[ad_1]
Tenable has agreed to buy cybersecurity start-up Alsid for $ 98 million to help customers find and fix security weaknesses in Microsoft’s Active Directory in real time.
The Columbia, Maryland-based vulnerability management company said its proposed acquisition of Alsid, based in Paris, France, will allow companies to discover new attack avenues and detect attacks Active Directory in real time. Alsid leverages dynamic threat scoring and complexity assessments to recommend remedies that don’t require agent deployment or privileged account exploitation, Tenable said.
“Tight control of account privileges in Active Directory is as fundamental to reducing business risk as blocking and basic management of the deployment of security updates,” said Amit Yoran, CEO of Tenable, in a statement. “As we’ve seen with the wave of hacks, ranging from sophisticated SolarWinds compromises to common ransomware attacks, attackers attack Active Directory infrastructure to increase access and establish persistence.”
[Related: Tenable Buys Industrial Security Startup Indegy To Boost OT Protection]
SolarWinds hackers were able to forge a token that claimed to represent a highly privileged account in Azure Active Directory, Microsoft revealed on December 13. Hackers could also gain Azure Active Directory administrative privileges with compromised credentials. Microsoft has said this is particularly likely if the account in question is not protected by multi-factor authentication.
“After taking a significant position in the on-premises environment, the actor made changes to Azure Active Directory settings to facilitate long-term access,” the Microsoft Security Research Center wrote on December 13.
The Alsid acquisition is expected to close early in the second quarter of 2021 and contribute approximately 1 percentage point of growth to Tenable’s revenue this year. The deal will also increase additional operating expenses from $ 15 million to $ 20 million, according to Tenable. Tenable’s stock remains unchanged at $ 45.82 per share in pre-release Wednesday.
Alsid was founded in 2016 by two former contributors to the French National Cybersecurity Agency, employs 104 people and has raised $ 17.7 million in four rounds of external funding, reported LinkedIn and Crunchbase. Company founders Emmanuel Gras and Luc Delsalle will join Tenable in leadership roles to help develop more innovative tools for Active Directory risk and security assessment.
“We launched Alsid to help businesses solve one of the biggest security challenges, an unprotected Active Directory, which is one of the most common ways for threat actors to move sideways through systems. corporate, ”said Gras, CEO of Alsid, in a statement. “Our approach has always been to help our customers anticipate future attacks so that they can continue to operate as usual.
The Alsid acquisition will allow Tenable to manage account privileges the same as IT assets and risks, the company said. Going forward, Tenable said it would be able to offer Active Directory security even for the most complex corporate user environments, combining vulnerability data, threat information and permissions from counts for a more holistic view of risk and the ability to predict which problems to solve first.
A large part of Active Directory deployments remain on-premises today, with many large tenable customers moving some workloads to Azure Active Directory. The Alsid platform secures existing and complex hybrid Active Directory deployments, according to Tenable.
Alsid has largely focused on product development, but the company has built a pipeline and has some expertise in Active Directory sales and sales engineering, according to the company. Longer term, Tenable said he hopes to leverage his distribution channels and allow his sales force to sell the Alsid product.
The teams focused on auditing and securing Active Directory are largely the same as those who purchase Tenable’s existing vulnerability management offerings. Like Tenable, Alsid’s move to market has focused on large enterprises with multiple domains and business units as well as complex Active Directory deployments.
“We are impressed with the insight that Alsid brings to corporate clients and look forward to working with the Alsid team to add this critical element to cyber exposure and risk management,” Yoran said in a statement.
The Alsid deal comes 14 months after Tenable bought industrial security start-up Indegy for $ 78 million to provide visibility, protection and control in all operational technology environments. The Indegy acquisition was intended to expand the scope of Tenable’s OT-specific capabilities in areas such as vulnerability management, asset inventory, configuration management and threat detection.
Source link
