Network Security

Tenable Shells Out $45 Million to Acquire Bit Discovery

Tenable on Tuesday announced plans to spend $45 million in cash to acquire Bit Discovery, an attack surface management software startup created by cybersecurity pioneers Jeremiah Grossman and Robert Hansen.

Ryan Naraine

April 26, 2022

The acquisition comes less than a year after Bit Discovery raised $4 million in Series B funding to build technology to help organizations track and manage risks to digital assets.

Once the deal closes, Columbia, Maryland-based Tenable plans to leverage Bit Discovery’s products across its entire portfolio – from enterprise vulnerability management (VM) to Nessus, from cloud to operational technology (OT) to identity.

“Once integrated, customers will have the ability to assess the security posture of their entire attack surface and understand each of these in the context of an attack path which might exist from external systems to critical assets,” the company said in a note announcing the transaction.

[ READ: Bit Discovery Banks $4 Million for Attack Surface Management ]

“By covering both external and internal assets, Tenable will provide a comprehensive view of vulnerabilities and cyber risk, allowing customers to prioritize remediation efforts and minimize cyber exposure,” Tenable added.

Bit Discovery raised a total of $6.6 million to build and sell an attack surface management tool to help security programs to identify and manage Internet-connected assets.

Attack surface management is a new product category meant to address gaps in point-in-time penetration testing and vulnerability management. It has emerged as a highly competitive category with multiple startups jostling for market share.

Advertisement. Scroll to continue reading.

Well-funded players in the attack surface management space include Bishop Fox, Intrigue, Randori and CyCognito.

The Bit Discovery product automates the scanning of Internet-connected assets on a continuous basis, flagging security problems to alert security teams in real-time whenever a portfolio changes.

The acquisition is expected to close later in the second quarter of 2022

Written By Ryan Naraine

Ryan Naraine is Editor-at-Large at SecurityWeek and host of the popular Security Conversations podcast series. He is a security community engagement expert who has built programs at major global brands, including Intel Corp., Bishop Fox and GReAT. Ryan is a founding-director of the Security Tinkerers non-profit, an advisor to early-stage entrepreneurs, and a regular speaker at security conferences around the world.

Latest News

Click to comment

CIEM Chat: How to Reduce Cloud Identity Risk

March 26, 2024

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Virtual Event: Ransomware Resilience & Recovery Summit

April 17, 2024

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Navigating Vendor Speak: A Security Practitioner’s Guide to Seeing Through the Jargon

As a security industry, we need to focus our energies on those professionals among us who know how to walk the walk. (Joshua Goldfarb)

SD-WAN: Don’t Build a Dead End, Prepare for Future-Proof Secure Networking

SD-WAN must be scalable, stable, secure, and fully operational to serve as a strong base for seamless modernization and progression to SASE. (Etay Maor)

You Against the World: The Offenders Dilemma

Foreign attackers have many more toolsets at their disposal, so we need to make sure we’re selective about our modeling, preparation and how we assess and fortify ourselves. (Tom Eston)

Why Intelligence Sharing Is Vital to Building a Robust Collective Cyber Defense Program

With automated, detailed, contextualized threat intelligence, organizations can better anticipate malicious activity and utilize intelligence to speed detection around proven attacks. (Marc Solomon)

Know Your Audience When Speaking to Security Practitioners

How can security practitioners make sense of the vendor landscape and separate those who talk a good game from those who can execute, perform, and solve real problems for enterprises? (Joshua Goldfarb)

Identity & Access

Cyber Insights 2023 | Zero Trust and Identity and Access Management

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...

Kevin TownsendFebruary 6, 2023

Malware & Threats

Chinese Gov Hackers Caught Hiding in Cisco Router Firmware

The NSA and FBI warn that a Chinese state-sponsored APT called BlackTech is hacking into network edge devices and using firmware implants to silently...

Ryan NaraineSeptember 27, 2023

Cybersecurity Funding

Network Security Company Corsa Security Raises $10 Million

Network security provider Corsa Security last week announced that it has raised $10 million from Roadmap Capital. To date, the company has raised $50...

Ionut ArghireOctober 24, 2022

Network Security

Cyber Insights 2023 | Attack Surface Management

Attack surface management is nothing short of a complete methodology for providing effective cybersecurity. It doesn’t seek to protect everything, but concentrates on areas...

Kevin TownsendJanuary 31, 2023

Application Security

VMware Patches VM Escape Flaw Exploited at Geekpwn Event

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Ryan NaraineDecember 13, 2022

Application Security

Fortinet Ships Emergency Patch for Already-Exploited VPN Flaw

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Ryan NaraineDecember 12, 2022

Network Security

‘HTTP/2 Rapid Reset’ Zero-Day Exploited to Launch Largest DDoS Attacks in History

A zero-day vulnerability named HTTP/2 Rapid Reset has been exploited to launch some of the largest DDoS attacks in history.

Eduard KovacsOctober 10, 2023

Identity & Access

Password Dependency: How to Break the Cycle

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Torsten GeorgeJanuary 25, 2023

SECURITYWEEK NETWORK:

ICS:

SecurityWeek

Network Security

Tenable Shells Out $45 Million to Acquire Bit Discovery

More from Ryan Naraine

Latest News

Trending

CIEM Chat: How to Reduce Cloud Identity Risk

Virtual Event: Ransomware Resilience & Recovery Summit

People on the Move

Expert Insights

Navigating Vendor Speak: A Security Practitioner’s Guide to Seeing Through the Jargon

SD-WAN: Don’t Build a Dead End, Prepare for Future-Proof Secure Networking

You Against the World: The Offenders Dilemma

Why Intelligence Sharing Is Vital to Building a Robust Collective Cyber Defense Program

Know Your Audience When Speaking to Security Practitioners

Related Content

Identity & Access

Cyber Insights 2023 | Zero Trust and Identity and Access Management

Malware & Threats

Chinese Gov Hackers Caught Hiding in Cisco Router Firmware

Cybersecurity Funding

Network Security Company Corsa Security Raises $10 Million

Network Security

Cyber Insights 2023 | Attack Surface Management

Application Security

VMware Patches VM Escape Flaw Exploited at Geekpwn Event

Application Security

Fortinet Ships Emergency Patch for Already-Exploited VPN Flaw

Network Security

‘HTTP/2 Rapid Reset’ Zero-Day Exploited to Launch Largest DDoS Attacks in History

Identity & Access

Password Dependency: How to Break the Cycle

SECURITYWEEK NETWORK:

ICS:

More from Ryan Naraine

Latest News

Trending

Daily Briefing Newsletter

CIEM Chat: How to Reduce Cloud Identity Risk

Virtual Event: Ransomware Resilience & Recovery Summit

People on the Move

Expert Insights

Navigating Vendor Speak: A Security Practitioner’s Guide to Seeing Through the Jargon

SD-WAN: Don’t Build a Dead End, Prepare for Future-Proof Secure Networking

You Against the World: The Offenders Dilemma

Why Intelligence Sharing Is Vital to Building a Robust Collective Cyber Defense Program

Know Your Audience When Speaking to Security Practitioners

Related Content

Identity & Access

Cyber Insights 2023 | Zero Trust and Identity and Access Management

Malware & Threats

Chinese Gov Hackers Caught Hiding in Cisco Router Firmware

Cybersecurity Funding

Network Security Company Corsa Security Raises $10 Million

Network Security

Cyber Insights 2023 | Attack Surface Management

Application Security

VMware Patches VM Escape Flaw Exploited at Geekpwn Event

Application Security

Fortinet Ships Emergency Patch for Already-Exploited VPN Flaw

Network Security

‘HTTP/2 Rapid Reset’ Zero-Day Exploited to Launch Largest DDoS Attacks in History

Identity & Access

Password Dependency: How to Break the Cycle