kurtz, but managed by a PM director under Rod Murchison) to merge them, while Cylance and others that had separate SKUs for each area worked to keep them apart. CrowdStrike was more effective.
I mentioned this because it wasn't just a natural market convergence; B2B companies spend absurd amounts of money with the Gartners and Forresters of the world to align their products with line items in budgets. It's capitalism all the way down.
Not speculating on anything here. I was at or worked closely with all of the companies mentioned in both posts.
You like to make absolute statements like “always”, but I know of large organizations (Fortune 500) that use Proofpoint, but not Microsoft email security. And in endpoint, there are shops that license defender as part of an EA, but don’t use it - of course, those seats go into the Forrester figures that Microsoft likes to tout.
Sure, I can enumerate the handful of the Fortune 500 that don't use Microsoft. Palo Alto Networks, for example, has TAP sitting in front of Google. In PANW's case it's because of a broader partnership Nikesh put together with Google in 2018, which also involved moving from AWS to GCP. This is stupendously uncommon, though.
If you were to look through the System -> Inbound Mail settings for every PPS customer, you'd find a sea of x.mail.protection.outlook.com, some on-prem Exchange servers, and practically nothing else. I'm comfortable with "always" as a description of this state of affairs, but you do you.
actually, it makes perfect sense. it's just that you (and I) don't have the right perspective.
these giantcos are sitting on Himalayan ranges worth of cash, which is burning a fiery hole in their butts, and they don't know what to do with it.
and they have more cash than sense, even though they always brag about having some of the smartest people in the world, and also have FOMO (to competitors and upstarts).
Facebook buying WhatsApp for 19 billion did not make sense to us laymen either, but it happened.
I was flabbergasted when I read about it. ignorant me.
wow, faaak. I wrote my above comment off the cuff, although based on my intuition and common sense, but just now thought of googling FOMO, to check what Wikipedia says about it, and it seems they agree with me:
relevant excerpt, from near the top of the above page (emphasis mine):
>FOMO can also affect businesses. Hype and trends can lead business leaders to invest based on perceptions of what others are doing, rather than their own business strategy.[19] This is also the idea of the bandwagon effect, where one individual may see another person or people do something and they begin to think it must be important because everyone is doing it. They might not even understand the meaning behind it, and they may not totally agree with it. Nevertheless, they are still going to participate because they don't want to be left out.[20]
leaders, huh? more like followers, aka sheep. include me out.
$350M ARR in less than 5 years. Aiming towards $1B by the end of 2025.
You never heard of them since perhaps your decisions were not in the cycles of their product. Those who are , heard indeed (type of folks who look at Gartner magic quadrants).
I read their website and there must be something secret they've got cooking behind the scenes cause the valuation makes zero sense to me.
The whole thing reads like all the dozen or so "cloud security" plays out there.
Either I'm missing something big, or their products are outrageously far ahead of all the other similar sounding products out there.
I've been known to roll my eyes at a lot of these sorts of product catalogues in the past though and so I'm definitely biased and not the target audience for their marketing.
Some CIO out there probably really does think that their security problems will finally be over once they purchase another half dozen dashboards click through and look at.
The product though is easy to set up, no friction - like 5 minutes per tenant; and in a few hours you have a really good picture of your security posture with very detailed explanations for every finding.
And the graph… very useful to understand why a finding is marked as high ir critical even though at first glance it does not look like it.
For Google they are worth 32B, they ARE the Google Security business from now on. They don't even have to be profitable themselves, having this aspect working means google get access to additional enterprise clients and in place they weren't previously present.
We use them and the product is very very nice and very lightweight to set up. Like for a cloud environment it takes about 5 minutes to get it up and running for a tenant.
What we use it for:
- vulnerability assessments for containers and VMs (they give a list of vulnerable or outdated packages)
- initial access vulnerabilities: what happens if an internet facing component is compromised because you have a vulnerable package and to what kind of data it has access to (it has some regexes and what not to figure out if in your database you have PII data, HIPAA etc.), what lateral movement is possible etc.
- provides information on what you can do to fix a finding
- IAM checks for overly broad permissions
- Service account age and overdue key rotations
My company just started using them and I was part of the due dilligence evaluation of their product. I had never been so impressed with a cloud security provider before I started using their product. Absolutely phenomenal product offering l.
Yea, good luck with that, especially when 8200 alumni are embedded deeply in the vast R&D sites all major US tech giants have in Israel (Apple alone employs thousands in Israel), whether by direct recruitment or by buying Israelis startups.
It stands for 8 smart people that run it and 200 clueless children that have no idea how the world works. Maybe it's the other way around, I can't tell.
>Adallom was founded in 2012 by Assaf Rappaport, Ami Luttwak and Roy Reznik, who are former members of the Israeli Intelligence Corps’ Unit 8200 and alumni of the Talpiot program.
It's interesting that many people working in intelligence found ways to become very successful in business. I wonder what is the reason.
Tight networks largely. THey've invested heavily into having these "assets" in US tech companies, and so pro-Israel folks in the US work hard to acquire them in.
See [1] to see the flow of people. I explain the connections a lot in [2], and [3] is our initiative to work on it.
Military service in Israel is mandatory and the conscription rate in the core "educated" areas is ~90%. Each year, the intelligence corps then gets what is practically* first pick of the best minds of that year (typically kids who are already skilled in programing). They then get to have them for 4-6 years meaning unlike modern employers, they have time and motivation to invest in training them. Then you get the most apt programming minds of a generation spending six years together learning and building connections with each other in core programming and security skills.
Imagine if all the ivy league graduates in the US would be forced to work together for the same company, for free, for 4-6 years. Would you be surprised if suddenly former employees of that company found ways to become very successful in business?
* - Technically they get something like 3rd pick and there's negotiations and it depends on what sort of roles are involved etc. In practice, conscripts have some influence on where they'll go and if you have a choice in any role in the military, you are going to pick "write code in an air-conditioned office" over any other available option.
Intelligence communities tend to pick very smart people who are particularly good at acquiring niche skills and operating under extreme situational uncertainty. I think those are valuable attributes for someone in business.
When I read the headline, I assumed the IoT platform and smart light brand, the now Wi-Fi arm of Signify, the smart home people who do (Philips) Hue smart lighting.
The primary founder (Nir Zuk) is a Unit 8200 alumni, as are the founders of Checkpoint and a bunch of other cyber security companies. Nir Zuk is also a US citizen and went out of his way to base PANW in the US, including their hardware manufacturing and software engineering operations.
You'll find former-intelligence blob operators in a great many cyber security companies. Including former American intel employees[0]. Hell, the CIA basically has their own VC fund[1].
Also, there is zero evidence any of these people are currently acting at the behest of their former employers, apart from obviously the CIA venture fund acts at the behest of the CIA.
Military service is compulsory in Israel, so being a former member of 8200 isn't exactly unusual. Given the choice between spending two or three years as deployed infantry, or writing code in an air-conditioned office, I suspect a few of us here would choose the latter.
Yup. And more than that, Israel picks the brightest high-school kids to join their special school that trains intelligence officers. The kids learn advanced STEM and analytics in the school. It's not a coincidence that many of the graduates ended up founding good companies.
Arab-Israelis are around 20% of the population and they're not required to enlist. Some religious groups, religious women specifically, are also not required to enlist.
There are exemptions for people with disabilities, health issues with risk factors, extreme poverty, problematic family situations, teen parents, etc, as you would expect there to be in any western democracy.
For any other healthy citizen that's not exempt by law - males in particular - military service is as compulsory as paying taxes.
> It is a choice
I'll never understand why people who aren't Israelis, don't live in Israel, can't read or speak Hebrew, and probably have never even bothered to talk to an Israeli, for some bizarre reason feel qualified to talk so authoritatively about a place half way around the globe that they've never been to.
EDIT Editing your post like this to hide how wrong you were after the fact is misleading, but by now we've seen that this is typical behavior for people in your ideological camp.
Removing all context from this quote and not including a source is misleading.
I was surprised at the quote so I looked up your source[1] and it describes the ways Israelis avoid conscription by using exceptions/deferrals such as being Palestinian, being ultra-Orthodox, having physical or psychological conditions. Others just choose to go to military prison.
Sounds pretty mandatory to me, at least how the word is commonly used.
> Although military service is often described as a national duty in Israel, conscription is in fact far from universal. As little as 50 percent of Israeli citizens actually enlist, according to left-leaning Mesarvot (Hebrew for “I Refuse”), a network of Israeli refusers to which Behar Tsalik belongs.
EDIT: You did update your comment with the full quote, but only after I posted this. That's disingenuous of you, and I'm out of this discussion.
Presumably it's a reference to the fact several of the founders are Unit 8200 alumni, which is part of Israeli intelligence. It's not the same as Mossad, though.
As I understand it, Unit 8200 is the Israeli equivalent of the NSA, and Mossad is their CIA.
If you have a problem with Unit 8200 alumni, you’re going to have a difficult time buying commercially available security products. Palo Alto Networks, Armis, Checkpoint, and many others were either founded by or otherwise have former 8200 folks on staff. Then there’s crowdstrike, founded by a Russian. Or Fortinet, which was founded by Ken Xie (born in Beijing.)
I guess you could base your entire security stack on F Secure. Everyone loves the Finns.
Where do you see Wiz in the above list of products in the post I'm responding to?
In any case, as for wiz..., if companies want to stuff their secrets into a proprietary product that is controlled by intelligence officers of a hostile (as in a lack of respect for international law) foreign country, I don't care. I know I would not.
This thread is talking about Wiz. The comment you responded to was about the fact that security company founders often have intelligence community backgrounds and/or come from adversary states (from a US/European perspective.) It had nothing to do with VPN.
I can chose to what part of a comment I'll respond to. I responded to list of companies providing "VPN" software. Fortinet, paloalto/globalprotect, checkpoint,...
It's the only product I'm sometimes required to come in contact with from these companies. And also the only product of theirs that I inspected in any detail in Ghidra. And the only product of theirs that I have to defend my network against.
So I'm only interested in that aspect of their products. For everything else, all these security companies and their customers can devour each other, for all I care.
> The founders of CrowdStrike—George Kurtz, Dmitri Alperovitch, and Gregg Marston—do not have publicly documented personal connections to Israel. That's the first claim of yours I faield to verify so I won't bother with the rest.
I realize reading is a very difficult skill to master, but maybe -- just maybe -- you couldn't verify that "claim" because I never made it.
I think parent was saying that if someone has a problem with Wiz being ex 8200, they would have problems buying cybersecurity solutions in general because the more established companies founders with foreign non-allies background.
That is clearly a false equivalence though. Being born in a country is qualitatively different to working in a military unit requiring security clearance.
So what? Technologies with military and intelligence origins become available to civilians all the time. That includes the Internet itself, which was originally sponsored by DARPA.
Would you rather they have kept the technology to themselves?
"Now Avishai has left 8200 and went off to co-found Wix, the website building tool.
It’s crazy to think that the co-founder of Wix is an expert hacker, someone who’s broken
into multiple countries and conducted massive amounts of espionage."
"Once you get out of 8200 you’re then a reserve and have to spend up
to three weeks a year going back to 8200, refreshing your skills
all the way until you’re forty"
"There’s also a yearly reunion where you leave your family and
spend a week with your fellow soldiers you served with.
Every year they do that. Keep in mind, all this is happening
in a place not even as big as New Jersey with roughly the same population.
Look at how dedicated they are to keeping these connections with one another.
This has powerful results. Everyone knows everyone."
"Imagine if one 8200 member goes off to work at Google to help
"develop the Chrome browser and then goes back to 8200 as part
of their yearly duty and while there, they see a soldier building
exploits for the Chrome browser. What do they do?
Do they take the exploits from 8200 and patch it in Chrome
or do they help their fellow soldier by sharing the source code?"
The Mossad is a security service of the nation of Israel, which, for all intents and purposes, is a nation designed to house and protect Jews. And Judaism is a religion. So yes, a connection exists.
Did you try applying for Israeli citizenship? AFAIK being a follower of Judaism is a requirement. Source: a Christian Jew being denied a citizenship due to this reason.
No... it isn't (as there are 100s of thousands of Muslim, Christian, etc. citizens in Israel). I am assuming you are a foreign national and you are referring to the Law of Return.
Currently, there is a prohibition on using that right and "professing" another religion. Blame the haredi, according to my granfather they're as*holes.
You could get a visa and naturalize like anyone else that is eligible.
I am eligible because my great grandmother was there before statehood in the Irgun.
Me too, but a lot of (admittedly not all) opposition to Israel's existence, extent, and its security apparatus is rooted in anti-semitism. I'm not going to undertake a long discussion about it, but in short, you can hear the dog whistles and they're inappropriate.
Of course... one side of my family goes way way back in the area. Great grandma was Irgun. Rest of the fam was Austro-Hungarian/Ottoman/Polish/Ukrainian/Russian depending on what decade you looked at. Empires borders kept moving. I think at one point we might even had been Italian (Trieste).
Judaism is not only religion in a sense that you go to synagogue to pray. Being a jew is not only about religion but also about traditions, e.g., celebrating jewish holidays, teaching your kids about history of your people, etc.
If you do nothing jewish, then I would argue that you are not jewish in a cultural sense. You still would be a jew from a religious point of view (if your mom is jewish), but if you do nothing jewish, then you are not jewish.
I guess what I am trying to say is being jewish is not ethnicity only, or religion only, it's both. For example, converts are considered jews despite their non-jewish ethnicity.
Had a Jewish wedding and secular divorce, a few rabbis in the family on fathers side, went to Synagogue for a decade or so, haven't gone in a few decades. Don't really keep to most of the traditions. I'm ethnically Jewish and a big chunk of the family is also culturally Jewish with a smaller bit also religiously Jewish. Oddly the Israeli part of the family isn't religious at all (atheist) but follows more of the traditions because they live in a Jewish nation.
Conflating the state of Israel with all Jewish people & implying all of have (a secret) allegiance to Israel, regardless of their citizenship is actual anti-Semitism. Correctly identifying folk who fought for Israel is not anti-Semitic in any way the allegiance at the time they served in an elite unit is clear to all.
You’re responding to an argument that I’m not making. I said there is a connection, which is true. Obviously not everyone living in Israel is Jewish, nor is everyone there a practicing Jew. But the founders’ purpose remains and is woven throughout society and its constitution.
And people aren’t just “identifying folk.” This thread has devolved into a debate about Israel itself, which invariably happens when Israel is even tangentially involved in a story.
I am highlighting that the "connection" you mention is frequently used in bad faith by actual anti-semites, as well as the pro-Likud propagandists who suggest that any criticism of the government of Israel or its policies is antisemitism, as if the current government and Jewish people are interchangeable.
I agree. The comment that equated an intelligence service with a religion was crude, inappropriate and unnecessarily political. It is downright shameful to invoke the very real phenomenon of religious persecution as a way to discourage mere mention of a specific, relatively small intelligence organization.
Modern antisemitism tends to be rooted in racist prejudice against a Jewish ethnicity more then plain religious discrimination. And tends to be related to a lot of conspiracy theories.
I think its possible to fairly critize a nation state and and intelligence agency but some criticismtends towards mossad shark type conspiracies
The constitution of a nation and its practices are separate axes. Many US states practiced the functional equivalent of apartheid until the 1960s, but the USA was still a democracy nevertheless.
(This is not intended to reflect any opinion I may have about Israel's specific practices.)
I'm well aware of what the commenter was trying to suggest, and was not going to dignify it.
Every time a story involves Israel somehow--even if it's about the success of a business based there--it turns into a debate about Israel itself. It's exhausting and stupid.
I'm confused what you mean by "brigade". I see two comments that are replying to you with clarifying questions. No one has denied your statement, only offered opportunities to clarify your meaning.
From the outset the term "anti-Semitism" bore special racial connotations and meant specifically prejudice against Jews. The term has been described as confusing, for in modern usage 'Semitic' designates a language group, not a race. In this sense, the term is a misnomer, since there are many speakers of Semitic languages (e.g., Arabs, Ethiopians, and Assyrians) who are not the objects of antisemitic prejudices, while there are many Jews who do not speak Hebrew, a Semitic language. Though 'antisemitism' could be construed as prejudice against people who speak other Semitic languages, this is not how the term is commonly used.
The term may be spelled with or without a hyphen (antisemitism or anti-Semitism). Many scholars and institutions favor the unhyphenated form. Shmuel Almog argued, "If you use the hyphenated form, you consider the words 'Semitism', 'Semite', 'Semitic' as meaningful ... [I]n antisemitic parlance, 'Semites' really stands for Jews, just that." Emil Fackenheim supported the unhyphenated spelling, in order to "[dispel] the notion that there is an entity 'Semitism' which 'anti-Semitism' opposes."
Others endorsing an unhyphenated term for the same reason include the International Holocaust Remembrance Alliance," historian Deborah Lipstadt, Padraic O'Hare, professor of Religious and Theological Studies and Director of the Center for the Study of Jewish-Christian-Muslim Relations at Merrimack College; and historians Yehuda Bauer and James Carroll. According to Carroll, who first cites O'Hare and Bauer on "the existence of something called 'Semitism'", "the hyphenated word thus reflects the bipolarity that is at the heart of the problem of antisemitism".
The Associated Press and its accompanying AP Stylebook adopted the unhyphenated spelling in 2021. Style guides for other news organizations such as the New York Times and Wall Street Journal later adopted this spelling as well. It has also been adopted by many Holocaust museums, such as the United States Holocaust Memorial Museum and Yad Vashem.
We use them. The product is genuinely great and I hope Google doesn't mess with it.
For us they replaced a bunch of different tools and a hodgepodge of custom scripts and hacks.
For those who have not heard of them - it's basically asset and vulnerability management for absolutely everything you have running in the cloud. This includes stuff running in your k8s clusters, etc. And they do all this without having to manage a fleet of agents on everything and costing you money in resource usage. Not that Wiz is cheap, far from it :(
They built the core CSPM module themselves. And, yes, their customers really do exist and really do love the product. What they particularly liked was the alert fidelity - most other cloud security vendors back when Wiz started required a host agent to provide a similar level of assurance a given alert was real, whereas Wiz would do offline volume scanning.
Just because you aren’t the target market for something doesn’t mean it isn’t real or valuable.
Source: used to compete against them. I no longer have any dog in this fight.
We've been using Wiz at least from Oct22 (And we do things with Wix API too, so the naming creates plenty of confusion). Cloud Engineer with Google Cloud and AWS.
It can scan a lot of stuff and give you pretty interesting insights and alerts.
And do you know what managers like? It creates Jira tickets automatically with all the findings, and they can assign them to people and say they've done their thing. We hate that because tickets appear and disappear magically in hundreds each time Wiz scans, sometimes with no obvious explanations.
But here come some of the bad things:
- UI/UX: Terrible. It's so difficult and confusing reaching from one place to the other and finding stuff that you had open just instants ago. Slow too. I've seen the security people do nice filters and search queries but it's not intuitive at all.
- Doesn't support very basic features. For example, in Docker Hub they don't support scanning full organizations or using organizational tokens for scanning individual repositories. They personally told me in our support channel that they were looking into it... in April 2023. Still waiting. (The API is slightly different than a regular Docker Hub public repo but, come on, an enterprise security tool that doesn't support connecting to a Docker Hub org... that's just silly)
- Closed docs. You can only check the docs if logged in. I hate that and also limits the work with people that's not a Wiz user.
- Terraform provider:
It's quite limited, that means you need A LOT of manual work to integrate stuff with their scanners
It's changelog URL doesn't work, so good luck with knowing when features appear or when you get breaking changes
No source AFAIK, you just get a binary. Good luck.
- Pricing. Can't remember the specifics but I hear a lot of complaints about how expensive they are. Also, no public pricing.
> Everyone here saying they've used Wiz for years are huge liars.
I have seen Wiz at AWS re:Invent multiple years in a row, and have seen their product used to good success in multiple companies I've worked with. It's not vaporware, it's a real product that really works and has a place in the cloud/container security space. I don't think anyone is lying here at all. The fact it's /also/ an acquisition vehicle as a path to an exit for the founders is a separate thing.
I mean… Hue bulbs are insanely expensive, and Wiz is a much cheaper option. I’ve used their lights since like 2021 and Costco carried them. Does that make me a huge liar?
I can tell you from firsthand experience that people - including people I have personally worked with at large organizations - have absolutely heard of Wiz. Yes, it is a relatively new player, but the people there have been putting out high quality research for years and have also demonstrated a very compelling approach to securing cloud environments. They get a lot of praise, and they've earned it.
Second, I have no idea what you're doing to get Wix results from a search for Wiz. When I search for Wiz, I get a whole bunch of results about Wiz, including links to discussion threads where random people (i.e., not high-rep HN users) also talk about how much they like the product.
Finally, something to consider: would Google actually pay $32B for a company that "nobody has heard of" and doesn't provide any value? Probably not. I would hope not.
These companies are the closest you can get to a legal mafia, they are effectively charging companies around the world to keep them "safe". In other words, a job that is traditionally considered to be a basic service of the government is now being privatized by people that nobody knows if we can really trust.
This is an absurd take. There’s nothing stopping anyone from building their own cloud security tools (many have), and unlike the Mafia, Wiz isn’t threatening anyone who doesn’t buy their service. I’m also not aware of any government agency providing any reasonable analog to what these tools provide in the physical world.
> In other words, a job that is traditionally considered to be a basic service of the government is now being privatized by people that nobody knows if we can really trust.
How on earth is it the government's job to protect people's software? It's a mere digital product, not human life or property.
Besides, people also buy padlocks and door locks for safety. Wiz is no different.
> Wiz agreed to acquire Tel Aviv-based Raftt, a cloud-based developer collaboration platform, for $50 million in December 2023. In April 2024, the company acquired cloud detection and response startup, Gem Security, for around $350 million
> Wiz was founded in January 2020 by Assaf Rappaport, Yinon Costica, Roy Reznik, and Ami Luttwak, all of whom previously founded Adallom.
> Adallom was founded in 2012 by Assaf Rappaport, Ami Luttwak and Roy Reznik, who are former members of the Israeli Intelligence Corps’ Unit 8200 and alumni of the Talpiot program.
> Adallom was reportedly acquired by Microsoft for $320 million in July 2015
> On March 18, 2025, Google announced an all-cash acquisition of Wiz for $32 billion
Had never heard of Wiz until they posted the blog post about the DeepSeek database being public earlier this year.
https://www.wiz.io/blog/wiz-research-uncovers-exposed-deepse...