Confirming recent rumors, Google LLC today announced plans to acquire Wiz Inc. for $32 billion.

The all-cash transaction values the cybersecurity startup $20 billion higher than what it was worth following its most recent funding round. The sum is also a significant premium to the $23 billion that Google reportedly offered for Wiz last year. According to TechCrunch, the cybersecurity provider walked away from the latter deal and told employees it would seek to go public instead.

Reuters reported today that Google has agreed to pay Wiz a $3.2 billion termination fee if the deal falls through. This clause might be a hedge against regulatory challenges. According to CNBC, Wiz’s decision to reject Google’s $23 billion bid last year was partly motivated by concerns antitrust regulators might block the transaction. The acquisition agreement reportedly specifies that Wiz can continue operating independently in the event of protracted antitrust litigation.

Rapid growth 

Wiz launched in 2020, saw its annualized recurring revenue top $100 million two years later and reportedly reached $700 million not long ago. The company says that more than half the Fortune 100 use its namesake cybersecurity platform. The software helps companies fix vulnerabilities in their cloud environments, secure developers’ code and fend off cyberattacks.

The first component of Wiz’s platform is a product called Wiz Cloud. It can spot vulnerabilities such as misconfigured instances, known software exploits and weak access controls. Wiz Cloud is agentless, which means using it doesn’t require administrators to deploy data collection programs in their cloud environments. That significantly speeds up the setup process.

Wiz Defend, the company’s second product, detects and blocks cyberattacks using an eBPF runtime sensor. This is a specialized program embedded directly in the Linux kernel, the part of the operating system that stores its most important components. The Linux kernel has extensive visibility into the cloud applications it powers, which allows Wiz’s eBPF sensor to collect highly detailed data about cybersecurity events.

Wiz Defend also collects data about potential breaches from other sources. With the help of a built-in graph database, it generates a simulation of cloud environments that can be used to study the potential impact of breaches. Wiz Defend also sifts through audit logs for signs of malicious activity. 

The third component of the company’s product portfolio is Wiz Code. It can highlight software vulnerabilities directly in a developer’s code editor and suggest fixes. The software also spots related issues, such as configuration flaws in the CI/CD pipeline that deploys developers’ code to production.

Wiz is available across all the major public clouds. Google stated today that it has no plans to change that following the acquisition.

Integrated offering

In a blog post, Google Cloud Chief Executive Officer Thomas Kurian stated that Wiz will remain compatible with competing clouds after the deal closes. “In addition, we are committed to continuing to support packaged applications, SaaS applications, and those running on virtual and on-premises environments,” he wrote. Google Cloud Marketplace, meanwhile, will continue offering cybersecurity tools from third-party providers.

Kurian detailed that the search giant plans to develop a “unified security platform” by combining Wiz’s technology with its Google Security Operations product. The latter offering, which debuted last year, allows administrators to collect cybersecurity data from multiple sources and analyze it for breach indicators. The software also automates some of the work involved in responding to cyberattacks.

Wiz is not Google’s first multibillion-dollar cybersecurity acquisition. In 2022, the company spent $5.4 billion to acquire Mandiant, a major provider of cybersecurity services. Mandiant helped develop some of the automation capabilities in Google Security Operations, the product with which the search giant plans to combine Wiz.

Google was already influential in the cybersecurity market prior to the Mandiant deal. 

About a decade ago, the company’s internal BeyondCorp project helped jumpstart adoption of zero trust security. This is a now-widespread best practice designed to protect technology infrastructure from cyberattacks. It specifies that users and devices must be verified before accessing a sensitive asset even if they’re already logged into the corporate network.

Google has also made other contributions to the cybersecurity community. About a year before buying Mandiant, it released a software security framework called SLSA. It’s designed to help developers protect their code from tempering and other threats.

Google expects to close the Wiz acquisition in 2026 pending regulatory approvals. 

Photo: Wiz