Tenable has agreed to purchase cybersecurity startup Alsid for US$98 million to help customers find and fix security weaknesses in Microsoft’s Active Directory in real time.
The vulnerability management firm said its proposed acquisition of Paris, France-based Alsid will allow organizations to discover new attack pathways and detect Active Directory attacks in real time. Alsid leverages dynamic threat scoring and complexity ratings to recommend remediations that don’t require the deployment of agents or the leveraging of privileged accounts, Tenable said.
“Tightly controlling the privileges of accounts in Active Directory is as foundational to reducing risk to the business as the basic blocking and tackling of deploying security updates,” Tenable CEO Amit Yoran said in a statement. “As we‘ve seen with the flurry of hacks, ranging from the sophisticated SolarWinds compromise all the way down to common ransomware attacks, attackers go after the Active Directory infrastructure to increase access and establish persistence.”
The SolarWinds hackers were able to forge a token that claimed to represent a highly privileged account in Azure Active Directory, Microsoft disclosed Dec. 13. The hackers could also gain administrative Azure Active Directory privileges with compromised credentials. Microsoft said this was particularly likely if the account in question is not protected by multifactor authentication.
“Having gained a significant foothold in the on-premises environment, the actor has made modifications to Azure Active Directory settings to facilitate long-term access,” the Microsoft Security Research Center wrote Dec. 13.
The Alsid acquisition is expected to close early in the second quarter of 2021 and contribute approximately 1 percentage point of growth to Tenable’s revenue this year. The deal will also increase incremental operating expenses by US$15 million to US$20 million, according to Tenable. Tenable’s stock remains unchanged at US$45.82 per share in premarket trading Wednesday.
Alsid was founded in 2016 by two former incident responders from the French National Cybersecurity Agency, employs 104 people, and has raised US$17.7 million in four rounds of outside funding, LinkedIn and Crunchbase reported. Company founders Emmanuel Gras and Luc Delsalle will join Tenable in senior leadership roles to help develop more innovative tools for Active Directory risk and security assessment.
“We started Alsid to help organizations solve one of the biggest security challenges, an unprotected Active Directory, which is one of the most common ways for threat actors to move laterally across enterprise systems,” Gras, Alsid’s CEO, said in a statement. “Our approach has always focused on helping our customers anticipate future attacks so they can keep their business running as usual.”
The Alsid acquisition will allow Tenable to manage account privileges in the same way it does IT assets and risk, the company said. Going forward, Tenable said it will be able to offer Active Directory security for even the most complex enterprise user environments, combining vulnerability data, threat intelligence and account permissions for a more holistic view of risk and the ability to predict which issues to fix first.
Active Directory deployments remain largely on-premises today, with many of Tenable’s large enterprise customers shifting some workloads to Azure Active Directory. Alsid’s platform secures existing on-premises and complex hybrid deployments of Active Directory, according to Tenable.
Alsid has largely been focused on product development, but the company has been building pipeline and has some expertise around Active Directory sales and sales engineering, according to the company. Over the longer term, Tenable said it hopes to leverage its distribution channels and enable its sales force to sell the Alsid product.
The teams focused on auditing and securing Active Directory are largely the same as those buying Tenable’s existing vulnerability management offerings. Like Tenable, Alsid’s go-to-market motion has been focused on large enterprises with multiple domains and business units as well as complex Active Directory deployments.
“We’re impressed with the insight that Alsid brings to enterprise customers and look forward to working with the Alsid team to add this critical element to cyberexposure and risk management,” Yoran said in a statement.
The Alsid deal comes 14 months after Tenable purchased industrial security startup Indegy for US$78 million to provide visibility, protection and control across operational technology environments. The Indegy acquisition was expected to extend the breadth of its Tenable’s OT-specific capabilities in areas like vulnerability management, asset inventory, configuration management and threat detection.