Governance & Risk Management
,
Vulnerability Assessment & Penetration Testing (VA/PT)
IBM, Rubrik, Palo Alto & CrowdStrike All Bought into DSPM. Will Tenable Join Them?
If the first acquisition of a data security posture management startup was something new, the second was a coincidence, the third was a pattern and the fourth was a trend, what does that make the fifth such acquisition?
See Also: Live Webinar | Masters of Deception: Decoding the Strategies of Cyber Adversaries
Five DSPM startups are expected to end up in the hands of broader security or technology vendors in just 13 months’ time, an unprecedented cyber shopping spree spurred by the need to guard the data being entered into AI models and algorithms. Four deals were announced between May 2023 and March 2024 as IBM, Rubrik, Palo Alto Networks and CrowdStrike all entered this red-hot market with nine-figure buys (see: Will Cybersecurity Get Its 1st New Unicorn Since June 2022?).
Now, Tenable reportedly wants a piece of the action. The Baltimore-area exposure management vendor is in advanced negotiations to acquire Tel Aviv, Israel-based Eureka Security, according to Calcalist. Unlike its cybersecurity and technology peers, Tenable is reportedly planning to spend less than $100 million to get into the DSPM market, planning instead to pay “tens of millions of dollars” for Eureka.
Eureka reportedly negotiated with several companies before eventually choosing Tenable, according to Calcalist. Tenable declined an Information Security Media Group request for comment, and Eureka didn’t respond to a request for comment.
What Eurkea Brings to the Table
Eureka, founded in 2021, employs 37 people and raised $8 million in a January 2022 seed round led by YL Ventures, with participation from Wiz CEO Assaf Rappaport and Microsoft and Cisco security giant Edna Conway. The company was started by Palo Alto Networks Cortex XDR product leader Liat Hayun and Microsoft cloud app security engineering leader Asaf Weiss, who are CEO and CTO, respectively.
Hayun and Weiss worked together at Palo Alto Networks from 2015 to 2018, served with each another in the Israel Defense Forces from 2009 to 2014, and both attended The Hebrew University of Jerusalem. Nearly 55% of Eureka’s workforce is headquartered in Israel, and the company has hauled in $9.6 million in revenue over the past 12 months, or more than $258,000 per employee, according to IT-Harvest.
Although 55% of Tenable’s 2,000-person workforce is based in the United States, the company’s cloud security and OT security research and development teams are located primarily in Tel Aviv. Most of the players in the data security posture management market came out of Israel.
Eureka’s cloud data security posture management offering includes data discovery and classification, security and risk management, platform-agnostic policy and control management and agentless in-depth discovery. The platform aims to bridge the gap between organizational business goals and a comprehensive security mechanism, ensuring no piece of data is left behind as firms scale in the cloud.
How Eureka Would Fit Into Tenable
In addition to both on-premises and cloud-delivered vulnerability management, Tenable offers cloud security, Active Directory security, web application scanning, attack surface management, OT security and cyber risk quantification. Eureka would give Tenable its first data security products, and it would align closely with the company’s ability to continuously assess the security posture of cloud environments.
Eureka’s exit as a stand-alone player in the DSPM space would further strengthen the position of New York-based Cyera, which in April closed a $300 million Series C funding round at a $1.4 billion valuation to extend from data security posture management into data detection and response. CEO Yotam Segev said being dedicated solely to data security will help Cyera become the dominant player in the category (see: Cyera Gets $300M at $1.4B Valuation to Fuel Safe AI Adoption).
Eureka would be Tenable’s seventh acquisition since winter 2019 and its first since purchasing cloud security startup Ermetic in October for $265 million. That deal will help security teams make efficient and accurate remediation decisions. Fifteen months before it acquired Ermetic, Tenable purchased Silicon Valley-based Bit Discovery for $43.8 million to help organizations discover, attribute and monitor assets on the internet (see: Tenable to Buy Startup Ermetic for $265M to Safeguard Clouds).
Four months before the Bit Discovery deal, Tenable bought Cymptom for $23 million to routinely test and evaluate threats according to the MITRE ATT&CK framework. In fall 2021, Tenable bought cloud security startup Accurics for $160 million to remediate policy violations and breach paths before infrastructure is provisioned.
Seven months before that, Tenable purchased cybersecurity startup Alsid for $98 million to help customers find and fix security weaknesses in Microsoft’s Active Directory in real time. And in winter 2019, Tenable bought cyber industrial startup Indegy for $78 million to provide visibility, protection and control across operational technology environments.
Will Tenable follow in the footsteps of IBM, Rubrik, Palo Alto Networks and CrowdStrike and make Eureka its seventh acquisition in five-and-a-half years? Given the attractiveness of the DSPM market and Tenable’s lack of existing capabilities around data security, that’s a solid bet to make.