• Ermetic announced CNAPPgoat, an open-source project that helps enterprises evaluate and improve their cloud security capabilities, procedures, and tools in a controlled environment.

Tenable One will merge Ermetic’s capabilities and insights for cloud and on-premises asset visibility and vulnerabilities in a single exposure management platform.

Tenable Holdings Inc., a company specializing in network security management, has revealed its plan to acquire Ermetic Ltd., an Israeli startup known for developing an integrated cloud-native application protection platform and offering cloud infrastructure entitlement management services.

As per the arrangement, Tenable will provide approximately USD 240 million in cash and USD 25 million in restricted stock, with potential adjustments based on pricing.

Established in 2019, Ermetic has become a frontrunner in the cloud infrastructure entitlement and identity-centric cloud security platform market. It offers services and features, including automated risk analysis, user entitlement comprehension, risk prioritization, and automated remediation. Ermetic caters to companies of all sizes, extending its services to Fortune 50 enterprises. Its mission is to address access risks by securing cloud data and assisting professionals in managing network security challenges.

Ermetic provides cloud teams with a comprehensive toolset to create, deploy, and operate secure cloud applications. Their all-in-one software platform simplifies the process of monitoring, detecting, and responding to potential security vulnerabilities in cloud environments, enhancing overall cloud security. Ermetic achieves this through a central control dashboard consolidating all security capabilities and access management functions. For instance, it can monitor whether a specific user, like a cloud database administrator, has access to specific network areas. If the account is compromised, it becomes a potential vulnerability, so automating the management of access to sensitive resources is crucial.

Recently, the company introduced CNAPPgoat, an open-source project that enables organizations to evaluate their cloud security skills, processes, and tools in a sandbox environment. Using this new tool, security teams can create their own “risk scenarios” and test CNAPP platforms and tools against them.

Amit Yoran, Chairman and Chief Executive Officer of Tenable stated, “Together, we will be able to deliver a holistic view of the modern attack surface and help organizations reduce exposure and risk, using identity as an essential foundation,”

Tenable plans to incorporate Ermetic’s capabilities and insights into Tenable One, its integrated system for cloud and on-premises asset visibility and related vulnerabilities in a single exposure management platform. Assembling vulnerability data from enterprise infrastructure, web apps, public cloud, and identity management systems, Tenable One identifies assets across the entire attack surface. With a comprehensive understanding of exposures, privileges, and attack routes through their networks, security teams can better position themselves for the attack.

Shai Morag, Co-founder and CEO of Ermetic said, “The combination of Tenable’s rich exposure management data and Ermetic’s cloud solutions will provide unprecedented levels of actionable visibility and value. It will remove the complexity that makes managing cloud environments so challenging.”

Ermetic has raised a total of USD 100 million since its launch, including USD 70 million in a Series B funding round led by Qumra Capital in December 2021.

Subject to the customary conditions outlined in the contract, the transaction is anticipated to close at some point early in the fourth quarter of 2023.

Tenable’s sixth acquisition since its initial public offering in 2018, the most recent of which was in 2022, when the company paid USD 45 million for the external attack surface management startup Bit Discovery Inc. In the past, Alsid SAS was purchased for USD 98 million in February 2021 and the attack path management startup Cymptom Labs Ltd. was acquired in February 2022.