Channel investors, Channel partners, Content

Cloud Security Posture Management (CSPM) M&A Activity Continues

Mergers and acquisitions across the cloud security posture management (CSPM) market continue at a rapid pace, as MSSPs and end-customers seek CSPM tools to monitor and properly configure Amazon Web Services, Microsoft Azure and Google Cloud Platform workloads.

The latest example deal: Tenable, a cyber exposure platform provider, has purchased Accurics for approximately $160 million in cash.

This is technology M&A deal number 565 that MSSP Alert and sister site ChannelE2E have covered so far in 2021. See all technology M&A deals for 2021 and 2020 listed here.

Accurics will integrate its cloud security capabilities into the Container Security and Web Application Security solutions, according to the companies. In doing so, Accurics extends Tenable's cloud strategy and enables its customers to use infrastructure as code (IaC) to fix cloud security issues.

Tenable Buys Accurics: MSSPs Gain More CSPM Capabilities?

Tenable's partner program includes an MSSP focus. The Accurics partner program is designed more for systems integrators and resellers. Still, the Acurics technology could have implications for Tenable's MSSP partners.

Indeed, customer and service provider demand for cloud security posture management-related software appears extremely strong. To wit, CSPM revenues will reach $9 billion by 2026, up from $4 billion in 2020, according to Markets and Markets. That’s a 14.4 percent compound annual growth rate.

Amid that growth, multiple companies have been acquiring CSPM startups. Example deals include:

The Tenable-Accurics deal continues that M&A trend.

How Accurics Addresses Cloud Security Risks

Accurics provides programmatic risk detection and mitigation of risks in IaC, the company noted. It offers a platform that "self-heals" cloud infrastructure.

Development and operations (DevOps) and security teams can use Accurics' platform to reduce their attack surface before cloud infrastructure is provisioned, the company said. The platform monitors cloud infrastructure for changes in runtime and resolves risks via IaC.

Furthermore, Accurics' platform offers the following "as code" capabilities:

  • Drift as Code: Identifies new cloud infrastructure resources and configuration changes.
  • Policy as Code: Detects and remediates policy violations.
  • Remediation as Code: Codifies remediation into development workflows.
  • Security as Code: Mitigates potential breach paths.

Accurics also offers the Terrascan open-source tool. TerraScan provides over 500 out-of-the-box policies that let DevOps and security teams scan IaC against the Center for Internet Security (CIS) Benchmark and other common policy standards.

Tenable Acquires Microsoft AD Security Provider Alsid

Meanwhile, Tenable has been active in the M&A market -- especially in terms of cloud security acquisitions.

Indeed, the company in April 2021 finalized its purchase of Alsid, which specializes in Microsoft Active Directory (AD) security. Poke around the buyer's product portfolio, and now allows partners and customers to identify and prevent Active Directory attacks.

Over 30,000 organizations now use Tenable's solutions, the company says.

Additional insights from Joe Panettieri.

Dan Kobialka

Dan Kobialka is senior contributing editor, MSSP Alert and ChannelE2E. He covers IT security, IT service provider business strategies and partner programs. Dan holds a M.A. in Print and Multimedia Journalism from Emerson College and a B.A. in English from Bridgewater State University. In his free time, Dan enjoys jogging, traveling, playing sports, touring breweries and watching football.