Vulnerability Assessment & Penetration Testing (VA/PT)

Tenable's $25M Venture Capital Fund Seeks Early-Stage Firms

New Tenable Ventures Fund Focuses on Cloud, OT, Code, Identity and Backs 3 Startups
Tenable's $25M Venture Capital Fund Seeks Early-Stage Firms
Brian Goldfarb, chief marketing officer, Tenable (Image: Tenable)

Tenable has debuted a $25 million corporate investment program to support prevention-focused startups focused on technologies including cloud, OT security and identity.

See Also: Unmasking the Future of Fraud: Battling Digital Identity Fraud in the Age of Generative AI

The Baltimore-area exposure management vendor says Tenable Ventures plans to scour Israel and the United States for startups that believe the most effective way to reduce risk is by preventing successful attacks, says Chief Marketing Officer Brian Goldfarb. Tenable is open to investing in spaces where the company already plays today as well as bankrolling firms in new areas such as developer and code security.

"We wanted to put a stake in the ground and commit to working with these companies," Goldfarb says. "As we see great opportunities, we're going to take advantage of them."

Tenable has been on a journey over the past year to evolve the company from vulnerability management to exposure management, which is focused on helping businesses prevent successful attacks. Goldfarb says he wants to use Tenable Ventures to build an ecosystem of startups that can support Tenable in preventing successful attacks (see: Tenable CEO on What's New in Cyber Exposure Management).

'We're Casting a Pretty Wide Net'

Goldfarb says the investments will build on Tenable's existing capabilities around both determining which doors to the customers' business are unlocked and helping the customer figure out what to lock to prevent successful attacks. Through Tenable Ventures, he says, the company hopes to gain a more horizontal view of the attack landscape and avoid looking at threats in a silo.

"In the world of cybersecurity, you've got to prevent first, so that you can do a better job of reacting and responding when you have to," Goldfarb says.

Tenable Ventures revealed existing investments in software supply chain security vendor Lineaje, identity threat detection and response platform Authomize, and API exposure and threat management startup Araali Networks. The cash infusions took place over the last five quarters, and Tenable led the investment in all three instances, says Matthew Olton, senior vice president of strategy and corporate development.

Goldfarb praised Lineaje for its ability to uncover unknown vulnerabilities around open-source software and Authomize for helping Tenable build out its identity knowledge beyond Microsoft Active Directory. Identity plays a more central role than ever before in exposure management, and he says focusing on identity helps people prioritize risk since hackers care most about devices belonging to resources in R&D.

Araali, meanwhile, is another identity play focused on DevSecOps and cloud-native workloads, according to Goldfarb. Tenable was the lead investor in Lineaje, Authomize and Araali Networks, but can also join financing rounds led by others going forward, Olton says. Having an existing integration with Tenable would be a plus for any investment target, but Tenable isn't making it a prerequisite, Goldfarb says.

Although identity has been a major focus for Tenable Ventures thus far, Goldfarb says the company plans to explore investments in other areas that can help organizations manage cyber risk, such as complex configurations, IT-OT convergence and critical infrastructure. Goldfarb says Tenable has done $5 million investments in the past and expects future funding to trend smaller as well. "We're casting a pretty wide net to make sure we get the largest ecosystem possible to give customers a better story in preventing attacks," Goldfarb says.

'Helping Customers Better Manage Their Risk'

From a metrics standpoint, Goldfarb says, Tenable Ventures plans to monitor the return on its financial investment, ecosystem expansion and the creation of awareness around how important prevention is in the broader cybersecurity market. By planting seeds in new areas of cybersecurity, he hopes to create more surface areas for startups to succeed, even if they are not necessarily the companies Tenable is funding.

"Tenable Ventures is helping customers better manage their risk," Goldfarb says. "How do they get a wider view of all the things that are going on, best prioritize what they need to fix, and ultimately have less surface area to protect in the long term? Tenable Ventures is trying to push capital toward those types of investments."

Tenable is the fourth cybersecurity vendor to launch a venture fund over the past year. SentinelOne in September 2022 debuted S Ventures with $100 million in funding and a focus on security and data startups of all sizes. S Ventures will serve startups across all stages of the life cycle from seed and Series A to market-leading, late-stage companies, says Rob Salvagno, senior vice president of corporate development (see: SentinelOne's $100M Venture Capital Fund Seeks Data Startups).

In June 2022, Ping Identity unveiled a $50 million fund and a focus on seed, Series A and Series B firms addressing challenges such as real-time identity verification, decentralized identity and machine identity. And in May 2022, CyberArk Ventures debuted with $30 million and a focus on seed and Series A companies in adjacent markets.

CyberArk, Ping Identity, SentinelOne and Tenable follow in the wake of CrowdStrike's high-profile Falcon Fund, launched in August 2019 with $20 million and a partnership with Accel. CrowdStrike added $100 million in January 2022. Falcon Fund has invested in 14 startups, including RSA Innovation Sandbox Contest winner Talon, detection and response platform Corelight and API protection firm Salt Security.

About the Author

Michael Novinson

Michael Novinson

Managing Editor, Business, ISMG

Novinson is responsible for covering the vendor and technology landscape. Prior to joining ISMG, he spent four and a half years covering all the major cybersecurity vendors at CRN, with a focus on their programs and offerings for IT service providers. He was recognized for his breaking news coverage of the August 2019 coordinated ransomware attack against local governments in Texas as well as for his continued reporting around the SolarWinds hack in late 2020 and early 2021.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.