Tenable Acquires Vulcan Cyber for $150M, Enhancing Exposure Management Capabilities

Tenable, a cybersecurity company headquartered in Baltimore, Maryland, has announced its plans to acquire Vulcan Cyber, an Israeli-based exposure management startup, for $150 million. This acquisition aims to streamline the integration of security telemetry from various third-party products, providing chief information security officers (CISOs) with a holistic view of their organization’s risk landscape.

Mark Thurmond, co-CEO and COO at Tenable, noted that enterprises often struggle with an oversaturation of individual security products. On average, large organizations utilize over 100 different security solutions, which can lead to integration challenges and operational inefficiencies. “Our customers are overwhelmed by the sheer volume of point security products,” he stated, emphasizing the need for a more consolidated approach to risk management.

Founded in 2018 and employing 124 professionals, Vulcan Cyber has gained recognition for its effective performance and extensive scalability, reinforced by over $69 million in external funding. The company’s leadership, under the guidance of Yaniv Bar-Dayan, brings valuable experience from the Israel Defense Forces and Cyberbit, enhancing Vulcan’s commitment to delivering effective security solutions.

Moreover, the integration of Vulcan Cyber’s capabilities into Tenable One is set to provide a unified platform that consolidates disparate security tools and third-party security data, allowing for better risk assessment. Thurmond expressed that while Vulcan will no longer be sold as an independent product, current clients will continue to receive support as integration into Tenable One is completed.

In acquiring Vulcan Cyber, Tenable will also facilitate the ingestion of security data from competition-related products, such as those offered by Qualys and CrowdStrike, thereby enhancing their threat intelligence and risk analysis capabilities. The automated remediation workflows provided by Vulcan Cyber will also help alleviate manual tasks, improving operational efficiency through streamlined security responses.

Security teams often face difficulties in aggregating and normalizing data from third-party tools. Vulcan Cyber aims to tackle this issue with effective integration adapters that enhance data processing and prioritization, allowing security teams to focus on critical vulnerabilities. Thurmond remarked on the advanced engineering behind Vulcan’s technology, which simplifies the data aggregation process.

Addressing the challenges posed by siloed operations within security teams, Vulcan Cyber’s automated ticketing system allows for timely assignment, tracking, and resolution of vulnerabilities. This ensures that critical security gaps are promptly addressed, enhancing the overall cybersecurity posture of organizations.

Moving forward, Tenable’s primary measure of success for the Vulcan Cyber acquisition will focus on the adoption of new security capabilities and the efficiency of the integrated threat prioritization and automation efforts. Thurmond emphasized the commitment to delivering measurable improvements in security for existing customers while integrating Vulcan Cyber’s solutions.

As Tenable continues to refine its exposure management platform, it remains crucial to recognize the methodologies and tactics involved, potentially referencing frameworks such as the MITRE ATT&CK Matrix. This can help inform understanding of the adversarial tactics that may influence the landscape of future cybersecurity challenges.