Tenable, a cyber risk management company based in Columbia, Maryland, today announced it has acquired infrastructure-as-code (IaC) technology provider Accurics for $160 million in cash. Tenable says the acquisition will enable it to introduce a “complete lifecycle approach” for risk management, leveraging IaC to fix cloud environment problems before they expose businesses to risk.
“Fully integrating security into the DevOps process and leveraging IaC processes to assess and prevent problems before deployment will secure cloud operations at speed and scale,” Tenable chair and CEO Amit Yoran said in a press release. “From the introduction of Terrascan to their enterprise platform, Accurics is leading that revolution. Together, we will enable organizations to push their cloud and ‘as code’ journeys forward — with IaC, with containers and compute instances. This is all about accelerating innovation and simultaneously enabling security in ways previously not possible.”
San Francisco, California-based Accurics, which was founded in 2020, offers a platform to help companies address risk during development and deliver fixes in code to ensure risks are remediated quickly. Accurics can scan IaC for misconfigurations and monitor provisioned cloud infrastructure for drift, enabling organizations to generate code to resolve policy violations and address security risks.
Accurics cofounders include CEO Piyush Sharrma and Om Moolchandani. Sharrma previously led engineering, product, and research teams at Symantec, while Moolchandani held leadership positions at companies like AutoGrid and General Electric.
“One of the biggest obstacles facing companies today is security teams are constantly challenged with understanding and effectively managing the risk and security for cloud environments at DevOps speeds. From the very beginning, Accurics has been singularly focused on securing infrastructure-as-code for modern enterprises,” Sharrma said in a statement. “Joining forces with Tenable increases our ability to help organizations accelerate innovation by aligning development, operational, and security teams behind security and resiliency goals.”
Accurics’ solutions will be integrated with Tenable’s container security and web scanning products after the acquisition is completed, according to Sharrma. Accurics had raised $20 million from investors that include Intel Capital and ClearSky.
Growth in IaC
IaC is the process of managing datacenters through machine-readable definition files, rather than hardware configurations. It grew as a response to the challenges posed by utility computing — the idea of modeling infrastructure with code and having the ability to design, implement, and deploy app infrastructure that appealed to both software developers and IT infrastructure administrators. The ability to treat infrastructure like code and use the same tools as any other software project would allow developers to rapidly deploy applications, the thinking went.
The IaC market is growing rapidly, with startups like Env0 and Oak9 landing millions of dollars in venture capital. Earlier this year, Sysdig bought Apolicy, which provides an IaC security platform to automate cloud and container security controls.
But security challenges lie on the horizon for enterprises embracing IaC. In a recent Synk survey, only 26% of IaC users said they’re confident they can spot security mistakes in their configurations.
Tenable’s acquisition of Accurics — which is subject to customary purchase price adjustments — is expected to close in late Q3 or early Q4 2021. It’s publicly traded Tenable’s fourth acquisition since its founding in 2002, following the purchase of Microsoft Active Directory security service developer Alsid in April, Indegy in 2019, and Flawcheck in 2016.