I was pleased to see my friends from Columbia-based Tenable jump into unicorn-land last week with their successful IPO. Lots of advisory articles popped up afterward on the Internet - as is always the case with IPOs. Most of the coverage focused on money metrics such as the number of customers paying over $5K, the compounded YOY growth, and even the size of returns for investors (in contrast to dummies like me who keep a thin checkbook and underfunded 401K).
Good technology summaries, however, are rarely available about new cyber unicorns, generally because the financial volume knobs are set so high that little is covered about operational issues influencing people like you and me - the ones playing cyber defense. So, I was pleased that the Tenable team was willing to sit down with me last week to discuss their platform - without a single word about margin ratios or stock conversions. Here's what I learned:
"What we've chosen to focus on with our vast customer base is something that we refer to as cyber exposure," explained Dave Cole, Chief Product Officer at Tenable. "This is essentially a measure of the degree to which a given enterprise is vulnerable to consequential security breaches. And it also helps dictate how vital it is for them to be utilizing a next-generation vulnerability management platform."
Like most of you, I've always connected Tenable with Nessus. And this is certainly not a pejorative statement: The Nessus scanner has been a mature, effective solution for so many of us wanting to address vulnerability issues on various platforms and operating systems including Windows, Linux, and MacOS. I was therefore naturally interested to understand how the company has evolved from point-solution scanner to comprehensive offering.
"We deliver value today through our next-generation platform, which we call Tenable.io," explained Cole. "The platform was created by the same experts who brought you Nessus, so you will find the same strict attention to quality and detail. But we've improved our coverage in Tenable.io to directly address the complexities of tracking both fixed resources and elastic IT assets scattered across modern hybrid cloud workloads and containers."
This all sounded good, but my experience is that finding servers is one thing, but developing actionable recommendations is another. Cole was clear that Tenable.io is not just another asset discovery engine. "The platform starts with discovery, but is intended to provide advanced, contextual guidance on managing vulnerabilities. To that end, we integrate with your existing IT tools, including MDM, and even other scanning solutions, to ensure great VM guidance."
I asked Cole about the company's plans to address newer forms of assets, such as IoT, that a company might be deploying onto their modern enterprise infrastructure. He was quick to respond: "We are excited about IoT, and our approach has been to select the greatest OT vendors, starting with Siemens, to integrate their unique ICS technology. This aspect of our platform is something we expect to grow considerably in the coming years."
The inevitable questions of cloud support, and how it works for Tenable.io, came up during the discussion, and the solution appears to be rooted in the use of API connectors. Cole gave a detailed explanation and use-case summary of how Tenable.io supports hosted workloads and resources in Azure, AWS, and other public offerings. (I asked about support for Tier 1 carrier SDN infrastructure, and Cole agreed that this was an important area for future integration.)
After my discussion with Tenable, I set aside any business or investment considerations, and tried to think through the technical and architectural challenges that face Tenable: The clearest in my mind are the dissolution of the enterprise network into a complex tangle of public clouds, and the likelihood that public cloud providers with CASB partners will offer dynamic VM in the access path. Tenable will have to maintain its value proposition amidst both these trends.
So, pop the cork if you're a Tenable investor - and for the rest of us, expect to see continued strong focus in reducing enterprise cyber exposure using the Tenable.io platform. With an experienced management team under Amit Yoran, and a loyal customer base, I would expect to see Tenable emerge as a newly-iconic brand, most likely expanding in the coming years into adjacent areas of enterprise cyber security. Best of luck to the team and its customers.