Full Report
We can’t wait to see many of you at RSA Conference 2022 in San Francisco, June 6-9. Check out a demo at our booth, attend a Wiz speaking session, or unwind at our SFMOMA party!
Analysis Summary
# Industry News: Wiz Highlights Aggressive Presence at First RSA Conference Appearance
## Summary
Wiz, a rapidly growing cloud security vendor founded in 2020, is making a significant debut at the RSA Conference (RSAC), sponsoring the event, participating in multiple high-profile sessions, and co-hosting industry gatherings. This aggressive marketing posture underscores their commitment to leadership in cloud security visibility and is strategically framed around ongoing research into critical cloud vulnerabilities, positioning them as thought leaders challenging current security paradigms.
## Key Details
- Date: Leading up to and during RSAC (Approx. June 4-10, 2022 context)
- Companies Involved: Wiz, Cloud Security Alliance (CSA), ViacomCBS, Snyk, Salt, Bright Security, BigID.
- Category: Event Participation/Thought Leadership Campaign
## The Story
Wiz is leveraging its first RSA Conference appearance to engage customers, prospects, and the broader security community by sponsoring both RSAC and the community-focused BSidesSF event. Their participation is heavily weighted toward technical thought leadership, showcasing research findings (ChaosDB, OMIGOD, ExtraReplica) that exposed critical vulnerabilities in major cloud environments like Azure. Key activities include co-founder Ami Luttwak speaking on simplifying complex cloud estates, and a public call-to-action session advocating for a centralized "Cloud Vulnerability Database" to augment the broken CVE model. Furthermore, Wiz is heavily involved in social events, co-hosting gatherings with other major security vendors like Snyk and Salt, solidifying their position within the ecosystem.
## Business Impact
### For the Companies Involved
- **Wiz:** High visibility positioning for a relatively young company, allowing direct engagement with Fortune 500 customers and prospects during a critical industry event. Showcasing research validates their platform's depth of visibility and threat detection capabilities. Co-hosting parties promotes strong peer-to-peer and customer relations.
- **CSA/ViacomCBS:** Collaboration on the "Cloud Vulnerability Database" discussion lends credibility to Wiz's technical arguments and elevates Wiz's standing as an industry influencer.
### For Competitors
- Competitors in the Cloud Security Posture Management (CSPM) and Cloud Native Application Protection Platform (CNAPP) space face intensified pressure to match Wiz’s narrative control and visibility into supply chain/built-in cloud vulnerabilities.
### For Customers
- Customers gain direct access to Wiz experts for demos and strategic discussions around complex cloud visibility. The research demonstrations reinforce the need for comprehensive tooling like Wiz to uncover hidden risks within cloud provider infrastructure layers.
### For the Market
- The focus on the shortcomings of the CVE model concerning cloud middleware and agents reinforces the market shift toward platform solutions capable of deep, cross-account, contextualized analysis, benefiting established CNAPP leaders.
## Technical Implications
Wiz is primarily highlighting findings related to vulnerabilities in cloud service provider built-in VM agents (e.g., OMIGOD) and cross-account database exposures (ExtraReplica). This emphasizes the critical need for security tools that extend visibility beyond customer-deployed assets into the underlying cloud control plane and shared responsibility model gray areas. Their proposed solution—an open-source cloud middleware vulnerability database—suggests a push toward greater vendor transparency and standardized risk disclosure in the cloud ecosystem.
## Strategic Analysis
- **Market Positioning:** Wiz is solidifying its position as a leading innovator and deep-dive security researcher in the cloud security domain, moving beyond standard compliance checks into critical infrastructure vulnerability discovery.
- **Competitive Advantage:** Their research output (ChaosDB, OMIGOD) provides tangible proof points that differentiate their platform's diagnostic capabilities from competitors reliant solely on API assessments. Early attendance at RSAC reinforces their rapid maturity and market seriousness.
- **Challenges:** Sustaining this high level of groundbreaking research is operationally demanding. They must translate research findings into concrete, actionable product features rapidly to maintain market momentum.
## Industry Reactions
- **Analyst Opinions:** Analysts likely view this multi-faceted approach (sponsorship, technical sessions, social engagement) as the hallmark of a major, high-growth cybersecurity vendor executing a strong go-to-market strategy at a flagship event.
- **Expert Commentary:** Security experts will pay close attention to the proposed mandate for a "Cloud Vulnerability Database," signaling a potential, necessary evolution in vulnerability management outside traditional scope.
- **Market Response:** High vendor engagement at RSAC often drives purchasing decisions; Wiz’s presence is intended to capture mindshare during the peak buying/evaluation season.
## Future Outlook
- **Predictions and Expectations:** Wiz is expected to convert significant RSAC engagement into pipeline acceleration, possibly leading to further large funding rounds or increased deal velocity.
- **What to watch for:** The actual industry response to the call for a third-party Cloud Vulnerability Database will determine whether this becomes a major industry standard debate post-conference.
## For Security Professionals
Security practitioners attending RSAC should prioritize Wiz’s technical sessions to understand the latest attack surface areas relating to cloud provider agents and cross-account risks. Engaging with Wiz researchers can provide advance warning regarding critical vulnerabilities impacting Azure and future findings, which is vital for shifting from reactive remediation to proactive cloud hardening.