Google today revealed it has acquired Wiz, a provider of a cloud-native application protection platform (CNAPP) for $32 billion cash after initially being rebuffed last year.
Thomas Kurian, CEO of the Google Cloud business unit, said the acquisition will extend the reach of a cybersecurity portfolio that extends well beyond its own cloud platform to secure a wide range of heterogeneous computing platforms, including on-premises IT environments.
The addition of Wiz will provide Google Gloud with access to additional telemetry data that will be used to further advance the development of artificial intelligence (AI) cybersecurity services.
Wiz CEO Assaf Rappaport said the combined company will going forward be able to innovate faster than it could as a standalone company.
Wiz in recent years has emerged as a leading provider of a CNAPP that unifies application and infrastructure security by first embedding code in software that makes it possible to identify vulnerabilities. The data collected is then used to drive a threat intelligence service that includes an assessment of the infrastructure applications are deployed on enabled by an instance of extended Berkeley Packet Filtering (eBPF) technology that Wiz developed.
In recent months, there has been a wave of acquisition of providers of CNAPPs, at a time when many organizations are shifting toward relying more on integrated platforms to manage cybersecurity. That shift is being driven by a need to reduce the number of tools that cybersecurity teams need to deploy and master in a way that also serves to reduce the total cost of cybersecurity.
Google will add Wiz to a list of managed cybersecurity services that are delivered by Mandiant, an arm of the company that Google acquired in 2022.
Previously, Google reportedly tried to acquire Wiz last year for $23 billion, only to see the executive leadership of Wiz determine they could exceed the value of that offer as a public company. Since then, a downturn in the economy has accelerated a wave of consolidation across the cybersecurity sector.
Mitch Ashley, vice president and practice lead for DevOps and application development at The Futurum Group, said the deal bodes well for advancing cybersecurity across heterogeneous IT environments in an era where IT vendors, including cloud service providers, recognize the need organizations have to deploy application workloads on multiple platforms. The challenge Google Cloud now faces is bringing that mindset to cybersecurity, he added.
As far as the deal itself is concerned, it’s another example of how the phrase “never-say-never” is frequently underappreciated in cybersecurity circles.
It’s not clear to what degree application and infrastructure security will be unified but as cybersecurity teams rely more on integrated platforms it will become easier to achieve that goal. One of the major issues that cybersecurity teams have historically wrestled with is finding a way to effectively secure software, both as it is being built and then deployed. With the rise of CNAPPs that are now more tightly integrated with managed security services, it should soon become a lot simpler to finally achieve that goal.
