Tenable Holdings Stock

Tenable Holdings, Inc. operates as a provider of exposure management solutions.

The company’s solutions provide broad visibility into security issues, such as vulnerabilities, misconfigurations, internal and regulatory compliance violations and other indicators of the state of an organization’s security across IT infrastructure and applications, cloud environments, Active Directory and industrial internet of things and operational technology environments.

Solutions

With Tenable One, organizations can translate technical data about assets, vulnerabilities and threats into clear business insights and actionable intelligence for security executives and practitioners. The platform combines the broad, industry leading, vulnerability coverage, spanning IT assets, cloud resources, containers, web apps and identity systems. Tenable One builds on the speed and breadth of vulnerability coverage from the company’s research team of cybersecurity and data science experts, or Tenable Research, and adds aggregated exposure view analytics, guidance on mitigating attack pathways and a centralized asset inventory. Tenable One leverages artificial intelligence, or AI, and machine learning, or ML, to rapidly analyze and interpret vast data sets, deliver rapid prioritization of exposures and assets and the likelihood of exploit, deliver recommendations, and automates routine tasks and streamlines workflows. AI and ML improves vulnerability prioritization and the ability to accurately gauge the risk posed by identities and entitlements across cloud and on-premise environments.

Tenable One incorporates these Tenable products:

Tenable Vulnerability Management: The company’s cloud-delivered software-as-a-service, or SaaS, vulnerability management offering that provides organizations with a risk-based view of traditional and modern attack surfaces. Tenable Vulnerability Management is designed with views, workflows and dashboards to deliver a complete and continuous view of all assets, both known and previously unknown, and any associated vulnerabilities, internal and regulatory compliance violations, misconfigurations and other cybersecurity issues, prioritize these issues for remediation based on risk assessment and predictive analytics, and provide insightful remediation guidance.

Tenable Cloud Security: Built on cloud-native application protection platform (CNAPP) technology, and leading cloud infrastructure entitlement management (CIEM) acquired with Ermetic in October 2023, Tenable Cloud Security enables security teams to continuously assess the security posture of their cloud environments by maintaining a current view of cloud assets and identities to minimize exposure and enforce a least privilege approach at scale. Tenable Cloud Security provides cloud security teams the tools they need to apply security and compliance policies, prioritize security gaps and remediate risks that matter most across multi-cloud environments.

Tenable Identity Exposure: The company’s solution to secure Active Directory environments by enabling users to find and fix existing weaknesses before they are exploited and detect and respond to ongoing attacks in real time without the need to deploy agents or use privileged accounts.

Tenable Web App Scanning: The company’s easy-to-use, comprehensive and automated Vulnerability Scanning for modern web applications, which allows organizations to quickly configure and manage web app scans, enabling them to identify vulnerabilities and prioritize remediation.

Tenable Lumin Exposure View: The company’s measurement tool, which leverages its expansive knowledge base of assets and vulnerabilities coupled with data science insights, to help the company’s customers objectively score, trend and benchmark cyber risk across their organizations, including by business unit or geography, for comparison and best practices. This capability is critical to help security executives effectively translate technical information and communicate cybersecurity risk to a non-technical audience, including the C-suite and the board of directors, to enable them to make better strategic decisions on where to focus investment to maximize cybersecurity risk reduction.

Tenable Attack Surface Management: The company’s External Attack Surface Management solution continuously maps the internet, enabling security teams to discover connections to internet-facing assets so they can assess the cybersecurity posture of their entire external attack surface.

Tenable Security Center: The company’s on-premises Vulnerability Management offering that provides a risk-based view of an organization’s IT, security and compliance posture so organizations can quickly identify, investigate and prioritize their assets and vulnerabilities based on risk assessment and predictive analytics, and provide insightful remediation guidance.

Tenable OT Security: The company’s Operational Technology Security solution that provides threat detection, asset tracking, vulnerability management, and configuration control capabilities to protect OT environments, including industrial networks.

All of the above products, now available in Tenable One, continue to be offered as standalone solutions.

In addition, the company’s Nessus product line is one of the most widely deployed vulnerability assessment solutions in the cybersecurity industry and underpins the company’s enterprise platform. Since the introduction of Nessus in 1998, the company has built and nurtured an extensive community of Nessus users. The company continues to cultivate knowledge and affinity within this user base, which, when combined with the company’s enterprise customers and Tenable Research, creates powerful network effects in the form of a continuous feedback loop of data and insights. The company use these learnings to expand its assessment capabilities and coverage, continually optimize the company’s solutions and inform the company’s product strategy and innovation priorities. These data and insights will also fuel and strengthen the company’s benchmarking capabilities over time.

Nessus Expert adds Web App scanning capabilities, Infrastructure as Code, or IaC, scanning along with external attack surface discovery capabilities to identify all domains and subdomains that make up an organization’s external-facing attack surface. Nessus Expert enables users to programmatically detect cloud infrastructure misconfigurations and vulnerabilities in the design and build phases of the software development lifecycle and continuously discover and inventory an organization's internet-facing assets from an attacker's perspective.

Technology Ecosystem

The company has partnered and/or integrated with market leading technology companies to pioneer the industry’s first exposure management ecosystem to help organizations build resilient cybersecurity programs. The company’s ecosystem consists of a variety of third-party data import sources integrated into the company’s platform offerings, as well as export of the company’s data out to third-party IT systems. The company’s technology ecosystem connects disparate solutions and data to automate processes and accelerate an organization’s ability to understand, manage and reduce its cyber risk.

The company integrates a variety of third-party data sources, including ticketing, configuration management databases, or CMDBs, and systems management, into the company’s platform to augment the company’s native data collection and help with analysis and remediation prioritization. Furthermore, the company’s data is exported out to enrich third-party IT management and security systems.

Growth Strategy

The company’s strategies are to continue to acquire new enterprise platform customers; expand asset coverage within the company’s customer base; invest in the company’s technology platform; and explore acquisition opportunities.

Customers

The company sells and markets its enterprise platform offerings through the company’s sales force that works closely with the company’s channel partners, including a network of distributors and resellers, in developing sales opportunities. The company uses a two-tiered channel model whereby the company sells its enterprise platform offerings to its distributors, which in turn sell to the company’s resellers, which then sell to end users, which the company calls customers.

The company’s customers are located in over 170 countries and include organizations of all sizes and span a wide range of industries, including manufacturing, energy and industrials; technology, media and telecommunications; banking, insurance and finance; government, education and non-profit; healthcare; and retail and consumer.

At December 31, 2023, the company had approximately 44,000 customers. At December 31, 2023, the company’s customers included approximately 65% of the Fortune 500 and approximately 50% of the Global 2000 and large government agencies.

Sales and Marketing

Both direct-touch and channel-originated sales are fulfilled through the company’s channel partnerships. The company’s sales and customer success renewal teams collaborate closely with the company’s channel partners to prospect, manage and support its customers, developing and maintaining close relationships with all of the company’s enterprise platform customers.

The company sells to organizations of all sizes across a broad range of industries, with a specific focus on enterprise accounts. The company’s sales team is divided by customer size and geography, including the Americas; Europe, the Middle East and Africa, or EMEA; and the Asia Pacific and Japan.

The company’s channel partners include distributors, value-added resellers, system integrators, and managed security service providers.

The company’s marketing efforts focus on cultivating brand awareness and leveraging the company’s track record of innovation in exposure management to expand into new markets. The company is focused on building demand across all segments with a specific emphasis on the company’s enterprise customers and delivering tailored marketing programs for security executives, functional managers, security practitioners, managed service providers and consultants. The company’s marketing efforts are also designed to create a broad community and establish the Tenable brand as a trusted resource of credible educational information. The company provides a variety of educational resources for cybersecurity practitioners and leaders, as well as cloud security teams, DevOps teams, OT practitioners and identity and access management practitioners, including a community forum where customers can ask questions of the company’s experts and their peers. The company executes marketing programs targeted at new customer acquisition, customer retention and cross-selling and up-selling of products across the company’s platform.

Intellectual Property

At December 31, 2023, the company had 38 issued patents and 21 patent applications pending in the United States. The company’s issued patents expire between 2027 and 2042 and cover the company’s network scanning, monitoring and analysis technologies and additional features of the company’s platform offerings. At December 31, 2023, the company had 20 registered trademarks in the United States.

‘Tenable,’ ‘Nessus,’ the Tenable logo and other trademarks or service marks are the property of the company.

Government Regulation

Like other U.S.-based IT security products, the company’s products are subject to the U.S. export control laws and regulations, specifically the Export Administration Regulations, or EAR, the U.S. economic and trade sanctions regulations and applicable foreign government import, export and use requirements. These laws prohibit or restrict the export of the company’s products and services to certain countries, regions, governments, entities or persons subject to trade restrictions.

Competition

The company’s competitors include vulnerability management and assessment vendors, including Qualys and Rapid7; diversified security software and services vendors; endpoint security vendors with vulnerability assessment capabilities, including CrowdStrike; public cloud vendors and companies, such as Palo Alto Networks and Wiz, that offer solutions for cloud security (private, public and hybrid cloud); and providers of point solutions that compete with some of the features present in the company’s solutions.

History

Tenable Holdings, Inc. was founded in 2002. The company was incorporated in Delaware in 2015.