It does not make sense. In 2024 Wiz had 10.7% market share. Revenue in the 1,5 to 1,7 Billion but they were not profitable in 2023. Become profitable in 2024 meaning costs are very high.
Also looks like Google is desperate for growth in Cloud and they need to do something.
They are paying as much money as their whole Google Cloud revenue in 2023.
Revenue multiple is like 40x times revenue for Wiz. Exceptionally high, even
for a high-growth company. Clearly overpaying.
Wiz had nine rounds so massive dilution, and VCs need to recover the money...
10% market share in any industry with an even slightly healthy level of competition is huge. The fact that people think it's not for tech feels like an indictment of the overall health of the industry to me.
Perhaps I should have been clearer, but especially compared to the rest of the enterprise tech market, security is unusually fragmented. There is no Microsoft or Cisco of the security market in the way those companies dominate the desktop operating system and core networking markets, respectively.
Analysts sometimes refer to the enterprise networking market as "Cisco and the Seven Dwarves". Nobody has ever said that about Symantec (prior to the Broadcom acquisition) or Palo Alto Networks.
It is often the case that in a new security product category, the products are so different, it is hard to collect them together in a single category with a straight face. Example: next generation AV circa 2015-2016. AV was a well-worn product category. All of the legacy products did basically the same thing. More or less at the same time, a bunch of new products came to market that all claimed the mantle of "next generation AV:"
* Bit9 did process whitelisting, later adding Carbon Black for endpoint forensics
* Fire Eye had a proto-EDR solution
* Cylance did ML-based malware detection
* Palo Alto Networks had an exploit-mitigation focused agent that they bolted ML-based malware detection onto.
The industry slowly converged on EDR as the sort-of successor to endpoint AV budgets.
A few years later, the cloud security space was the same fragmented mess. Some were what we now know as CSPM, some were glorified DLP solutions, some container security solutions, etc.
Microsoft is the Microsoft of the enterprise security market, more or less. They completely dominate email, largely dominate identity, have a plurality if not a majority on endpoint, but don't compete in network.
> The industry slowly converged on EDR as the sort-of successor to endpoint AV budgets.
This was a dedicated effort by CrowdStrike working with analysts back in 2017-2018. EDR capabilities themselves, interestingly, grew out of forensics companies like Guidance Software. HBGary and Mandiant were the early players. FireEye killed Mandiant's EDR off, but HBGary's lives on to some extent today, two or three acquisitions later, at GoSecure.
> Microsoft is the Microsoft of the enterprise security market, more or less. They completely dominate email, largely dominate identity, have a plurality if not a majority on endpoint, but don't compete in network.
The most recent figures I’ve seen are that Microsoft has around 25% of the endpoint market[0], which is a plurality because the market is so fragmented. Proofpoint claims around 24% of the email security market[1].
The only security market you can say they “dominate” is identity, if you ignore the MFA market. AD is, at least, almost everywhere.
> This was a dedicated effort by CrowdStrike working with analysts back in 2017-2018.
That’s one interpretation of events. It’s also completely orthogonal to what I wrote.
> Proofpoint claims around 24% of the email security market
Proofpoint is the clear number two, but Microsoft always sits behind Proofpoint (and Mimecast, IronPort, etc.). They're also always in front of Abnormal and other API-only options. Every big company has E5 with Defender for Office 365 on their email, and the rest either still have E5 or they have EOP.
> That’s one interpretation of events.
In 2017 EPP and EDR were distinct categories, and CrowdStrike had a big internal initiative (driven top-down by Kurtz, but managed by a PM director under Rod Murchison) to merge them, while Cylance and others that had separate SKUs for each area worked to keep them apart. CrowdStrike was more effective.
I mentioned this because it wasn't just a natural market convergence; B2B companies spend absurd amounts of money with the Gartners and Forresters of the world to align their products with line items in budgets. It's capitalism all the way down.
Not speculating on anything here. I was at or worked closely with all of the companies mentioned in both posts.
You like to make absolute statements like “always”, but I know of large organizations (Fortune 500) that use Proofpoint, but not Microsoft email security. And in endpoint, there are shops that license defender as part of an EA, but don’t use it - of course, those seats go into the Forrester figures that Microsoft likes to tout.
Sure, I can enumerate the handful of the Fortune 500 that don't use Microsoft. Palo Alto Networks, for example, has TAP sitting in front of Google. In PANW's case it's because of a broader partnership Nikesh put together with Google in 2018, which also involved moving from AWS to GCP. This is stupendously uncommon, though.
If you were to look through the System -> Inbound Mail settings for every PPS customer, you'd find a sea of x.mail.protection.outlook.com, some on-prem Exchange servers, and practically nothing else. I'm comfortable with "always" as a description of this state of affairs, but you do you.
actually, it makes perfect sense. it's just that you (and I) don't have the right perspective.
these giantcos are sitting on Himalayan ranges worth of cash, which is burning a fiery hole in their butts, and they don't know what to do with it.
and they have more cash than sense, even though they always brag about having some of the smartest people in the world, and also have FOMO (to competitors and upstarts).
Facebook buying WhatsApp for 19 billion did not make sense to us laymen either, but it happened.
I was flabbergasted when I read about it. ignorant me.
wow, faaak. I wrote my above comment off the cuff, although based on my intuition and common sense, but just now thought of googling FOMO, to check what Wikipedia says about it, and it seems they agree with me:
relevant excerpt, from near the top of the above page (emphasis mine):
>FOMO can also affect businesses. Hype and trends can lead business leaders to invest based on perceptions of what others are doing, rather than their own business strategy.[19] This is also the idea of the bandwagon effect, where one individual may see another person or people do something and they begin to think it must be important because everyone is doing it. They might not even understand the meaning behind it, and they may not totally agree with it. Nevertheless, they are still going to participate because they don't want to be left out.[20]
leaders, huh? more like followers, aka sheep. include me out.
Also looks like Google is desperate for growth in Cloud and they need to do something.
They are paying as much money as their whole Google Cloud revenue in 2023. Revenue multiple is like 40x times revenue for Wiz. Exceptionally high, even for a high-growth company. Clearly overpaying.
Wiz had nine rounds so massive dilution, and VCs need to recover the money...