Click here for our full dataset with sources for Wiz’s revenue growth, ACV, and ARR per FTE.

Sacra estimates that Wiz is at $396M ARR as of April 2024, up 128% year-over-year, with about 800 customers for an annual contract value of $393K.

Compare to Palo Alto Networks (NYSE: PANW) at $8B ARR, up 20% year-over-year with 85,000 customers ($94K ACV), and CrowdStrike (NASDAQ: CRWD) at $2.6B ARR, up 49% with 23,000 customers ($167K ACV).

Wiz is a cloud security platform that provides agentless vulnerability scanning and risk identification across multi-cloud environments. It was originally launched in 2020, founded by Assaf Rappaport (CEO), Yinon Costica, Ami Luttwak, and Roy Reznik.

The company hit $100M ARR in 18 months, faster than any software company in history, by selling their easy-to-use, multi-cloud-native platform for identifying vulnerable attack surfaces into large enterprises with perfect timing—just as COVID forced them to abruptly enact quick transitions to the cloud.

With infra moving to AWS/Azure/GCP and employees communicating over Slack and Zoom, every Chief Information Security Officer (CISOs) had budget to find a cybersecurity solution that worked across everything—Wiz was first-to-market, creating the cloud native application protection platform (CNAPP) category in their image.

The core tech opportunity that the Wiz team identified was that there were various agent-based cybersecurity platforms that required manual deployment into clouds, and there were automatic platforms like Microsoft's that plugged directly into Azure, but there was no simple tool for enterprises to continuously scan for potential vulnerabilities across a multi-cloud environment: AWS, Azure, GCP, and others.

Customers connect Wiz to their cloud environment via API, granting it read-only access to scan for misconfigurations, vulnerabilities, and security risks. Wiz gives them a dashboard with a comprehensive view of their cloud security posture: showing them all of their organization's attack surfaces and surfacing the most critical issues.

Over time, Wiz has expanded from a cloud security posture management (CSPM) tool to a full-fledged cloud native application protection platform (CNAPP). In addition to identifying vulnerabilities and misconfigurations, Wiz now offers capabilities for cloud infrastructure entitlements management (CIEM), Kubernetes security, and secrets management. The platform also integrates with existing security tools and workflows, providing a unified view of an organization's cloud security posture.

Wiz is a subscription SaaS company with a usage-based pricing model based on the number of cloud workloads a customer wants to protect across their compute, data, and runtime environments.

Wiz pursued a so-called “suicide plan” to speedrun building a cybersecurity giant—raising $900M, hiring 750 employees, and aggressively going after big, top-down enterprise deals. That plan has largely panned out as of 2024: Wiz has won over companies like Morgan Stanley, Fox, LVMH, with some customers like Salesforce switching to Wiz from Palo Alto Networks for cloud security.

Wiz offers two main product tiers: Wiz Essential and Wiz Advanced. Wiz Essential is designed for earlier-stage organizations, with a focus on providing rapid time-to-value through the core Wiz product of posture management.

Wiz Advanced, targeted at later-stage organizations, includes advanced capabilities such as deep risk analysis and detection and response.

Complementing their core top-down enterprise sales motion, Wiz Essential offers an affordable entry point into the product and letting Wiz acquire customers early in their cloud journey that can then grow from there.

Wiz faces competition from both established cybersecurity vendors and emerging startups in the cloud security space.

In 2022-2023, we saw a wave of CNAPP startups acquired as incumbents fought back against Wiz, from PingSafe (acq. by SentinelOne) to the Israel-based Bionic (acq. by CrowdStrike), Lightspin (acq. by Cisco), and Dig Security (acq. by Palo Alto Networks).

These companies, and particularly Palo Alto Networks, are bundling Wiz-like functionality into their existing platforms and leveraging their revenue scale in pricing, offering their CNAPP for free for two years to retain customers.

Palo Alto Networks, a well-established cybersecurity giant, has made significant investments in cloud security in recent years. Its Prisma Cloud platform offers CSPM, CWPP, and CNAPP capabilities, making it a direct competitor to Wiz. Palo Alto Networks has the advantage of a large existing customer base and deep relationships with enterprises, which it can leverage to cross-sell its cloud security offerings.

However, Wiz's agentless approach and ease of use have allowed it to win customers from Palo Alto Networks, including notable examples like Salesforce.

Orca Security, another Israeli cybersecurity startup, is a direct competitor to Wiz in the CNAPP space. Like Wiz, Orca offers an agentless platform for multi-cloud security and has seen rapid growth, reaching a $1.8 billion valuation in 2021. In July 2023, Orca filed a lawsuit against Wiz, alleging that Wiz had stolen its intellectual property and copied its go-to-market strategy.

The outcome of this lawsuit could have significant implications for the competitive dynamics between the two companies. However, Wiz's early mover advantage and its success in landing large enterprise customers may give it a strong position even in the face of legal challenges.

Private equity firm Thoma Bravo has been actively consolidating the cybersecurity industry, acquiring over 15 companies worth more than $30 billion since 2009. Its portfolio includes notable cloud security players like Barracuda, Sophos, and Veracode. If Thoma Bravo were to merge some of these companies into a single entity, it could create a formidable competitor with a broad range of capabilities.

Wiz is in the midst of actively expanding its total addressable market (TAM) by evolving from a cloud security posture management (CSPM) tool (a $4B market) to a comprehensive cloud native application protection platform (CNAPP)—a category which Wiz brought into being, but which is growing increasingly crowded with competitors among both startups and cybersecurity incumbents.

To further expand its capabilities as a CNAPP and compete more directly against incumbents like Palo Alto Networks, Wiz has built and released its own new products as well as making strategic acquisitions, such as Gem Security for threat detection and response and Raftt for runtime security.

By expanding into adjacent areas like cloud infrastructure entitlements management (CIEM), Kubernetes security, and secrets management, Wiz has significantly increased its TAM.

From a go-to-market perspective, Wiz's expanded product capabilities also enable it to increase its average contract value (ACV) and land larger deals. As Wiz moves from a point solution for CSPM to a platform play, it can sell higher-value contracts that encompass multiple security functions. This shift towards larger, more strategic deals is key to sustaining Wiz's rapid growth trajectory.