The Expert's View with Michael Novinson

Cloud Security , Security Operations

Why Tenable Is Eyeing Security Vendor Ermetic at Up to $350M

Ermetic Is in Line for a 9-Figure Deal Just 40 Months After Emerging From Stealth
Why Tenable Is Eyeing Security Vendor Ermetic at Up to $350M

A startup founded by the longtime leader of Secdo and backed by the likes of Qumra Capital and Accel could soon be acquired by Tenable, according to news reports.

See Also: SBOM and Connected Device Security

Baltimore-area exposure management vendor Tenable is in advanced negotiations to purchase Boston-based cloud infrastructure security startup Ermetic in a deal valued at between $300 million and $350 million, Calcalist and Globes reported Tuesday. The two sides are in "advanced negotiations," and a deal is set to be completed in the coming days (see: Tenable CEO on Using AI to Spot Exploitable Vulnerabilities).

A Tenable spokesperson and an Ermetic spokesperson both declined Information Security Media Group's requests for comment. Tenable's stock is down $0.17 - or 0.38% - to $45.13 in trading Tuesday afternoon.

Reports of the Ermetic deal emerge 15 months after Tenable completed its $43.8 million acquisition of Santa Clara, California-based Bit Discovery to help organizations discover, attribute and monitor assets on the internet. It would be the second-largest transaction carried out by a pure-play security vendor this year - behind only Check Point's $490 million purchase of security service edge vendor Perimeter 81 (see: Check Point to Buy SSE, ZTNA Startup Perimeter 81 for $490M).

What Makes Ermetic Special?

Although Ermetic has headquarters in Tel Aviv and Boston, co-founders Shai Morag, Arick Goomanovsky, Sivan Krigsman and Michael Dolinsky live in Israel - as do 86 of the company's 163 workers. CEO Morag co-founded and led Secdo - which was bought by Palo Alto Networks for $82.7 million in April 2018 - CBO Dolinsky Goomanovsky co-founded Sygnia, and CTO Dolinsky and CPO Krigsman were at Microsoft.

Ermetic, co-founded in July 2019, raised $97.3 million in three rounds of outside funding and laid off 30 employees - or 17% of its workforce - in January, according to Calcalist. Backers of Ermetic include Accel, Forgepoint Capital, Glilot Capital Partners, Norwest Venture Partners, Qumra Capital, Splunk Ventures and Target Global, according to IT-Harvest.

“Ermetic has built the most advanced solution for automating and centralizing security management across all the leading cloud platforms, and is led by a proven management team," Qumra Managing Partner Boaz Dinte said in a statement after leading the company's $70 million Series B funding round in December 2021.

More than 55% of Ermetic's employees are based in Israel. Nearly 40% are in the United States, and the remaining 5% are in countries including Canada, Germany and the United Kingdom, IT-Harvest found. IT-Harvest estimates a valuation of between $204 million and $276 million for Ermetic and annual revenue of $19.2 million - or nearly $115,000 per employee - just 40 months after the company emerged from stealth.

Ermetic's technology identifies unusual activity related to data access, network access management, permission management and permission escalation. The company's key tool is a cloud infrastructure entitlements management platform that allows users to investigate permissions, configurations and relationships, assess and prioritize risks across human and service identities, and automate remediation.

Would Tenable Make a Good Home for Ermetic?

Tenable's existing cloud security tool allows teams to continuously assess the security posture of their cloud environment by maintaining a current inventory of cloud assets for proactive analysis whenever a new vulnerability is published. Tenable.cs gives cloud security teams the tools they need to apply, monitor and report on security and compliance policies across multi-cloud environments, the firm said.

Tenable hasn't been shy about conducting deals to widen its technological footprint. Just four months before the Bit Discovery deal, Tenable bought Cymptom for $23 million to routinely test and evaluate threats according to the MITRE ATT&CK framework. In fall 2021, Tenable bought cloud security startup Accurics for $160 million to remediate policy violations and breach paths before infrastructure is provisioned (see: Tenable to Buy Bit Discovery to Find More Vulnerable Assets).

Seven months earlier, Tenable purchased cybersecurity startup Alsid for $98 million to help customers find and fix security weaknesses in Microsoft's Active Directory in real time. And in winter 2019, Tenable bought cyber industrial startup Indegy for $78 million to provide visibility, protection and control across operational technology environments. If recent reports play out, Ermetic may be the next name on Tenable's acquisition list.

About the Author

Michael Novinson

Michael Novinson

Managing Editor, Business, ISMG

Novinson is responsible for covering the vendor and technology landscape. Prior to joining ISMG, he spent four and a half years covering all the major cybersecurity vendors at CRN, with a focus on their programs and offerings for IT service providers. He was recognized for his breaking news coverage of the August 2019 coordinated ransomware attack against local governments in Texas as well as for his continued reporting around the SolarWinds hack in late 2020 and early 2021.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.