Try all of the on-demand classes from the Clever Safety Summit right here.
Cloud expertise has modified the information financial system. Knowledge is now not locked in on-premise silos and servers, however traverses by a dynamic patchwork of cloud service suppliers, apps, APIs and containers. An unchecked vulnerability or misconfiguration in any of those parts can go away important knowledge uncovered. That’s why consolidated cloud safety is now important.
It’s a actuality few organizations are ready to confront, with the typical group utilizing six instruments to safe the cloud. A lot of cybersecurity distributors want to deal with these challenges by providing a extra consolidated strategy to cloud safety.
One such supplier is Wiz, which right now raised $300 million as a part of a Collection D funding spherical. Wiz offers cloud safety posture administration (CSPM) and a cloud-native software safety platform (CNAPP) designed to allow safety groups to watch cloud companies, APIs and containers for vulnerabilities and misconfigurations.
The newest funding spherical, led by Lightspeed Enterprise Companions and Greenoaks Capital Companions, brings Wiz’s valuation to $10 billion and makes it the biggest cyber-unicorn, highlighting the truth that traders see securing the cloud because the definitive problem in defending enterprise knowledge.
Occasion
Clever Safety Summit On-Demand
Be taught the important function of AI & ML in cybersecurity and business particular case research. Watch on-demand classes right now.
Watch Right here
Consolidating cloud safety
Conventional approaches to cybersecurity merely don’t work in decentralized cloud environments. Analysis from Venafi finds that 81% of organizations skilled a cloud-related safety incident within the final 12 months, with 45% struggling at the least 4 incidents.
There are various causes for the excessive fee of cloud breaches, from a cloud expertise hole to under-resourced safety groups. However maybe probably the most vital trigger is lack of visibility over knowledge property and exposures. Most organizations merely don’t have the flexibility to establish vulnerabilities and misconfigurations throughout the assault floor.
“Cloud is agile and dynamic — that is the rationale it allows firms to develop so quick. Nevertheless, that is additionally why it’s so onerous to safe the cloud. It retains altering,” mentioned Assad Rappaport, cofounder and CEO of Wiz.
“How are you going to safe knowledge within the cloud, if it may be saved in dozens of companies, routed every day to completely different locations and techniques? Legacy approaches utterly fail to deal with the complexity and agility of cloud. Cloud requires a cloud-native strategy,” Rappaport mentioned.
Wiz’s reply to securing the cloud is to consolidate CSPM and CNAPP capabilities right into a single platform alongside knowledge safety posture administration, exterior assault floor administration (EASM) and cloud detection and response (CDR). This mix is designed to assist organizations increase and streamline their detection and response capabilities for threats throughout the cloud.
As an illustration, safety groups can constantly scan for misconfigurations throughout hybrid cloud environments, infrastructure as code (IaC) and containers, and mechanically remediate potential exploits that expose knowledge to menace actors.
The platform additionally offers a safety graph that triages and correlates assault paths in order that each developer and safety groups can perceive the reason for a breach and establish the way to reply rapidly.
A quick take a look at the CNAPP market
Wiz’s resolution falls throughout the world CNAPP market, which researchers valued at $7.8 billion in 2022 and estimate will attain $19.3 billion by 2027 as extra organizations notice their cloud adoption plans.
The group is competing in opposition to some established firms within the area, together with Palo Alto Networks, which provides its personal CNAPP known as Prisma Cloud.
Prisma Cloud provides real-time inspection of cloud workloads for misconfigurations and vulnerabilities, utilizing machine studying to establish regular baseline exercise, and producing alerts to spotlight anomalous exercise. Palo Alto Networks earned $84.2 million in income final quarter.
One other competitor is Lacework, which provides a CNAPP with infrastructure as code (IaC) scanning, runtime vulnerability scanning for workloads, container photographs, hosts and language libraries, in addition to anomaly detection-based menace detection. Lacework is presently valued at $8.3 billion.
Rappaport argues that the important thing differentiator between Wiz and these options is its emphasis on managing dangers in actual time.
“Wiz has launched a brand new strategy, one that allows the enterprise to embrace the cloud securely by constantly figuring out and lowering the dangers that matter. Wiz is rolled out in minutes by way of an agentless, API-centered strategy to seamlessly scan workloads and provides full visibility of cloud environments,” Rappaport mentioned.