The proactive safety market is consolidating additional as publicity administration vendor Tenable introduced its intent to accumulate Vulcan Cyber, a unified vulnerability administration (UVM) vendor that makes a speciality of third occasion vulnerability assortment, vulnerability response, and utility safety posture administration. This acquisition demonstrates how distributors are reacting to CISOs’ continued have to unify and consolidate their fragmented arsenal of safety instruments.
Tenable plans to finish the acquisition by the tip of March 2025, for $147 million in money and $3 million in RSUs. Forrester estimates Vulcan Cyber’s ARR is ~$25M and that they’ve round 100 enterprise prospects. This acquisition underscores Tenable’s dedication to enhancing vulnerability response, complementing their current announcement supporting built-in patch administration capabilities. As assault surfaces broaden throughout cloud, gadgets, and functions, safety groups face the problem of managing various safety posture evaluation instruments that determine numerous property and assess vulnerabilities. This fragmentation makes vulnerability prioritization and remediation monitoring difficult. Unified Vulnerability Administration corporations like Vulcan Cyber consolidate and unify vulnerability sources from cloud safety, vulnerability scanners, endpoint safety, and extra to help within the prioritization course of. This unification permits groups to use prioritization strategies and orchestrate and monitor remediation’s successfully. This acquisition additional aligns with Forrester’s analysis on proactive safety, which is made up of three core ideas: visibility, prioritization, and remediation.
Vulcan’s mannequin of Unified Vulnerability Administration, which ingests third-party vulnerabilities and improves response, addresses areas the place Tenable has historically not been as robust. Forrester expects Tenable to prioritize integrating Vulcan’s third-party connector ecosystem into their Tenable One platform, and leverage Vulcan’s ASPM capabilities. This integration will allow Tenable One prospects to drag in additional various vulnerability sources, from SAST/DAST to cloud safety suppliers, in the end enhancing remediation response workflows and insights.
Unified Vulnerability Administration options have acknowledged the benefit for safety leaders of with the ability to ingest, mixture, deduplicate, and triage findings from numerous distributors and kinds of utility safety testing instruments. ASPM options, equivalent to Vulcan.io, advance this strategy by correlating points found throughout growth and testing with utility deployment and runtime info. The contextualized prioritization focuses growth and DevOps groups on addressing solely a very powerful enterprise impacting points, thereby enhancing growth productiveness and minimizing threat. Furthermore, Vulcan Cyber’s ASPM providing additional permits Tenable to seize a bigger share of the appliance safety finances.
With this acquisition, Tenable has expanded its vulnerability administration to boost remediation. Vulcan’s workflow engine permits safety and IT groups to construct and deploy customized playbooks that automate prioritization and remediation course of, decreasing guide overhead. Tenable One can leverage Vulcan’s skill to seamlessly bridge vulnerability information with DevOps toolchains.
This acquisition marks Tenable’s fifth in three years, following purchases in information safety (Eureka), cloud safety (Ermetic), assault floor administration (Bit Discovery), and publicity administration (Cymptom). The proactive safety market is anticipated to proceed consolidating via acquisitions and the unification of vulnerabilities and property from disparate instruments. Options like Unified Vulnerability Administration help vulnerability consolidation, whereas Cyber Asset Assault Floor Administration (CAASM) options help asset consolidation.
