The Fastest-Growing Category in Enterprise Technology
Cybersecurity has produced some of the most remarkable value creation outcomes in venture capital history, and the pace of that value creation has been accelerating, not decelerating. Three companies that reached landmark valuations in the 2021–2023 period illustrate both how quickly category leadership can be established and how much of the market remains open for the next generation of founders. Wiz, the cloud security platform founded in 2020, reached a $10 billion valuation in just three years, becoming one of the fastest companies in history to achieve that milestone. Snyk, which built its developer-first security platform on the insight that security should be embedded in the software development workflow rather than bolted on after the fact, reached an $8.5 billion valuation in 2021. Orca Security, which introduced an agentless approach to cloud workload protection, raised at a $550 million valuation in 2022 and established itself as a leading alternative to the legacy agent-based endpoint security model in cloud environments.
CrowdStrike, which went public in 2019 and has since grown into a multi-billion-dollar revenue business, demonstrated that the endpoint security category was far from mature at the time of its IPO and that a genuinely superior architectural approach—cloud-native, AI-driven, unified across the protection stack—could produce extraordinary returns even in a market that appeared crowded. Together, these outcomes define a playbook that serious Seed investors in cybersecurity should understand deeply. This piece examines what each company got right, what the outcomes mean for the current generation of Seed opportunities, and where DataInx believes the most compelling investment theses sit for the next several years.
Wiz: The Cloud Visibility Bet That Paid Off Spectacularly
Wiz was founded in January 2020 by Assaf Rappaport and three colleagues, all of whom had previously built and sold Adallom, a cloud access security broker, to Microsoft for $320 million in 2015. They had spent four years inside Microsoft helping build Azure Security Center, which gave them an unusually clear view of the structural gaps in enterprise cloud security. When they left to start Wiz, they were building from a position of domain knowledge that few founding teams in cybersecurity have ever possessed.
The insight behind Wiz was not that cloud security was unsolved—there were dozens of cloud security vendors by 2020—but that the existing approaches were architecturally mismatched with how cloud infrastructure actually operates. Agent-based security tools, which require software to be installed on every workload being monitored, work reasonably well in static, on-premise environments where the set of machines to protect is known and relatively stable. In cloud environments, where workloads are spun up and torn down continuously, containers are ephemeral, serverless functions execute in milliseconds, and infrastructure is defined as code, the agent model creates operational complexity that security teams found increasingly difficult to manage.
Wiz built an agentless architecture that read cloud environment configurations and workload states directly through the cloud provider's APIs, without requiring any agent installation. The result was a platform that could achieve complete visibility across an entire cloud environment in hours, rather than the weeks or months that agent-based deployments typically required in large enterprises. More importantly, Wiz built a risk prioritization engine that could correlate vulnerabilities, misconfigurations, exposed credentials, and network exposure paths to identify the specific attack vectors that posed the highest actual risk, rather than overwhelming security teams with undifferentiated vulnerability lists.
The go-to-market execution was equally impressive. Wiz built a product that could demonstrate its value in a live customer environment in under an hour. Security teams that connected their cloud accounts could see a comprehensive risk view of their entire environment within a day. This demo-ability created a sales motion that moved unusually fast for enterprise security, where evaluation cycles often extend to six months or more. Wiz reportedly reached $100 million in annual recurring revenue faster than any enterprise software company in history—in eighteen months—driven by a combination of architectural superiority and a product experience that made the value proposition immediately tangible.
The fastest path to enterprise security contracts is a product that makes the customer's current risk posture visible in a live environment before the meeting is over. Wiz proved this more dramatically than any company in recent memory.
By 2023, Wiz had reached a $10 billion valuation and was reportedly on track for revenues that would place it among the largest cybersecurity companies of its generation. The outcome reflects what happens when a genuinely superior architecture meets a market that is large, structurally underserved, and experiencing rapid growth driven by factors—cloud adoption, infrastructure complexity, regulatory pressure—that show no sign of abating.
Snyk: Developer-First Security as a Category Thesis
Snyk was founded in 2015 on a thesis that felt counterintuitive to most security incumbents at the time: that the most effective way to reduce software vulnerabilities was not to scan finished applications or monitor production infrastructure, but to embed security tooling in the development workflow itself, so that developers could identify and fix vulnerabilities in the code they were writing before it ever reached production.
The incumbent approach to application security in 2015 was dominated by tools that ran against compiled code or deployed applications—static application security testing tools, dynamic application security testing tools, and web application firewalls that attempted to block attacks against already-deployed code. These tools produced long lists of vulnerabilities that were difficult to prioritize, hard to fix because the context of the original development was lost, and chronically ignored by development teams that did not feel ownership over security outcomes. The security team owned the tool; the development team owned the code. The gap between them was where vulnerabilities lived.
Snyk's approach was to build security tooling that developers actually wanted to use—tooling that integrated into the editors, version control systems, and CI/CD pipelines where developers already worked, provided actionable fix guidance rather than just vulnerability reports, and measured success by fix rate rather than detection rate. The first product focused on open-source dependency vulnerabilities, which represented a massive and growing attack surface as modern applications became increasingly composed of open-source components. Snyk built a database of open-source vulnerabilities, integrated it into the GitHub pull request workflow, and gave developers the ability to identify and remediate vulnerable dependencies without leaving the development environment.
The growth was driven almost entirely by developer adoption. Snyk offered a free tier for individual developers and small teams, which created a distribution channel that traditional security vendors—who sold exclusively through enterprise procurement—could not easily replicate. Individual developers adopted Snyk, found it genuinely useful, and advocated for it within their organizations. When the enterprise sales conversation began, the champion was typically a senior engineer or engineering manager who had used the product personally and was making the case on the basis of direct experience rather than vendor marketing.
By the time Snyk raised at an $8.5 billion valuation in 2021, it had expanded from open-source dependencies into container security, infrastructure-as-code security, and code security, building a unified developer security platform that addressed the full range of security concerns that modern development teams face. The expansion reflected a strategic insight that is worth studying carefully: a product that earns deep trust within a specific workflow can expand across the adjacent workflows that the same user base performs, without losing the developer-first positioning that created the initial adoption advantage.
Orca Security: Agentless Architecture and the Cloud Workload Market
Orca Security was founded in 2019 by Avi Shua and Gil Geron, both veterans of the Israeli intelligence and cybersecurity community, with a specific architectural bet: that the cloud workload protection market was dominated by agent-based approaches that were fundamentally misconfigured for cloud-native environments, and that an agentless architecture built around reading cloud storage snapshots could provide equivalent or superior security visibility with a fraction of the operational complexity.
The Orca approach, which the company called SideScanning, involved reading virtual machine disk snapshots directly from the cloud provider's storage layer, without installing any software on the workload being analyzed. By analyzing the filesystem, installed packages, running processes, and configuration state captured in the snapshot, Orca could identify vulnerabilities, misconfigurations, malware, and sensitive data exposures across an entire cloud environment without any agent deployment. The approach had significant advantages: no performance impact on production workloads, no installation friction, complete coverage including workloads where agent installation was impractical, and the ability to analyze workloads that were shut down or part of historical snapshots.
The timing was well-calibrated. In 2019, enterprise cloud adoption had reached the point where the operational limitations of agent-based cloud security tools were becoming genuinely painful for large security teams. Cloud environments were growing faster than security teams could deploy and manage agents. The configuration management required to maintain agent coverage across dynamic cloud infrastructure was consuming a disproportionate share of security engineering capacity. Orca's pitch—complete cloud security visibility in hours, with zero agents—resonated immediately with the security teams that were most frustrated with the incumbent operational model.
Orca's $550 million funding round in 2022, which valued the company at approximately $1.8 billion, reflected both its revenue traction and its strategic position in a market that was growing rapidly as enterprise cloud adoption continued to accelerate. The company had established itself as the leading alternative to the traditional agent-based cloud workload protection platforms, and its unified risk view—correlating vulnerabilities, misconfigurations, identity risks, and sensitive data exposure across the full cloud environment—was positioning it to expand from cloud security into the broader cloud-native security platform market.
CrowdStrike: Proving That Architecture Beats Brand in Endpoint Security
CrowdStrike's public market journey offers a different but complementary perspective on what creates durable value in cybersecurity. When CrowdStrike went public in 2019, the endpoint security market was widely regarded as one of the most mature and defensible segments of the cybersecurity industry. Symantec, McAfee, and Trend Micro had decades of brand recognition, massive installed bases, and deeply entrenched distribution relationships. The conventional wisdom was that the endpoint security market was essentially locked up.
CrowdStrike's thesis was that the conventional wisdom was wrong, because the incumbent architecture was wrong. Legacy endpoint security products were built around signature databases—lists of known malware fingerprints that were updated periodically and checked against files on protected machines. The approach worked adequately against known threats in an era when malware evolved slowly. It was entirely inadequate against the sophisticated, fileless, and polymorphic attacks that characterized the threat landscape by the mid-2010s. No signature database could keep pace with adversaries who could modify their attack tools faster than the databases could be updated.
CrowdStrike built a cloud-native, AI-driven endpoint protection platform that combined lightweight agents—much smaller and less resource-intensive than incumbent products—with a cloud-based analytics engine that processed behavioral telemetry from every protected endpoint to identify attack patterns in real time. The architecture enabled capabilities that signature-based products could not match: detection of novel threats based on behavioral indicators, correlation of activity across endpoints to identify coordinated attacks, and threat hunting capabilities that allowed security analysts to proactively search for attacker activity rather than waiting for alerts.
The post-IPO growth of CrowdStrike was extraordinary. From its 2019 IPO through 2022, the company grew from approximately $250 million in annual recurring revenue to over $2 billion, while maintaining strong net revenue retention as customers expanded their deployments across additional Falcon modules. The outcome demonstrated that even in a market where incumbents have deep relationships and substantial resources, a genuinely superior architecture—one that addressed the actual threat landscape rather than the threat landscape of ten years earlier—could displace the installed base.
Common Threads: What These Outcomes Share
Examining Wiz, Snyk, Orca Security, and CrowdStrike together, several patterns recur that inform DataInx's cybersecurity investment thesis at the Seed stage.
Architectural Transitions Create Category Opportunities
Every one of these companies built at a moment when a structural shift in the attack surface—the move to cloud infrastructure, the growth of open-source software dependencies, the evolution of sophisticated nation-state adversaries—had rendered the incumbent architectural approach inadequate. The opportunity in each case was not to build a better version of what existed, but to build a new category of product that was architecturally suited to the actual threat environment. At DataInx, we are specifically looking for founders who can identify the moments at which current architectural approaches are being overtaken by evolving attacker techniques or infrastructure patterns.
Security Buyers Reward Operational Simplicity
Wiz and Orca both achieved rapid enterprise adoption in part because their agentless architectures dramatically reduced the operational burden on security teams that were already chronically understaffed. Snyk achieved developer adoption because it reduced the friction between security visibility and remediation. CrowdStrike's lightweight agent replaced incumbent products that were often cited as a significant source of endpoint performance degradation. The pattern is consistent: in enterprise security, reducing the operational cost of achieving strong security posture is itself a powerful go-to-market advantage. A product that demonstrably simplifies the security team's life will earn trials and expansions that a better but more complex product will not.
Platform Expansion Is the Revenue Story
None of these companies remained focused on their initial product category. CrowdStrike expanded from endpoint protection to threat intelligence, identity protection, cloud security, and managed detection and response. Snyk expanded from open-source vulnerability management to container security, infrastructure-as-code, and code security. Wiz is expanding from cloud configuration risk management to data security posture management and cloud detection and response. The pattern is that a strong initial product earns the right to expand across adjacent security categories that the same customer base needs, producing the net revenue retention dynamics that make enterprise security businesses so valuable.
Community and Developer Adoption Compound
Snyk's developer-first distribution model created a community of practitioners who were advocates before they were enterprise buyers. The Wiz founding team's reputation within the cloud security community—built through their prior company and their work at Microsoft—accelerated enterprise trial cycles significantly. Security markets have strong information-sharing cultures; practitioners talk to each other about what works, attend the same conferences, and participate in the same online communities. Products that earn genuine respect from practitioners benefit from word-of-mouth distribution that traditional enterprise sales cannot replicate.
Where Seed Capital Should Go Next
The success of the companies profiled here does not mean the cybersecurity Seed opportunity is diminishing. It means the category creation opportunities are migrating to the next generation of architectural challenges and attack surface expansions. DataInx sees several areas where we believe the conditions that produced Wiz, Snyk, and Orca are present again today.
AI-Native Security Operations
The security operations center has been the least-transformed part of enterprise security for most of the past decade. Analysts working with SIEM platforms and SOAR tools still spend the majority of their time triaging alerts, correlating events manually, and following playbooks that require substantial human judgment at each step. Large language models and multimodal AI are beginning to change this, but the infrastructure for AI-native security operations—data pipelines optimized for security telemetry, context management systems that can maintain the state of an ongoing investigation, decision support systems that can explain their reasoning to analysts—is still largely unbuilt. The founders building this infrastructure today are operating in a market that will be mandatory for large enterprises within three to five years.
Data Security for the AI Era
The deployment of large language models and AI assistants inside enterprise environments is creating a new class of data security risks that current tooling was not designed to address. Employees are sharing sensitive documents with AI systems, AI models are being trained on data that may contain regulated information, and retrieval-augmented generation systems are accessing data sources in ways that bypass traditional access control frameworks. The companies building data security platforms specifically designed for AI-era data access patterns—classification that understands unstructured content, access governance for AI agents, monitoring that can detect inappropriate data use by AI systems—are addressing a need that is urgent and growing rapidly.
Security for the Physical-Digital Convergence
The security perimeter has expanded far beyond the network and the endpoint. Industrial control systems, medical devices, building management systems, and connected vehicles are creating attack surfaces that enterprise security teams are poorly equipped to defend. The tooling for operational technology security, Internet of Things security, and cyber-physical systems security is still highly fragmented, with no clear category leaders in most subsegments. Founders with domain expertise in specific physical-digital security categories—healthcare device security, industrial control system monitoring, smart building security—are building in markets with limited competition, strong regulatory tailwinds, and buyers who have experienced the consequences of inadequate security most acutely.
Identity Security Beyond the Perimeter
Identity has become the primary attack vector in modern enterprise breaches, and the identity security category is evolving rapidly in response. The legacy perimeter of the corporate network no longer exists; employees, contractors, and systems interact with enterprise resources from everywhere, using identities that may be compromised long before the compromise is detected. Next-generation identity security platforms—those that can provide continuous risk assessment of identity behavior, detect credential misuse in real time, and integrate identity risk signals into broader security operations workflows—are operating in a market where the urgency is high and the incumbent solutions are increasingly inadequate.
DataInx's Cybersecurity Investment Approach
DataInx invests at the Seed stage in cybersecurity companies that demonstrate the structural characteristics we have seen in the most successful outcomes: genuine architectural innovation, not incremental improvement; a distribution strategy that builds community trust before building an enterprise sales organization; a product experience that reduces operational burden rather than adding to it; and a platform vision that makes adjacent expansion credible from the initial architecture.
We are particularly interested in founding teams with direct practitioner experience in the security domain they are addressing. The cybersecurity market is one where deep domain knowledge is a genuine competitive advantage—both in building a product that solves the real problem rather than the perceived problem, and in earning the trust of security professionals who are appropriately skeptical of vendors without credible domain credentials. Assaf Rappaport built cloud security infrastructure at Microsoft before building Wiz. The Snyk founders came from developer tool backgrounds. CrowdStrike's founding team included veterans of the intelligence community and McAfee. The pattern is consistent: the best cybersecurity companies are built by people who have lived the problem.
We are also attentive to the regulatory environment, which is an underappreciated driver of cybersecurity market growth. The SEC's cybersecurity disclosure rules, the EU's NIS2 Directive, and emerging AI security regulations are creating compliance obligations that translate directly into security software purchasing decisions. Founders who build products that help enterprises meet specific regulatory requirements—incident reporting, third-party risk management, AI model security auditing—are building against a durable and growing demand driver that is independent of the general threat landscape.
Conclusion: The Next Generation Is Being Built Now
The cybersecurity companies that will define the market of 2030 are being founded today, by teams that have identified the architectural mismatches between current security tooling and the emerging threat landscape and attack surface. The same structural conditions that made Wiz, Snyk, Orca Security, and CrowdStrike possible—rapid infrastructure change creating new attack surfaces, incumbent architectures that were designed for a different threat environment, practitioners who understand the gap between available tooling and actual security needs—are present in each of the areas we have described.
The lesson of the past decade in cybersecurity is that markets which appear crowded to generalist investors are often structurally open to founders who are attacking the right architectural problem at the right moment. Endpoint security appeared saturated before CrowdStrike. Cloud security appeared crowded before Wiz. Developer security appeared niche before Snyk demonstrated the scale of the demand. The companies that will dominate the next generation of cybersecurity are not yet household names. We are looking for the founders building them today.
DataInx Ventures is actively deploying Seed capital in cybersecurity companies across the areas outlined in this piece. If you are a founder building at the architectural frontier of the next generation of enterprise security, we would be glad to hear from you.
