Cybersecurity has become a white-hot topic in the world of technology. Not only are data breaches continuing unabated, but security companies themselves are very much in the spotlight as a result. One of the fastest-growing, Wiz, was the object of a now-abandoned $23 billion acquisition offer from Google.
Now, another cybersecurity startup, coincidentally closely associated with Wiz, has raised a significant round of funding. Dazz, which focuses on vulnerability remediation for enterprises that use cloud services, has raised $50 million in equity funding. The startup is not disclosing its valuation, but sources close to the company say the figure is just under $400 million post-money.
Dazz works with larger enterprises, and while it’s not disclosing revenue numbers, it claims that revenue has increased by more than 400% over the last year.
Existing investors Greylock Partners, Cyberstarts, Insight Partners and Index Ventures are collectively described as “leading” the round. Dazz, which launched in 2021, has now raised around $110 million in total.
Dazz is headquartered in Palo Alto, but its roots lie in Israel, and those roots run deep. Merav Bahat, Dazz’s co-founder and CEO, worked for years at Microsoft running its cloud security business. That cloud security business got its start when Microsoft acquired Adallom – the previous startup founded by the creators of Wiz – and Bahat was instrumental in building that larger operation from $0 in ARR to one that was worth $2.5 billion when she left to found Dazz in 2020. It is now worth more than $20 billion.
Bahat picked up two very important things during her time at Microsoft.
The first of these was a close friendship with Assaf Rappaport, the CEO and co-founder of Adallom, and later Wiz. They both are based across NYC and Tel Aviv and Bahat is Rappaport’s go-to dog sitter and informal second human family. In company with others, the two founders might even finish each other’s sentences. And when Rappaport was getting ready to start Wiz, Bahat became one of his first investors. (And yes, she would have stood to benefit greatly had the sale to Google gone through.)
The second thing Bahat picked up was a very solid understanding of what is working in cloud security, what is not, and what could do with significantly more R&D and attention. It was with that knowledge that she co-founded Dazz with two other cybersecurity veterans, Tomer Schwartz (the CTO) and Yuval Ofir (VP R&D).
The challenge goes something like this: Prospects and customers, Bahat said, all work with a wide array of cloud security platforms like Palo Alto Networks, Wiz, and CrowdStrike (which is why its big technical bump last week had such a disastrous impact). But with all of these, she said, there remains a gap and opportunity to focus specifically on remediation, which is what happens when vulnerabilities, misconfigurations or even breaches are identified and fixes get issued.
“When we talk to [security teams], what we hear is that when it comes to vulnerability, remediation, prioritization and remediation, nobody’s solved these issues.” Part of the reason, Bahat added, is that it’s a very manual process, and it’s a complicated one because of the volume of problems that arise in a typical network.
“All the security tools are really focused on visibility and detection and giving you what’s wrong, what’s wrong, what’s wrong. So much is wrong,” she said. “Some of the organizations I work with, they might find millions and unserved and unsolved vulnerabilities.” One customer had as many as 1.2 billion vulnerabilities identified in its network.
There are a number of other players in remediation out there, including big security platforms. The breakthrough that Dazz has come up with is that it’s built the technology to detect those vulnerabilities across multiple cloud architectures and environments (it describes this as “unified” remediation). It’s also created an AI-powered automation layer that then prioritizes the problems, identifies what are vulnerabilities that are near active work, and which are sitting dormant, so that security teams organize their work more effectively.
Bahat notes that while in the past remediation efforts might have just addressed around 10% of vulnerabilities (hopefully the most alarming), Dazz’s approach can hit more like 50-80%.
Companies like Wiz have definitely benefited from the current trend among enterprises to procure IT from fewer “one-stop shop” providers. But there is an argument still to have point solutions for certain functions, and Dazz and its investors believe remediation is one of those areas, especially when the so-called “single pane of glass” can address all of the assets of a company, regardless of whether they are in the cloud or on premises.