Most of their competitors, like Palo Alto, have a very convoluted offering from gluing together several acquisitions. Wiz is very cohesive with a much nicer API and great UX, which is very underrated in the security space imo.

I have zero trust in Google’s promise to keep supporting the tool for multiple clouds or maintain the high quality of product design that makes Wiz great. It’s great for my job security, but I’d call it a net loss for the industry.

No they aren't.

I've been a cybersecurity SWE, PM, and VC for a decade at this point and I've almost never found any relevant security or enterprise SaaS related content on HN.

For a hot second (around 2018-2019) there was solid conversations around eBPF, io_uring, or cloud posture management, but that doesn't happen on here anymore.

Same with MLOps and ML Infra as well - almost no one on here understands Infiniband, RDMA, or BLAS

The tech industry is MASSIVE - and most people are only clued into their own little niche. And according to HN, the only tech companies that exist are FAANG, Nvidia, Tesla, TSMC, and BYD.

Does it protect stuff? Somewhat.

Is it the best product out there - no.

Are CISOs happy? CSPM is mostly a checklist item in their bucket to things to do.

It depends on what kind of security you are working in. Most of the people in CSPM, CNAPP world have heard their name.

It is product built for cloud security/devsecops folks.

I’d also bet on this being more of a kickback, rather than an invisible unicorn. Between a visible elephant (Trump/Israel) and an invisible unicorn, betting on an elephant is more reasonable.

1.) Most people here are likely not in security.

2.) I’m only adjacent to security but have heard of Wiz. If you work in security and haven’t, are you sure you’re good enough to subject us to your opinion?

- scan cloud configurations for policy violations - detect and remediate infrastructure misconfigurations - real-time visibility into cloud resource inventories - early detection of issues - container vuln. scanning - runtime anomalous behavior - alerts and correlate security events - compliance mappings - id risky permissions in IAM policies - track changes and configuration drift over time - implement zero-trust policies across microservices - eforce network seg in containerized environments - run security checks during build and deploy stages - vulnerability assessments on running VMs and containers - policy-as-code for consistent security standards

If you do interesting work, you’ll get cold emails unless you take steps to avoid them.

To answer your question. Google doesn't acquire Wis because Google can’t build a comparable product themselves. The real driver is that Wiz has already achieved market penetration and trust. Replicating that from scratch would be a massive undertaking, requiring not just a sophisticated product but also the brand credibility, customer relationships, and reputation for reliability. establishing that level of traction and trust is difficult, time-consuming, and expensive. I highly doubt Google would try to build a direct competitor from the ground up when acquiring Wiz allows them to leverage its existing success right away.

Regarding your google comment: Google builds Google products that can also be used by other people. I am pretty confident they cannot build something like Wiz. And not because they don’t have researchers and developers.

wow, faaak. I wrote my above comment off the cuff, although based on my intuition and common sense, but just now thought of googling FOMO, to check what Wikipedia says about it, and it seems they agree with me:

https://en.m.wikipedia.org/wiki/Fear_of_missing_out

relevant excerpt, from near the top of the above page (emphasis mine):

>FOMO can also affect businesses. Hype and trends can lead business leaders to invest based on perceptions of what others are doing, rather than their own business strategy.[19] This is also the idea of the bandwagon effect, where one individual may see another person or people do something and they begin to think it must be important because everyone is doing it. They might not even understand the meaning behind it, and they may not totally agree with it. Nevertheless, they are still going to participate because they don't want to be left out.[20]

leaders, huh? more like followers, aka sheep. include me out.

What we use it for: - vulnerability assessments for containers and VMs (they give a list of vulnerable or outdated packages) - initial access vulnerabilities: what happens if an internet facing component is compromised because you have a vulnerable package and to what kind of data it has access to (it has some regexes and what not to figure out if in your database you have PII data, HIPAA etc.), what lateral movement is possible etc. - provides information on what you can do to fix a finding - IAM checks for overly broad permissions - Service account age and overdue key rotations

Take your pick.