Tenable Completes Acquisition of Accurics
Acquisition delivers programmatic assessment and automated mitigation for infrastructure as code before they become risks to cloud deployments
- As our customers continue their shift to the cloud, they need a holistic view of risk. Moving at cloud speeds, they want to prevent flaws and vulnerabilities before they become an operational risk. Despite investments in traditional Cloud Security Posture Management “CSPM”, cloud breaches continue to threaten businesses and innovation.
- The world is shifting from hardware to virtual machines in the cloud, networks, load balancers, to defining these virtual environments as code and scripts. This “Infrastructure as code”or IaC model allows for automated remediation of flaws in code and generates the same environment every time it is applied into production. IaC solves the problem of “drift” in production and reduces the manual processes that can be hard to track and can contribute to errors.
- Security professionals are looking for cloud native capabilities that enable developers and infrastructure operations to execute at cloud speed and scale. Accurics enables this to happen with enhanced security previously unavailable in traditional compute environments. Tenable is making this investment to remain at the forefront of managing and providing a holistic view of cyber risk as enterprises embrace this new IaC model. Accurics is the connective tissue between security operations and the developers.
- Accurics is pioneering a new approach to securing the cloud by identifying and addressing issues in the code used to rapidly deploy cloud native applications. By integrating security before deployment, organizations easily identify flaws in code and software-defined infrastructure before they turn into breaches. Accurics’ enterprise offering seamlessly connects security to the build process before deployment to address misconfigurations and monitors runtime infrastructure post-deployment for drift. Security teams, in collaboration with operations, will be able to secure infrastructure and innovate with Accurics’ augmented remediation capabilities, generating code to resolve policy violations and mitigate security risks.
- Our best-of-breed strategy is to assess exposure and risk holistically and enable our customers to embrace the power and efficiency of new technologies in risk-managed ways. As we did with Indegy for operational technology (OT) and Alsid for Active Directory, we will continue to integrate purpose-built technologies to address the most critical parts of the attack surface.
- With Accurics, Tenable's coverage expands security capabilities to include holistic assessment and automated remediation of policy violations and breach paths, before the deployment process and throughout their entire lifecycle, given the unique challenges of developing and monitoring cloud infrastructure.
- The acquisition extends Tenable’s broader cloud strategy, helping enterprises secure their full cloud stacks, both at build time and at runtime. Accurics’ solutions will integrate with Tenable.io® Container Security, an industry-leading solution integrating security into DevOps, Frictionless Assessment, which removes the need for agents or scanning to deliver continuous visibility and assessment of cloud assets, and Tenable.io Web Application Scanning, which offers simple, scalable and automated vulnerability scanning for web applications
- No, it is complementary to our current offerings and extends Tenable’s expertise and leadership in risk assessment to include critical cloud infrastructure capabilities. More specifically, it furthers our ability to understand flaws that attackers are most likely to leverage across attack paths, from on-premises to cloud, from infrastructure code to runtime and users across networks. It also continues to expand our definition of an “asset” -- something we’ve done via our previous acquisitions. Indegy added OT devices to the definition of assets, Alsid introduced the notion of end-users and their permissions as assets and now, with Accurics, we consider the IaC scripts as assets as well.
- We are excited to welcome their talented, specialized team of cloud security and infrastructure as code (IaC) professionals. Our intent is to sell the Accurics offerings to address specific use cases and offer a more expansive product in 2022 by integrating this into our other cloud solutions including Tenable.io, Tenable.io Container Security, Frictionless Assessment and Tenable.io Web App Scanning.
- Terrascan, Acurrics’ powerful open-source tool for DevOps, is well known in the grass roots user community, similar to Nessus, and the sales to an enterprise platform is an upsell motion we know well.
- Yes, the decision makers remain at the Security / CISO level. Infrastructure as code does bring DevOps into the buying process in terms of influence, but our traditional security customer is the decision maker. The DevOps team may have exposure to Accurics’ open source product, Terrascan, which is known and trusted in that community in the same way Nessus has helped Tenable. We believe there is a natural evolution for this community to our enterprise platforms.
- Accurics’ packaging is provided on their website. Tenable will sell these capabilities in similar fashion to our other solutions and can be thought of as a per asset or per workload scalable pricing model.
- Under the terms of the agreement, Tenable acquired Accurics for a total purchase price of approximately $160 million in cash, subject to certain customary purchase price adjustments.
- While Accurics is expected to have an immaterial impact on our revenue and CCB for 2021, we will incur incremental operating expenses of approximately $4M for Q4 2021. In addition, free cash flow is expected to be impacted to a slightly lesser extent than OpEx.
- Please feel free to reach out to us at https://investors.tenable.com/investor-resources/contact-ir.
Forward Looking Statements
This Q&A contains forward-looking information that involves substantial risks, uncertainties and assumptions that could cause actual results to differ materially from those expressed or implied by such statements. Forward-looking statements in this communication include, among other things, statements about the potential benefits of the acquisition of Accurics, product developments and other possible or assumed business strategies, anticipated earnings enhancements or potential growth opportunities, anticipated capital expenditures, new products and potential market opportunities. Risks and uncertainties include, among other things, our ability to successfully integrate Accurics’ operations; our ability to implement our plans, forecasts and other expectations with respect to Accurics’ business; our ability to realize the anticipated benefits of the acquisition, including the possibility that the expected benefits from the acquisition will not be realized or will not be realized within the expected time period; disruption from the acquisition making it more difficult to maintain business and operational relationships; the inability to retain key employees; the negative effects of the consummation of the acquisition on the market price of our common stock or on our operating results; unknown liabilities; attracting new customers and maintaining and expanding our existing customer base, our ability to scale and update our platform to respond to customers’ needs and rapid technological change, increased competition on our market and our ability to compete effectively, and expansion of our operations and increased adoption of our platform internationally.
Additional risks and uncertainties that could affect our financial results are included in the section titled “Risk Factors” and “Management’s Discussion and Analysis of Financial Condition and Results of Operations” in our Annual Report on Form 10-K for the year ended December 31, 2020 and other filings that we make from time to time with the Securities and Exchange Commission which are available on the SEC’s website at www.sec.gov. In addition, any forward-looking statements contained in this communication are based on assumptions that we believe to be reasonable as of this date. Except as required by law, we assume no obligation to update these forward-looking statements, or to update the reasons if actual results differ materially from those anticipated in the forward-looking statements.