The Expert's View with Michael Novinson

Cloud Security , Cloud-Native Application Protection Platform (CNAPP) , Security Operations

From $8.3B to $200M: Why Lacework Is Examining a Sale to Wiz

Lacework Got the Largest Funding Round in Cyber History. Now, It's Eyeing the Exits
From $8.3B to $200M: Why Lacework Is Examining a Sale to Wiz

The economic downturn has been cruel to many late-stage cyber startups, but none more so than cloud protection provider Lacework.

The four dozen security vendors who achieved a valuation of more than $1 billion during the COVID-era boom have been forced to reckon with a radically different investment thesis that penalizes startups for running massive losses on small amounts of revenue. As a result, three previously minted cybersecurity unicorns have or are expected to shed their horns.

New York-based security service edge vendor Perimeter 81 went from a $1 billion valuation in June 2022 to being sold to Silicon Valley-based platform security vendor Check Point for $490 million in September 2023. Similarly, San Jose-based API protection startup Noname Security achieved a $1 billion valuation in December 2021 and is now expected to be sold to Akamai for just $500 million, TechCrunch reported.

Boston-based endpoint security vendor Cybereason received a deeper markdown than Perimeter 81 and Noname Security, with its valuation falling from $3 billion in July 2021 to just $300 million in April 2023, when SoftBank became its largest stakeholder. Cybereason has carried out three rounds of layoffs since June 2022, reducing the size of the company's workforce by 40% and axing founding CEO Lior Div.

But even that markdown pales in comparison to San Jose-based Lacework, which in November 2021 raised $1.3 billion on an $8.3 billion valuation, making it the third-most valuable venture-backed cybersecurity firm in the world. Less than 30 months later, Lacework is a shell of its former self, with huge C-suite turnover, headcount down 35% from its June 2022 peak, and now, a whopping 98% reduction in its valuation (see: Lacework Announces Layoffs 6 Months After Raising $1.3B).

Why Wiz and Lacework Could Be a Promising Pair

The Information, Calcalist and TechCrunch all reported Thursday that New York-based cloud security phenom Wiz is in advanced negotiations to buy Lacework for between $150 million and $200 million. The companies recently signed a letter of intent and are now in the midst of a comprehensive due diligence process, after which a decision will be made on whether the acquisition will go through, according to Calcalist.

While the financial picture isn't pretty for top Lacework backers Sutter Hill Ventures, Altimeter Capital, D1 Capital Partners and Tiger Global Management, they are expected to get back more than 2 cents on every dollar they invested into the company. That's because Lacework still has $800 million in cash reserves sitting around from earlier funding rounds, which Calcalist said will be given back to investors.

"We recognize that consolidation is the future of the security industry and therefore are actively engaged in discussions with companies across the industry," a Wiz spokesperson told Information Security Media Group in an emailed statement. "We are always exploring compelling M&A opportunities that will enhance both our technological capabilities and business expansion."

Acquiring Lacework certainly represents a business expansion opportunity for Wiz since virtually no customer overlap exists between the cloud native application protection platform rivals, Calcalist and The Information reported. Lacework's 600 customers are primarily small and medium businesses, while Wiz has more large enterprise customers. Lacework didn't respond to an ISMG request for comment.

And from a technological perspective, both Wiz and Lacework take different approaches to safeguarding cloud workloads. Wiz has traditionally taken an agentless approach, and adoption of the firm's agent-based workload protections has been lagging, according to Forrester, which ranked Wiz as the fourth-strongest cloud workload security vendor behind only CrowdStrike, Palo Alto Networks and Microsoft.

In contrast, Lacework received the lowest scores of the 13 vendors evaluated in the January 2024 cloud workload security Forrester Wave. Forrester said Lacework's agent-based protection, container runtime and orchestrator protections are on par, but lag rivals in CIEM, reporting and auditing. Lacework's $100 million in annual recurring revenue pales in comparison to Wiz, which hit $350 million ARR in February.

What Went Wrong at Lacework

It's been a rocky road for Lacework since closing the largest funding round in security industry history in November 2021. Six months after the monster Series D funding round, Lacework laid off 20% of its staff in a bid to strengthen the company's balance sheet. Then in summer 2022, President and Chief Revenue Officer Andy Byron - who spearheaded all of Lacework's go-to-market functions since 2019 - departed.

Lacework's CRO responsibilities on an interim basis went to David Hatfield, who joined the company as CEO in February 2021 and became co-CEO in August 2021 after the addition of Facebook engineering head Jay Parikh. But in October 2022, Hatfield left the company, with Parikh telling staff, "Now is the time to unify the company under one leader." Parikh remains the sole CEO of Lacework (see: Lacework Co-CEO David Hatfield Out 4 Months After Layoffs).

Parikh spoke with ISMG in February 2023 about Lacework's new attack path analysis tool, which helps organizations understand the havoc specific threats could wreak within their cloud infrastructure. "Our data-driven approach here really drives efficiency and effectiveness for these teams so they can prioritize what they should focus their time on to understand and remediate different areas of risk" (see: Lacework CEO on How to Prioritize Cloud Infrastructure Risks).

But these investments failed to prevent continued brain drain at Lacework. After holding headcount steady between 975 and 1,025 employees between September 2022 to August 2023, the company's workforce has shrunk by nearly 24% over the past eight months despite never formally disclosing any layoffs.

That's in marked contrast to Wiz, which has nearly tripled its workforce to 1,224 employees during the timeframe when Lacework shrunk its headcount by 35%. Wiz has also made its first two acquisitions in company history since December, scooping up cloud-based development platform Raftt for as much as $50 million and - earlier this month - cloud detection and response firm Gem Security for $350 million.

Would making Lacework its third-ever acquisition be the charm for Wiz?

Unlike its last two trips to the M&A well, Wiz this time around would have a major turnaround project on its hands.

But if Wiz is successful, obtaining 600 customers and nearly $100 million in annual recurring revenue for just $200 million would be a massive steal.

About the Author

Michael Novinson

Michael Novinson

Managing Editor, Business, ISMG

Novinson is responsible for covering the vendor and technology landscape. Prior to joining ISMG, he spent four and a half years covering all the major cybersecurity vendors at CRN, with a focus on their programs and offerings for IT service providers. He was recognized for his breaking news coverage of the August 2019 coordinated ransomware attack against local governments in Texas as well as for his continued reporting around the SolarWinds hack in late 2020 and early 2021.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.