Tenable set to acquire world-renown CNAPP vendor Ermetic to further enhance its expertise in cloud security

Amit Yoran, Chairman and Chief Executive Officer at Tenable
Amit Yoran, Chairman and Chief Executive Officer at Tenable

Tenable, the Exposure Management company, has signed a definitive agreement to acquire Ermetic Ltd. (Ermetic), a fully integrated cloud-native application protection platform (CNAPP) company, and a leading provider of cloud infrastructure entitlement management (CIEM).

How will Tenable leverage Ermetic’s tech?

Tenable intends to integrate these capabilities into its Tenable One Exposure Management Platform to deliver market-leading contextual risk visibility, prioritisation and remediation across infrastructure and identities, both on-premise and in the cloud. Ermetic’s cloud-native application protection platform delivers in-depth contextual analysis in simple terms and reveals toxic combinations, like privileged access to publicly-exposed vulnerable workloads.

Seamlessly combining Ermetic’s groundbreaking insights into Tenable One will extend Tenable’s offerings for hybrid environments. In the public cloud, identities and entitlements are the greatest risk to cloud infrastructures and one of the hardest problems to solve.

In fact, according to the 2022 Top Cloud Threats report by the Cloud Security Alliance, security experts cite identity-based threats as the top cloud security issue they face.

Cloud complexity – including identity sprawl and layers of policies that often change – makes understanding access risk and permissions difficult. Expanding Tenable’s cloud security offering with Ermetic’s unified, multi-cloud CNAPP and industry-leading CIEM will give security teams context and prioritization guidance to make accurate remediation decisions.

The highly-intuitive user interface will make it easy for security personnel of all cloud expertise levels to spot and quickly address risks. This solves a key industry challenge – managing an increasing volume of security data while contending with a massive skills gap in cybersecurity. With clear remediation instructions provided, security teams will no longer need to be cloud security experts to understand where the most urgent risks are and what to do about them.

“We will have an opportunity to put additional market-leading cloud security capabilities into the hands of tens of thousands of customers. Together, we will be able to deliver a holistic view of the modern attack surface and help firms reduce exposure and risk, using identity as an essential foundation,” said Amit Yoran, Chairman and Chief Executive Officer at Tenable.

What is the market offering of the joint solution?

The unique combination of Tenable and Ermetic will give customers:

  • Unified CNAPP – a unified and agentless solution that automates asset discovery, risk analysis, accelerated remediation and compliance. From shift-left Infrastructure as Code security to agent-based and agentless assessment for runtime environments, broad CNAPP capabilities will be delivered via an elegant user experience that minimizes complexity and speeds adoption.
  • Powerful CIEM – a comprehensive solution for managing human and service identities for cloud infrastructure. It visualises all identities and entitlements, using automated analysis to reveal and prioritise risks.
  • Context-aware risk prioritisation – context across all cloud and on-premises resources, including workloads, identities and data. Enhanced exposure management will extend visibility across the hybrid, multi-cloud attack surface.
  • Simplified remediation – guidance on and automation of the remediation process that enables organisations to make rapid improvements in their security posture.

What does this mean for Ermetic?

Shai Morag, Co-founder and Chief Executive Officer at Ermetic
Shai Morag, Co-founder and Chief Executive Officer at Ermetic

“The combination of Tenable’s rich exposure management data and Ermetic’s cloud solutions will offer unprecedented levels of actionable visibility and value. It will remove the complexity that makes managing cloud environments so challenging. Tenable’s massive install base of clients will enable us to introduce more firms to benefits of context-aware risk prioritisation to solve problems before they manifest,” said Shai Morag, CEO and co-founder at Ermetic.

Founded in 2019, Ermetic is a world-renown specialist in cloud infrastructure entitlement management and identity centric unified cloud security platform capabilities. The company serves organisations of all sizes, including Fortune 50 companies, to mitigate access risk, secure cloud data, ensure compliance and accelerate organizational security efforts.

Under the terms of the agreement, Tenable will acquire Ermetic for about $240m in cash and $25m in restricted stock and RSUs, subject to customary purchase price adjustments. The acquisition is expected to close early in the fourth quarter 2023, subject to customary closing conditions. Tenable expects to fund the cash portion of the purchase price with existing cash.

Ermetic’s financial results in the fourth quarter 2023 are not expected to materially contribute to revenue or calculated billings and are expected to increase non-GAAP operating expenses by $4-$6m. Unlevered free cash flow in the quarter is expected to be reduced by $14-$16m, which includes $10-$12 million of acquisition-related costs and forgone interest income.

For more information about the announcement, visit the Investor FAQ page.