September 13, 2021
Tenable Holdings, Inc. (“Tenable”) (Nasdaq: TENB), the Cyber Exposure company, today announced that it has entered into a definitive agreement to acquire Accurics, Inc. (“Accurics”), a pioneer in delivering cloud-native security for both DevOps and security teams. Accurics enables the programmatic detection and mitigation of risks in Infrastructure as Code (IaC) before anything is ever provisioned. Following completion of this acquisition, Tenable's solutions will include holistic assessment and the automated remediation of policy violations and breach paths, before the infrastructure is provisioned and throughout its lifecycle.
The world is rapidly embracing IaC. IaC offers organizations a powerful competitive advantage by improving the efficiency of operations at scale. Leveraging the GitOps philosophy and seamlessly integrating with developer tools and workflows, Accurics enables security teams to assess and secure infrastructure both before it is deployed and at runtime.
Following the completion of the acquisition, Tenable and Accurics will introduce a complete lifecycle approach to modern risk management, leveraging IaC to fix problems for any cloud environment — before they can expose the business to risk. Accurics helps companies address risk across the entire lifecycle and supply chain, in development and runtime, and delivers fixes in code to ensure risks are remediated quickly with minimal burden on security experts. Accurics’ enterprise offering seamlessly scans IaC for misconfigurations and monitors provisioned cloud infrastructure for drift. Organizations will be able to secure what they build and innovate with confidence through Accurics’ augmented remediation capabilities, generating code to resolve policy violations and mitigate security risks. The acquisition extends Tenable’s broader cloud strategy, helping enterprises secure their full cloud stacks, both at build time and at runtime. Following the completion of the acquisition, Accurics’ solutions will integrate with Tenable.io® Container Security, an industry-leading solution integrating security into DevOps, Frictionless Assessment, which removes the need for agents or scanning to deliver continuous visibility and assessment of cloud assets, and Tenable.io Web Application Scanning, which offers simple, scalable and automated vulnerability scanning for web applications.
“Fully integrating security into the DevOps process and leveraging IaC processes to assess and prevent problems before deployment will secure cloud operations at speed and scale,” said Amit Yoran, chairman and CEO, Tenable. “From the introduction of Terrascan to their enterprise platform, Accurics is leading that revolution. Together, we will enable organizations to push their cloud and ‘as code’ journeys forward — with IaC, with containers and compute instances. This is all about accelerating innovation and simultaneously enabling security in ways previously not possible.”
“One of the biggest obstacles facing companies today is security teams are constantly challenged with understanding and effectively managing the risk and security for cloud environments at DevOps speeds. From the very beginning, Accurics has been singularly focused on securing infrastructure as code for modern enterprises,” said Piyush Sharrma, co-founder and CEO, Accurics. “Cloud-native infrastructure requires security that is integrated into the DevOps pipeline and enforced throughout the lifecycle — shifting legacy processes left is simply inadequate. Joining forces with Tenable increases our ability to help organizations accelerate innovation by aligning development, operational, and security teams behind security and resiliency goals.”
Accurics also developed Terrascan, a powerful open-source tool for DevOps, which now has 200,000 downloads and has become a foundational part of cloud IaC practices. The founders who are currently with the company are Sharrma and Om Moolchandani. Sharrma is a seasoned technologist and entrepreneur behind multiple technology startups. He has led global teams across engineering, product and research at Symantec Corp to bring numerous enterprise security innovations to market. Moolchandani is the chief technology officer and chief information security officer. He has held numerous leadership positions at companies such as AutoGrid and General Electric, where he implemented security for the Industrial Cloud and Edge platform.
Under the terms of the agreement, Tenable will acquire Accurics for a total purchase price of approximately $160 million in cash, subject to certain customary purchase price adjustments. The acquisition is expected to close late in the third quarter or early in the fourth quarter of 2021, subject to the satisfaction of customary closing conditions.
For more information about the announcement, visit investors.tenable.com. Tenable also shares news and updates on the website, which may be of interest or material to Tenable investors.
Tenable® is the Cyber Exposure company. Over 30,000 organizations around the globe rely on Tenable to understand and reduce cyber risk. As the creator of Nessus®, Tenable extended its expertise in vulnerabilities to deliver the world’s first platform to see and secure any digital asset on any computing platform. Tenable customers include more than 50 percent of the Fortune 500, more than 30 percent of the Global 2000 and large government agencies. Learn more at www.tenable.com.
Forward Looking Statements
This press release contains forward-looking information related to Tenable, Accurics and the potential acquisition that involves substantial risks, uncertainties and assumptions that could cause actual results to differ materially from those expressed or implied by such statements. Forward-looking statements in this communication include, among other things, statements about the potential benefits of the acquisition and product developments and other possible or assumed business strategies, potential growth opportunities, new products and potential market opportunities. Risks and uncertainties include, among other things, our ability to successfully integrate Accurics’ operations; our ability to implement our plans, forecasts and other expectations with respect to Accurics’ business; our ability to realize the anticipated benefits of the acquisition, including the possibility that the expected benefits from the acquisition will not be realized or will not be realized within the expected time period; our ability to consummate the transaction pursuant to the terms and in accordance with the timing described in this press release; failure to obtain necessary regulatory approvals (and the risk that such approvals may result in the imposition of conditions that could adversely affect the combined company or the expected benefits of the transaction); disruption from the acquisition making it more difficult to maintain business and operational relationships; the inability to retain key employees; the negative effects of the consummation of the acquisition on the market price of our common stock or on our operating results; unknown liabilities; attracting new customers and maintaining and expanding our existing customer base, our ability to scale and update our platform to respond to customers’ needs and rapid technological change, increased competition on our market and our ability to compete effectively, and expansion of our operations and increased adoption of our platform internationally.
Additional risks and uncertainties that could affect our financial results are included in the section titled “Risk Factors” and “Management’s Discussion and Analysis of Financial Condition and Results of Operations” in our Annual Report on Form 10-K for the year ended December 31, 2020, our quarterly report on Form 10-Q for the quarter ended June 30, 2021 and other filings that we make from time to time with the Securities and Exchange Commission which are available on the SEC’s website at www.sec.gov. In addition, any forward-looking statements contained in this communication are based on assumptions that we believe to be reasonable as of this date. Except as required by law, we assume no obligation to update these forward-looking statements, or to update the reasons if actual results differ materially from those anticipated in the forward-looking statements.