Cybersecurity has become a very hot topic in the world of technology. Not only are data breaches continuing unabated, but security companies themselves have also come under the spotlight as a result. Wiz, one of the fastest growing companies, was the target of a now-abandoned $23 billion takeover bid from Google.
Now another cybersecurity startup, closely related to Wiz, has raised a large round of funding.
Dazz, a company that focuses on fixing security vulnerabilities for organizations using cloud computing services, has raised $50 million in equity funding. The startup didn’t disclose its valuation, but sources close to the company say the figure is just under $400 million after the funding.
The company’s fundraising comes at a difficult time in the cybersecurity world. Not only did Wiz just walk away from a $23 billion takeover offer from Google, but one of the biggest players on the market, publicly traded CrowdStrike, issued a buggy update just a week ago that caused a major outage to its massive customer base, wreaking havoc for millions of people around the world.
While neither of these stories are directly related to the more serious cybersecurity issues we face — breaches, data leaks, and service outages due to malicious activity — they do point to how central cybersecurity companies are to the market right now.
Dazz partners with larger companies, and while it doesn't disclose revenue figures, it claims revenue has increased by more than 400% over the past year.
Existing investors Greylock Partners, Cyberstarts, Insight Partners, and Index Ventures are collectively described as “leaders” of the round. Dazz, which launched in 2021, has now raised around $110 million in total.
Dazz is headquartered in Palo Alto, but its roots stretch back to Israel, and those roots run deep. Merav Bahat, the company’s co-founder and CEO, worked for years in Microsoft’s cloud security division, which got its start when Microsoft acquired Adallom, the former startup founded by the Wiz founders.
Bahat was instrumental in turning Microsoft’s cloud security unit into a $2.5 billion business when she left to start Dazz in 2020. The subsidiary is now worth more than $20 billion.
Bahat learned two very important things while working at Microsoft.
The first of those relationships was a close friendship with Asaf Rappaport, the CEO and co-founder of Adalum, then Waze. Both based in New York and Tel Aviv, Bahat is Rapaport’s favorite dog sitter and unofficial second human family. In the company of others, the two founders might finish each other’s sentences. When Rapaport was preparing to start Waze, Bahat became one of his early investors. (Yes, she would have benefited greatly if the company had been sold to Google.)
Another thing Bahat gained was a very strong understanding of what works in cloud security, what doesn’t, and what might need more R&D and attention. With that knowledge, she co-founded Dazz with two other cybersecurity veterans, Tomer Schwartz (CTO) and Yuval Ophir (VP of R&D).
Prospects and customers all work with a wide range of cloud security platforms, including Palo Alto Networks, Wiz and CrowdStrike, Bahat said. But with all of these platforms, she said there is a gap and opportunity to focus specifically on remediation, the next step after identifying vulnerabilities, misconfigurations or breaches.
“When we talk to[security teams]we hear that when it comes to vulnerabilities and prioritization and remediation, no one has been able to solve these issues,” she explained. Part of the reason, she explained, is that it is a very manual and complex process because of the volume of issues that arise in a typical network.
“All security tools are really focused on visibility and detection and telling you what’s wrong. There are a lot of things that are wrong,” she said. “Some of the organizations I work with might have millions of unpatched, unsolved vulnerabilities.” She noted that one client had as many as 1.2 billion vulnerabilities identified in its network.
There are a number of other players in the remediation space, including major security platforms. Dazz’s breakthrough appears to be its technology for consolidating vulnerability reports identified across multiple cloud computing architectures and environments (it calls this “unified” remediation). The company has also built an AI-powered automation layer that prioritizes issues and identifies vulnerabilities that are close to active and latent so security teams can organize more effectively, and then help fix those issues.
Bahat claimed that previous remediation efforts may have only addressed about 10% of the vulnerabilities (hopefully the most concerning ones) in the past, but Dazz's approach could address 50% to 80%.
Companies like Wiz have certainly benefited from the current trend in enterprises to buy IT from fewer, more comprehensive providers. But there’s still debate about whether there are specific solutions for specific functions. Dazz and its investors believe that remediation is one such area, especially when a so-called single pane of glass can address all of a company’s assets — whether in the cloud or on-premises.
