Entrepreneurship

Google and Wiz – Synergies of a collapsed deal

In the summer of 2023, I wrote an opinion on potential deals in cloud security. The scenario I proposed to a group of investors was Google’s acquisition of Wiz. Here are my curated excerpts on the synergies of the deal.

While Google Cloud has made significant strides in security and privacy, it still faces challenges compared to its competitors AWS and Azure. One area where Google Cloud lags is in the depth and breadth of its security toolset. AWS and Azure offer a more extensive array of integrated security services, such as AWS’s comprehensive suite of threat detection and compliance tools, and Azure’s advanced security management capabilities through Azure Sentinel and Microsoft Defender for Cloud. Additionally, Google Cloud’s enterprise adoption in highly regulated industries is growing, but AWS and Azure have historically had stronger footholds in these sectors due to their longer market presence and more extensive focus on compliance. As a result, some organizations perceive AWS and Azure as more mature and better equipped for complex and varied security and privacy needs, impacting Google Cloud’s competitive positioning in these areas.

Google might consider acquiring Wiz for several strategic reasons:

Strengthening Cloud Security: Wiz is a leading player in cloud security and vulnerability management. By acquiring Wiz, Google could enhance its security offerings, providing its customers with more robust tools to protect their cloud environments, which is a critical area of focus in the cloud market.

Expanding Security Capabilities: Wiz’s advanced security features, such as comprehensive vulnerability assessment and threat detection, could complement and extend Google Cloud’s existing security portfolio. This could lead to more integrated and sophisticated security solutions for Google Cloud customers.

Enhancing Competitiveness: The cloud security space is highly competitive, with players like Microsoft Azure and AWS also investing heavily in security. Acquiring Wiz could give Google a competitive edge by offering superior security capabilities that could attract and retain more customers.

Improving Compliance and Risk Management: Wiz’s tools help organizations maintain compliance and manage risks effectively. Integrating Wiz’s capabilities could improve Google Cloud’s compliance features, making it more appealing to customers in highly regulated industries.

Leveraging Wiz’s Expertise: Wiz brings a wealth of expertise and a talented team in cloud security. Google could benefit from this knowledge and experience, which could accelerate the development of Google Cloud’s security features and innovation.

Expanding Customer Base: Wiz serves a wide range of enterprises and organizations. By acquiring Wiz, Google could potentially attract these customers to Google Cloud, increasing its market share and customer base.

Integrating Security Across Services: By integrating Wiz’s technology with Google Cloud’s infrastructure, Google could provide a more seamless and cohesive security experience across all its cloud services, enhancing overall user satisfaction and trust.

Strategic Growth: Acquisitions like Wiz align with Google’s broader strategy to grow its cloud business. Strengthening the security aspect of Google Cloud is crucial for long-term growth and success in the cloud computing market.

Growing Revenue: Expected Wiz 2023 Revenue $350M ARR, with 2025 projections at $1B ARR. Acquisition is projected to boost CAGR to over 175% for first three years.

In summary, acquiring Wiz could significantly bolster Google Cloud’s security capabilities, help it compete more effectively, and attract a broader range of customers, all of which are crucial for maintaining and expanding its position in the cloud market.

As I recount this in 2024, this scenario became almost real. With the deal collapsed, and Wiz destined for an IPO that is likely to be one of the most exciting for the security industry in the near future.

Zove Security’s AI Technology Unit Acquired To Protect High-Value Targets

Zove Security’s AI unit acquired, enhancing cyber defense for high-value targets with ZoveTrustAI technology

Malicious actors are leveraging AI to scale complex attacks at lower costs. The ZoveTrustAI platform protects critical individuals from sophisticated attacks and paves the path to autonomous defense.” — Akshay Aggarwal, CEO, Zove Security

SEATTLE, WASHINGTON, USA, June 25, 2024 /EINPresswire.com/ — Zove Security, a leading provider of emerging technology and information security capabilities, announced today that its AI technology unit has been acquired by a stealth firm, a subsidiary of a renowned global technology enterprise. The acquisition includes all technology assets, exclusive rights to the ZoveTrustAI platform, and Zove’s dedicated operations team. The integration of Zove’s assets into the acquiring firm will be completed over the third quarter of the calendar year. The financial terms of the acquisition are not being disclosed.

ZoveTrustAI: A Game-Changer in Cybersecurity

The deal encompasses the proprietary ZoveTrustAI platform, an artificial intelligence system for devices that merges generative models with personal context and threat reports. This unique solution delivers incredibly relevant and actionable intelligence, enhancing cyber risk management by combining on-device large language models (LLMs) and server-based models. During field trials, ZoveTrustAI successfully identified multiple instances of previously unknown active attacks, demonstrating its effectiveness in real-world scenarios.

A Fruitful Collaboration

For almost two years, Zove Security co-created the solution with the acquiring firm. This solution protects high-value targets (HVTs), including executives, celebrities, and other sensitive individuals from cybercriminals and adversarial state actors. This partnership has focused on active attack identification, leveraging the strengths of both organizations to develop and refine ZoveTrustAI.

Future Integration and Capabilities

Post-acquisition, ZoveTrustAI will be integrated into a security solution designed to manage cyber risk for high-risk individuals. This technology is poised to revolutionize fraud detection and cyberattack response by utilizing personal context and on-device LLMs to deliver autonomous defense mechanisms. With secure on-device data processing, it will ensure your privacy while providing robust protection. It is designed to be smart, adaptive, and always one step ahead.

CEO Statement

Akshay Aggarwal, Founder and CEO of Zove Security, stated, “Advancements in Artificial Intelligence (AI) are poised to significantly impact cybersecurity. For most enterprises, AI presents both threats and potential. Malicious actors are leveraging AI to scale complex attacks at lower costs. The ZoveTrustAI platform allows enterprises to protect their critical users from sophisticated attacks and paves the path to autonomous defense.”

About Zove Security

Zove Security secures the products and platforms that power innovation and underpin our digital lives. Their mission is Platform Trust through secure engineering and trusted operations, ensuring users trust the technology they use and the companies behind them.

About the Acquiring Firm

The acquiring firm, currently in stealth mode, is part of a leading global tech enterprise known for its innovation and premium consumer electronics, including smartphones, PCs, tablets, wearables, and a range of software and services.

AKSHAY’S UNCERTAINTY PRINCIPLE: OBSERVING SOME METRICS CHANGES THEM

“The more precisely the position is determined, the less precisely the momentum is known in this instant, and vice versa.”
–Heisenberg, uncertainty paper, 1927

The Uncertainty principle is related to the observer effect. In physics, the term observer effect refers to changes that the act of observation will make on the phenomenon being observed.

Ok, now to get to the point. Leaders are often asked to produce several performance metrics or revenue metrics. Some of these metrics are simple and straightforward Key Performance Indicators (KPIs). KPIs can include net revenue, profit, # of new customers or in our case customer satisfaction numbers.

The problem with metrics crops up when we need to measure a property and no mechanism exists to measure it quickly or the metric is not representative of the property being measured. In general this happens when the following scenarios arise:

Metric is not available: No mechanism is in place to measure the property at that time.
Property is not measurable: No metrics are available to capture the property.
Deliver unplanned metrics quickly: Metrics that the system was not designed to capture need to be measured quickly.
CSF masquerading as KPI: Critical Success Factors are vital elements for a strategy to be successful and should not be confused with KPIs which quantify strategic performance. The metric being asked for is a CSF not a KPI.

In simple words, the amount of effort required to measure the metric changes the amount of effort we can dedicate to create the metric. The act of measuring the metric changes it. For example, in the economic downturn several teams have had to reduce headcount. If this barebones team is now asked to capture information on how a recently released tool is being used by customers without that mechanism already in place, then they cannot deliver that metric without additional effort that will impact the overall KPIs.The problem that arises is what I’ve dubbed the Akshay’s Uncertainty Principle:

In a resource constrained environment, a new or modified metric cannot be measured without impacting the metric itself.
– Akshay Aggarwal

Finally, an explanation the kxcd way

GitLab acquires DevSecOps startups Peach Tech and Fuzzit

GitLab has acquired a pair of startups as the DevOps giant doubles down on security support for development teams. While GitLab is perhaps better known for its GitHub-like collaborative code-hosting platform, the San Francisco-based company has been pushing deeper into the developer workflow, covering all facets of development, deployment, monitoring, and security.

The premise behind DevSecOps (developer security operations) is that developers should consider security a fundamental part of software development from the get-go, rather than building a product and then stress-testing it just before it ships. This process requires developer and security teams to work closely together.

GitLab has snapped up Peach Tech, a Seattle-based startup that specializes in software security testing. More specifically, Peach Tech offers a fuzz testing — or “fuzzing” — product that automatically throws invalid or random data at a computer program before it’s deployed to see how it reacts. This can help developers find bugs and other flaws that could be exploited by bad actors. The company also offers an automated DAST API security testing tool that enables companies to test their APIs against the OWASP Top-10 security risks. Additionally, GitLab has bought Tel Aviv-based Fuzzit, which offers a fuzzing service similar to Peach Tech’s. It’s all about “finding bugs and vulnerabilities before the bad guys do,” as the Israeli startup puts it.

Terms of the deals were not disclosed, but David DeSanto, director of product at GitLab’s Secure and Defend unit, confirmed that the Fuzzit and Peach Tech teams — including the founders — will join GitLab, and both startups’ standalone services will be wound down.

It’s also worth noting that the recent surge in remote work due to the COVID-19 crisis has cast a spotlight on cybersecurity, with officials from the U.S. and U.K. recently issuing warnings about the increased risk of hacking due to insecure machines on home networks.

“There is definitely a correlation between the global impact of COVID-19 and the need to implement security best practices,” DeSanto told VentureBeat. “As more organizations transition to remote work, both IT operations and security teams need to evaluate how developers access company resources securely. There is a need to evaluate principles like zero-trust and multi-factor authentication to enable your organization to securely work [remotely]. Furthermore, there has been a push to use more SaaS platforms, like GitLab, which support these principles.”

DevSecOps

GitLab has offered features aimed at security personnel for several years, and its dedicated security dashboard gives companies an overview of the various vulnerabilities across their projects and allows them to drill down into each one. With the launch of GitLab 12.0 last year, the company was ready to truly position itself as the platform for developer security teams.

Above: GitLab security dashboard

While Fuzz testing is an entirely new product offering for GitLab, the company does currently offer its own DAST API testing tool. Over the next six months, however, GitLab will replace its existing DAST API functionality with Peach Tech’s incarnation.

GitLab had made three known acquisitions before now, the last one back in 2018 when it procured Canadian cybersecurity startup Gemnasium, a platform that enables developers to address security vulnerabilities in open source code. The latest acquisitions are consistent with GitLab’s previously stated aim, which is to create an all-in-one platform for developers, security, and operations teams.

The goal with Peach Tech and Fuzzit is to integrate their various technologies into GitLab, meaning customers won’t need to use standalone fuzz testing services. It’s also one more reason for an enterprise client to upgrade to the Gold / Ultimate plan, the most expensive of GitLab’s subscription tiers.

“Fuzzit and Peach Tech will be completely integrated into GitLab and will be available as part of the GitLab platform,” DeSanto said. “Full integration has started, and GitLab users will begin to use these new technologies starting in July, with full integration expected to be done by the end of the year.”

GitLab raised $268 million at a $2.7 billion valuation back in September, and it’s currently gearing up for a planned IPO this November.

Original post is at VentureBeat

Accenture Acquires Deja vu Security, Seattle-Based ‘Security of Things’ Company

Acquisition gives Accenture Security a distinctive position in secure enterprise application and network development services

ARLINGTON, Va.; June 17, 2019 – Accenture (NYSE: ACN) is announcing the acquisition of Deja vu Security, a privately held company that specializes in security design and testing of enterprise software platforms and internet of things (IoT) technologies.

The Seattle-area company has become part of Accenture Security’s Cyber Defense offerings. Financial terms of the agreement were not disclosed.

Serving some of the world’s largest technology companies, Deja vu Security provides a full range of security services designed to strengthen business applications and increase cyber resilience by integrating security throughout the product development lifecycle. Founded in 2011, Deja vu Security brings to Accenture a deep expertise in the techniques, tools and methods for securing connected devices and IoT networks. The acquisition of Deja vu Security also builds on Accenture Security’s commitment to investing in and innovating next-generation cybersecurity solutions to help protect clients’ business from end to end.

Accenture has acquired Deja vu Security, ‘Security of Things’ company that specializes in security services to strengthen business applications from end to end by integrating #security throughout the product development lifecycle.

“For technology companies, third-party suppliers and consumers alike, IoT security controls often remain an afterthought — which is why it’s critical that security is built in from the start for any new products, processes or services,” said Kelly Bissell, senior managing director of Accenture Security. “Deja vu Security’s team of innovative specialists brings considerable technical cybersecurity skills, making them a strong strategic fit, and will help our clients reduce the risk of their connected solutions. We are very excited to welcome the Deja vu Security team to Accenture.”

High-profile cyberattacks continue to demonstrate how vulnerable enterprise networks can result in significant business disruption and financial loss. Recent Accenture research found that companies globally could incur US$5.2 trillion in additional costs and lost revenue over the next five years due to cyberattacks, as dependence on complex internet-enabled business models outpaces the ability to introduce adequate safeguards that protect critical assets.

Adam Cecchetti, Deja vu Security’s chief executive officer, said, “Today’s announcement is an exciting new chapter for Deja vu Security and our employees. Accenture’s people-focused culture and innovative mindset are core values that both companies share, and our unique capabilities complement each other perfectly. We are thrilled to be joining such a high-caliber global organization.”

About Accenture
Accenture is a leading global professional services company, providing a broad range of services and solutions in strategy, consulting, digital, technology and operations. Combining unmatched experience and specialized skills across more than 40 industries and all business functions — underpinned by the world’s largest delivery network — Accenture works at the intersection of business and technology to help clients improve their performance and create sustainable value for their stakeholders. With 477,000 people serving clients in more than 120 countries, Accenture drives innovation to improve the way the world works and lives. Visit us at www.accenture.com.

Accenture Security helps organizations build resilience from the inside out, so they can confidently focus on innovation and growth. Leveraging its global network of cybersecurity labs, deep industry understanding across client value chains and services that span the security lifecycle, Accenture protects organizations’ valuable assets, end-to-end. With services that include strategy and risk management, cyber defense, digital identity, application security and managed security, Accenture enables businesses around the world to defend against known sophisticated threats, and the unknown. Follow us @AccentureSecure on Twitter or visit us at www.accenture.com/security.

Original post can be found on Accenture’s Newsroom