Last week, Wiz announced the acquisition of cloud detection and response specialist vendor Gem Security. The move confirms Wiz’s strategic intent to build a comprehensive cloud security portfolio and will accelerate Wiz’s revenue growth and product innovation and keep Wiz on a trajectory towards a likely future IPO.
Native and third-party cloud threat detection is a rapidly growing priority for large enterprises as many organizations have moved critical data to multiple cloud providers. In addition, attacks on cloud assets have risen, highlighting the importance of a holistic defensive cloud security strategy. Gem Security, founded in 2022, has raised $34 million in venture capital and was focused on real time detection and remediation of attacks on cloud infrastructure. The Gem Security acquisition moves Wiz closer to this goal with a powerful incident response tool for cloud resources.
Wiz balances inorganic and organic innovation. While terms were not disclosed, Forrester expects the acquisition price to be between $300-400M. Wiz has already demonstrated inorganic (as well as organic) innovation with its December 2023 acquisition of Rafft, a developer collaboration platform. Wiz’s organic development is evidenced by Wiz’s addition of agent-based cloud workload protection and cloud security posture management capabilities over the last year.
Integration challenges will remain. As with any acquisition, seamless integration of the Rafft and Gem workflows into the existing Wiz platform will play a key role in determining the success of the updated Wiz cloud workload security and detection platform. Centralized policy management and reporting have often tended to take the most time to integrate post -acquisition among cybersecurity companies. Security professionals should pay close attention post-acquisition to the Wiz/Gem roadmap and product offering announcements to confirm that the integration plans are on schedule.
Forrester expects additional Wiz solution improvements. We expect that post acquisition Wiz will integrate business user data access mapping in the Wiz cloud security posture management (CSPM) and cloud infrastructure entitlement management (CIEM) solutions with Gem’s response workflows to detect any unusual or suspicious configuration changes and data access activities. Wiz will also likely invest in unifying Identity and Access management (IAM) for admins across all its products. Reporting and auditing, including the use of generative AI based chatbots, are potential areas where Wiz will need to enhance its solutions. We expect organic product development or additional acquisitions to fill these gaps over the next 12 months. Wiz’s competitors including Lacework, Palo Alto Networks, and Zscaler have already made similar improvements and are also developing end-to-end, integrated cloud workload security (CWS) and cloud detection and response (CDR) platforms.