Tenable acquires cloud security startup Accurics for $160M – TechTarget

Tenable has agreed to acquire cloud-native security startup Accurics for $160 million in cash.

The agreement, which was announced Monday, will expand the vulnerability management’s platform into securing the cloud with infrastructure as code (IaC) offerings. Founded in 2019, Accurics aims to assist enterprises and security teams by codifying security throughout the development lifecycle. As part of that goal, the Pleasanton, Calif.-based vendor which has under 100 employees, developed Terrascan, an open source tool for DevOps that contributes to cloud IaC practices.

Piyush Sharrma, co-founder and CEO at Accurics, told SearchSecurity that with Tenable, they will pioneer a new approach to modern risk management. That includes proactive identification, prioritization and remediation of software flaws before deployment in cloud native and hybrid environments.

The deal is expected to close late in the third quarter or early in the fourth quarter of 2021.

Glen Pendley, Tenable’s deputy CTO, said the acquisition will be Tenable’s first expansion into securing IaC, which has seen a rise in popularity recently.

“To support this movement, cybersecurity needs to innovate with Security as Code,” Pendley said in an email to SearchSecurity. “By holistic assessment, we’re referring to providing visibility into flaws in cloud resources before, during and after deployment throughout their entire lifecycle.”

Monitoring for vulnerabilities in the cloud can be tricky. One concern comes with the IaC templates. Doug Cahill, vice president and group director of cybersecurity at Enterprise Strategy Group (ESG), a division of TechTarget, said modern, cloud-native applications are increasingly defined in a declarative manner via IaC templates. However, those templates can result in misconfigurations being inadvertently introduced into production environments creating exploitable attack paths.

“As such, scanning IaC templates pre-deployment helps prevent vulnerable configurations from being deployed, a DevSecOps use case 48% of ESG research respondents intend to implement over the next 12-24 months,” Cahill said in an email to SearchSecurity. “Tenable’s acquisition of Accurics extends the company’s approach to vulnerability management to the pre-deployment stage as well as to configurations.”

Jon Oltsik, senior principal analyst a ESG, said the move is another step toward Tenable’s attempt to provide full coverage across risk identification and mitigation. While traditionally, Tenable’s vulnerability management covers physical and virtual infrastructure, it’s made a few investments to extend this coverage to the cloud and containers.

For example, Tenable acquired Alsid in April for just under $100 million in order to secure Active Directory environments. In 2019, Tenable acquired operational technology (OT) vendor Indegy which led to an integration for cloud-based vulnerability management.

“Ultimately, Tenable wants to provide organizations with a dashboard that not only provides visibility of assets and risks, but also helps quantify risk and suggest risk mitigation priorities.  Tenable is willing to invest in areas to make this vision a reality,” Oltsik said in an email to SearchSecurity.


Leave a Reply

This website uses cookies. By continuing to use this site, you accept our use of cookies.