Google has introduced particular plans to amass cloud-native software safety platform (CNAPP) vendor Wiz for $32 billion, which is the most important ever acquisition in cybersecurity, surpassing the $28 billion that Cisco paid for Splunk in 2024. That is additionally Google’s largest ever acquisition and, primarily based on Forrester’s estimates of Wiz’s annual income, represents an astronomically excessive, roughly 45–50x estimated multiplier of Wiz’s annual income. Wiz has been making monetary headlines since final summer time, stemming from rumors in July 2024 that Google would purchase Wiz for $23 billion, in addition to Wiz’s acquisition of Gem Safety together with speak that Wiz would purchase Lacework, a deal that fell via (Fortinet later acquired Lacework).
This acquisition highlights the next:
- Within the gentle of Google’s monitor document with previous safety acquisitions, Google can efficiently combine Wiz. When evaluating Googe Cloud’s earlier safety acquisitions, the monitor document is robust. Google’s 2022 acquisition of Mandiant has confirmed to be a key element of Google’s cybersecurity product technique, infusing Google Safety Operations with Mandiant’s risk intelligence and analytics. Google has additionally retained lots of Mandiant’s most distinguished safety leaders, which is a constructive signal. Equally, the 2022 Siemplify acquisition was productive for Google Safety Operations — it not too long ago totally built-in Siemplify into the platform as a full-fledged safety orchestration, automation, and response providing. The success of Wiz’s acquisition can even rely on: 1) Google’s capability to navigate right now’s present unstable financial surroundings; 2) its capability to “avoid wasting money” to stay within the AI race with AWS and Azure; and three) whether or not Google operates Wiz individually or embeds them into Google Cloud’s safety portfolio.
- Multicloud CNAPP is indispensable for cloud infrastructure safety choices. Whereas Google Cloud Platform (GCP) has efficiently developed CNAPP capabilities (cloud safety posture administration and cloud workload safety) for its personal platform’s native safety, these instruments have predominantly centered solely on defending GCP endpoints/belongings. After Microsoft’s 2021 early acquisition of CloudKnox and improvement of Defender for Cloud (a multicloud CNAPP instrument competing with Palo Alto Networks and others), Google is now feeling the stress to supply a real, multicloud-capable CNAPP instrument, provided that so many organizations are multicloud right now. Forrester expects that, post-acquisition, most present CNAPP capabilities in GCP (comparable to cloud safety posture administration [CSPM], cloud infrastructure entitlement administration [CIEM], and agentless cloud workload safety [CWP]) might be changed by Wiz’s providing and stay with multicloud help. Multicloud safety capabilities will speed up Google Cloud’s entry into many enterprises.
- App safety synergies present extra alternatives for cloud suppliers. Whereas Wiz is primarily centered on CNAPP, the agency’s product choices bleed into the applying safety area. Just lately, Wiz expanded into app safety, together with software program composition evaluation, infrastructure as code (IaC), and secrets and techniques scanning; software program payments of supplies; and steady integration and steady supply safety posture administration. These strikes place Wiz to compete with software safety testing distributors and different CNAPP distributors which have “shifted left.” Google has additionally begun extending its API administration product, Apigee, into broader API safety use circumstances. Whereas there are nonetheless gaps to fill, comparable to static software safety testing, dynamic software safety testing, and API assault detection, including Wiz to the Cloud Armor, reCAPTCHA, and Apigee choices strikes Google nearer to being a holistic cloud software safety supplier.
- The acquisition will present aggressive pressures and drive consolidation for unbiased CNAPP suite distributors. Fortinet, Palo Alto Networks, Sysdig, Rapid7, Development Micro, and others now face fierce competitors from cloud infrastructure suppliers (Google and Microsoft). This deliberate acquisition, plus Microsoft’s continued investments in CNAPP and app safety, will drive unbiased CNAPP suppliers to innovate and search differentiation compared to the cloud infrastructure suppliers and will result in additional consolidation inside the CNAPP area. Cloud prospects should take into account whether or not these unbiased CNAPP distributors have ample capabilities to keep up themselves as a trusted third-party platform that mitigates reliance on a single cloud supplier — a sample that has benefited distributors within the observability and AIOps area, for instance.
- Different CNAPP distributors should combine cloud detection and response. Wiz’s cloud detection and response providing, Wiz Defend (previously Gem Safety), takes a distinct method to cloud detection and response. As a substitute of counting on built-in detection capabilities in its personal cloud safety instruments completely, Wiz Defend gives a unified instrument solely for detection and response that takes in alerts and knowledge from different instruments (id instruments, Google Cloud audit logs, Azure exercise logs, AWS CloudTrail logs, and so on.) and does detection engineering on them. This reduces alert volumes from the cloud at a crucial time — purchasers are scuffling with cloud alert volumes greater than ever given the disparate merchandise. With this acquisition, it places stress on different distributors to consolidate their CNAPP and cloud detection and response (CDR) choices in an analogous means and supply specific CDR capabilities of their CNAPP answer: an enormous win for safety operations groups.
- Wiz’s cluster optimization and price concerns elevate questions on Google’s cloud administration ambitions. Though historically a CNAPP answer, Wiz — pushed by buyer necessities — developed a Value Optimization framework, with Cloud Configuration Guidelines being its newest functionality. It optimizes Kubernetes prices in Amazon’s Elastic Kubernetes Service by figuring out cluster optimization alternatives. Although this functionality begins with AWS, Wiz earlier had acknowledged plans to increase its subsequent era of Wiz Cloud Value to different public clouds. Since Google Cloud has its personal price administration capabilities, the query stays whether or not Wiz Cloud Value might be deprecated or folded into Google’s native administration suite, or maybe Google will proceed its FinOps ambitions and increase to ingesting and managing its opponents’ cloud prices.
- AWS might want to react to those CNAPP traits. Whereas Amazon Net Providers has been offering GuardDuty and Config, these options will not be as robust as different CNAPP options in areas of finest practices, compliance template breadth and depth, and, extra importantly, multicloud protection. Whereas AWS WAF (net software firewall) helps hybrid and multicloud deployments, many Forrester purchasers inform us that they nonetheless restrict AWS WAF to the AWS surroundings. To answer Google’s acquisition of Wiz, AWS might want to beef up its productized, multicloud CNAPP providing (with protection for CSPM, CIEM, agent-based and agentless CWP, container safety, and IaC scanning). If AWS chooses to go the purchase vs. construct route, doubtless CNAPP acquisition targets would come with smaller gamers comparable to Aqua Safety, Orca Safety, and Sysdig.
![Understanding LLMs Requires Extra Than Statistical Generalization [Paper Reflection]](https://multicloud365.com/wp-content/uploads/2025/01/blog_feature_image_045530_5_1_6_4-1-120x86.jpg)
