Tenable is poised to fill vital gaps in its publicity administration platform with its settlement to accumulate Vulcan Cyber.
Tenable stated it was the primary vendor so as to add publicity administration to its vulnerability administration platform when it launched the Tenable One Publicity Administration Platform in 2022. Nonetheless, Tenable’s publicity administration has lacked the power to share telemetry with IT and safety instruments from different distributors. That is the place Vulcan Cyber’s publicity administration providing, which might combine with greater than 100 third-party safety instruments, could make a distinction for Tenable.
“It will give organizations the power to have insights throughout the assault floor, not simply what you level at Tenable but in addition that third-party information,” says Tenable senior VP of merchandise Jason Merrick. “On the finish of the day, our focus right here helps organizations transfer as they’re progressing from vulnerability administration to publicity administration after which gaining that context the place they will make higher choices.”
Including Publicity Administration to Vulnerability Administration
In contrast to vulnerability administration choices which might be designed to find, assess, prioritize, and mitigate threats in IT property, publicity administration considers a company’s cybersecurity posture and performs threat evaluation.
A number of Tenable rivals additionally supply publicity administration as a part of their product portfolios. For instance, CrowdStrike added Publicity Administration to its Falcon XDR platform in 2023, and Microsoft just lately added publicity administration to Microsoft Defender, which notably consists of third-party connectors. On the identical day Tenable introduced its Vulcan Cyber plans, publicity administration platform supplier CYE acquired Solvo.
Omdia analyst Andrew Braunberg believes Vulcan Cyber will convey wanted options to Tenable One which its rivals are actually touting.
“Whereas Tenable has been speaking about publicity administration for so long as anybody, it nonetheless typically has the texture of an outdated legacy vulnerability administration firm,” Braunberg says. “Vulcan has all the time seen publicity administration as the place the market was headed and has taken an impressively open method to pulling in asset and publicity information and dealing to broadly help remediation, orchestration, and automation.”
Tenable’s Merrick acknowledges that Microsoft’s licensing mannequin with its M365 E3 and E5 plans give Microsoft a bonus.
“They’ll throw loads of free stuff at this, and there are lots of organizations which might be Microsoft-only retailers,” he says. “CrowdStrike, too, is rising and increasing. However I additionally suppose that this is a chance for Tenable to distinguish, to proceed being that supply of fact, to offer higher analytic functionality, and to tie these items collectively. As a result of on the finish of the day, this forces us, from a product standpoint, to proceed to innovate and ship new capabilities.”
Organizations are solely starting to develop their concentrate on vulnerability administration to incorporate publicity administration, Merrick provides.
“I feel we’re within the first inning of publicity administration,” he says. “Increasingly more, organizations are beginning to discuss this.”
The deal, introduced on Wednesday, requires Tenable to pay $147 million in money and $3 million in restricted inventory to Vulcan Cyber. Whereas Merrick is unable to debate particular integration plans earlier than the deal closes, which the corporate anticipates will happen this quarter, the 100-plus connectors to third-party programs had been a key impetus for the deal.
“Now we have all the time been envisioning having the ability to ingest third-party information into our publicity administration platform like we have achieved with our vulnerability administration resolution,” he says. “We have already constructed the information mannequin particularly to just accept and usher in third-party information. So we would like to have the ability to go and fast-track that. As soon as we shut, that is going to be the large focus for us in 2025.”
