Skip to main content

Tenable Increases Focus on Cloud Security With Agreement to Acquire CNAPP Vendor Ermetic

Written by Customer Service on . Posted in Mergers And Acquisitions.

Acquisition expands Tenable’s capabilities to unify visibility, assessment and remediation across infrastructure and identities both in the cloud and on-premises

COLUMBIA, Md., Sept. 07, 2023 (GLOBE NEWSWIRE) — Tenable Holdings, Inc. (“Tenable”) (Nasdaq: TENB), the Exposure Management company, today announced that it has signed a definitive agreement to acquire Ermetic Ltd. (“Ermetic”), a fully integrated cloud-native application protection platform (CNAPP) company, and a leading provider of cloud infrastructure entitlement management (CIEM). Tenable intends to integrate these capabilities into its Tenable One Exposure Management Platform to deliver market-leading contextual risk visibility, prioritization and remediation across infrastructure and identities, both on-premise and in the cloud.

Ermetic’s CNAPP delivers in-depth contextual analysis in simple terms and reveals toxic combinations, such as privileged access to publicly-exposed vulnerable workloads. Seamlessly combining Ermetic’s insights into Tenable One will extend Tenable’s offerings for hybrid environments.

In the public cloud, identities and entitlements are the greatest risk to cloud infrastructures and one of the hardest problems to solve. In fact, according to the 2022 Top Cloud Threats report by the Cloud Security Alliance, security experts cite identity-based threats as the top cloud security issue they face. Cloud complexity – including identity sprawl and layers of policies that often change – makes understanding access risk and permissions extremely difficult.

Expanding Tenable’s cloud security offering with Ermetic’s unified, multi-cloud CNAPP and industry-leading CIEM will give security teams context and prioritization guidance to make efficient and accurate remediation decisions. The highly-intuitive user interface will make it easy for security professionals of all cloud expertise levels to spot and quickly address risks. This approach solves a key industry challenge – managing an increasing volume of security data while contending with a massive skills gap in cybersecurity. With clear remediation instructions provided, security teams will no longer need to be cloud security experts to understand where the most urgent risks exist and what to do about them.

“We will have an opportunity to put additional market-leading cloud security capabilities into the hands of tens of thousands of customers,” said Amit Yoran, chairman and chief executive officer, Tenable. “Together, we will be able to deliver a holistic view of the modern attack surface and help organizations reduce exposure and risk, using identity as an essential foundation.”

The unique combination of Tenable and Ermetic will give customers:

  • Unified CNAPP – a unified and agentless solution that automates asset discovery, risk analysis, accelerated remediation and compliance. From shift-left Infrastructure as Code security to agent-based and agentless assessment for runtime environments, broad CNAPP capabilities will be delivered via an elegant user experience that minimizes complexity and speeds adoption.
  • Powerful CIEM – a comprehensive solution for managing human and service identities for cloud infrastructure. It visualizes all identities and entitlements, using automated analysis to reveal and prioritize risks.
  • Context-aware risk prioritization – context across all cloud and on-premises resources, including workloads, identities and data. Enhanced exposure management will extend visibility across the hybrid, multi-cloud attack surface.
  • Simplified remediation – guidance on and automation of the remediation process that enables organizations to make rapid improvements in their security posture.

“The combination of Tenable’s rich exposure management data and Ermetic’s cloud solutions will provide unprecedented levels of actionable visibility and value. It will remove the complexity that makes managing cloud environments so challenging,” said Shai Morag, CEO and co-founder, Ermetic. “Tenable’s massive install base of customers will enable us to introduce more organizations to the benefits of context-aware risk prioritization to solve problems before they manifest.”

Founded in 2019, Ermetic is a leader in CIEM and identity centric unified cloud security platform capabilities. The company serves organizations of all sizes, including Fortune 50 companies, to mitigate access risk, secure cloud data, ensure compliance and accelerate organizational security efforts.

Under the terms of the agreement, Tenable will acquire Ermetic for approximately $240 million in cash and $25 million in restricted stock and RSUs, subject to customary purchase price adjustments. The acquisition is expected to close early in the fourth quarter 2023, subject to customary closing conditions. Tenable expects to fund the cash portion of the purchase price with existing cash.

Ermetic’s financial results in the fourth quarter 2023 are not expected to materially contribute to revenue or calculated current billings and are expected to increase non-GAAP operating expenses by $4-$6 million. Unlevered free cash flow in the fourth quarter is expected to be reduced by $14-$16 million, which includes $10-$12 million of acquisition-related costs and forgone interest income.

For more information about the announcement, visit the Investor FAQ page. Tenable also shares news and updates on its Investor Relations website at investors.tenable.com, which may be of interest or material to Tenable investors.

About Tenable
Tenable® is the Exposure Management company. Approximately 43,000 organizations around the globe rely on Tenable to understand and reduce cyber risk. As the creator of Nessus®, Tenable extended its expertise in vulnerabilities to deliver the world’s first platform to see and secure any digital asset on any computing platform. Tenable customers include approximately 60 percent of the Fortune 500, approximately 40 percent of the Global 2000, and large government agencies. Learn more at tenable.com.

Forward-Looking Statements
This press release contains forward-looking information related to Tenable, Ermetic and the potential acquisition that involves substantial risks, uncertainties and assumptions that could cause actual results to differ materially from those expressed or implied by such statements. You can generally identify forward-looking statements by the use of forward-looking terminology such as the words: “anticipate,” “believe,” “continue,” “could,” “estimate,” “expect,” “explore,” “evaluate,” “intend,” “may,” “might,” “plan,” “potential,” “predict,” “project,” “seek,” “should,” or “will,” or the negative thereof or other variations thereon or comparable terminology. The forward-looking statements in this press release are based on each of the companies’ current plans, objectives, estimates, expectations and intentions and inherently involve significant risks and uncertainties, many of which are beyond Ermetic’s or Tenable’s control. Forward-looking statements in this communication include, among other things, statements about the potential benefits of the acquisition and product developments and other possible or assumed business strategies, anticipated financial impact of the acquisition, potential growth opportunities, new products and potential market opportunities and the anticipated timing of the closing of the acquisition. Risks and uncertainties include, among other things, our ability to successfully integrate Ermetic’s operations; our ability to implement our plans, forecasts and other expectations with respect to Ermetic’s business; our ability to realize the anticipated benefits of the acquisition, including the possibility that the expected benefits from the acquisition will not be realized or will not be realized within the expected time period; our ability to consummate the transaction pursuant to the terms and in accordance with the timing described in this press release; disruption from the acquisition making it more difficult to maintain business and operational relationships; the inability to retain key employees; the negative effects of the consummation of the acquisition on the market price of our common stock or on our operating results; unknown liabilities; attracting new customers and maintaining and expanding our existing customer base; our ability to scale and update our platform to respond to customers’ needs and rapid technological change, increased competition on our market and our ability to compete effectively, and expansion of our operations and increased adoption of our platform internationally.

Additional risks and uncertainties that could affect our financial results are included in the section titled “Risk Factors” and “Management’s Discussion and Analysis of Financial Condition and Results of Operations” in our Annual Report on Form 10-K for the year ended December 31, 2022, our Quarterly Report on Form 10-Q for the quarter ended June 30, 2023 and other filings that we make from time to time with the Securities and Exchange Commission (SEC) which are available on the SEC’s website at www.sec.gov. In addition, any forward-looking statements contained in this communication are based on assumptions that we believe to be reasonable as of this date. Except as required by law, we assume no obligation to update these forward-looking statements, or to update the reasons if actual results differ materially from those anticipated in the forward-looking statements.

Contact information

Investor Relations
investors@tenable.com

Media Relations
tenablepr@tenable.com

Disclaimer & Cookie Notice

Welcome to GOLDEA services for Professionals

Before you continue, please confirm the following:

Professional advisers only

I am a professional adviser and would like to visit the GOLDEA CAPITAL for Professionals website.

Important Notice for Investors:

The services and products offered by Goldalea Capital Ltd. are intended exclusively for professional market participants as defined by applicable laws and regulations. This typically includes institutional investors, qualified investors, and high-net-worth individuals who have sufficient knowledge, experience, resources, and independence to assess the risks of trading on their own.

No Investment Advice:

The information, analyses, and market data provided are for general information purposes only and do not constitute individual investment advice. They should not be construed as a basis for investment decisions and do not take into account the specific investment objectives, financial situation, or individual needs of any recipient.

High Risks:

Trading in financial instruments is associated with significant risks and may result in the complete loss of the invested capital. Goldalea Capital Ltd. accepts no liability for losses incurred as a result of the use of the information provided or the execution of transactions.

Sole Responsibility:

The decision to invest or not to invest is solely the responsibility of the investor. Investors should obtain comprehensive information about the risks involved before making any investment decision and, if necessary, seek independent advice.

No Guarantees:

Goldalea Capital Ltd. makes no warranties or representations as to the accuracy, completeness, or timeliness of the information provided. Markets are subject to constant change, and past performance is not a reliable indicator of future results.

Regional Restrictions:

The services offered by Goldalea Capital Ltd. may not be available to all persons or in all countries. It is the responsibility of the investor to ensure that they are authorized to use the services offered.

Please note: This disclaimer is for general information purposes only and does not replace individual legal or tax advice.