Tenable has agreed to purchase early-stage cloud security vendor Accurics for US$160 million to remediate policy violations and breach paths before infrastructure is ever provisioned.
The vulnerability management firm said Accurics enabled the programmatic detection and mitigation of risk in Infrastructure as Code (IAC) before anything is ever provisioned. Accurics seamlessly integrates with developer tools and workflows and enables security and DevOps teams to assess and secure infrastructure both before it is deployed and at runtime.
“Fully integrating security into the DevOps process and leveraging IaC processes to assess and prevent problems before deployment will secure cloud operations at speed and scale,” Tenable Chairman and CEO Amit Yoran said in a statement. “Together, we will enable organizations to push their cloud and ‘as code’ journeys forward – with IaC, with containers and compute instances.”
Tenable’s stock is up US$1.63 (3.54 percent) to US$47.69 in trading midday Monday. Tenable executives weren’t immediately available to speak with CRN about the acquisition. The deal is expected to close late in the third quarter or early in the fourth quarter of this year, according to Tenable.
Accurics was founded in 2019, has raised US$20 million of outside funding, and employs 76 people, up 105 percent from 37 employees a year ago, according to LinkedIn and Crunchbase. The company was led since its February 2019 inception by Sachin Aggarwal, who stepped aside in May 2021 and was replaced as CEO by fellow co-founder and then-chief product and engineering officer Piyush Sharrma.
“From the very beginning, Accurics has been singularly focused on securing infrastructure as code for modern enterprise,” Sharrma said in a statement. “Cloud-native infrastructure requires security that is integrated into the DevOps pipeline and enforced throughout the lifecycle – shifting legacy processes left is simply inadequate.”
Accurics’ enterprise offering seamlessly scans IaC for misconfigurations, monitors provisioned cloud infrastructure for drift, and delivers fixes in code to ensure risks are remediated quickly with minimal burden on security experts, according to Tenable. The company’s augmented remediation capabilities generate code to resolve policy violations and mitigate security risks, Tenable said.
Once the deal closes, Accurics’ technology will integrate with Tenable.io Container Security and Tenable.io Web Application Scanning, the company said. The company also developed Terrascan, a powerful open-source tool for DevOps that now has 200,000 downloads and has become a foundational part of cloud IAC practices.
“The Accurics team has focused on understanding Infrastructure as Code by integrating into the processes and tools that developers and infrastructure operators,” Tenable Co-Founder and CTO Renaud Deraison wrote in a blog post. “In this way, we can ensure that what is deployed is secure by default and that any fixes are a simple merge request rather than a patch or operational afterthought.”
As an IAC vendor, Deraison said Accurics starts secure by design and assesses the code used to create the environment to remove risks before they are ever introduced. IAC then codifies a customer’s desired state, catching problems earlier by looking at the drift between the actual cloud resource and what was intended, according to Deraison.
IAC also eliminates the need to modify the permissions of thousands of cloud resources one by one since a single script is creating them all, according to Deraison. Most importantly, IAC allows security teams to better communicate with operations by offering pull requests to their IAC scripts, turning security teams into actors and enablers in the deployment of new resources, Deraison said.
“I can’t wait to work with our teams to integrate their innovative approaches to help our customers to identity issues in Infrastructure as Code and drift in runtime to make their clouds flawless,” Deraison wrote in the blog post.
The Accurics acquisition comes just seven months after Tenable purchased cybersecurity startup Alsid for US$98 million to help customers find and fix security weaknesses in Microsoft’s Active Directory in real time. And in December 2019, Tenable bought industrial security startup Indegy for US$78 million to provide visibility, protection and control across operational technology environments.