December 2, 2019
Cybersecurity market leaders create the industry's first unified, risk-based platform for IT and OT security
Tenable®, Inc., the Cyber Exposure company, today announced that it has acquired Indegy Ltd., a leader in industrial cybersecurity which provides visibility, security and control across operational technology (OT) environments.
“For every company in every industry, OT is now part of the modern attack surface. CISOs are being asked to secure OT systems alongside IT, but lack the necessary visibility and technology to manage and measure OT cyber risk in the same way as IT risk,” said Amit Yoran, chairman and CEO, Tenable. “The combination of Tenable and Indegy brings together two pioneers of IT vulnerability management and industrial cybersecurity to deliver the industry’s first unified, risk-based view of IT and OT security. This is a game changer that will help transform how security and the C-suite make strategic decisions around OT risk. This acquisition is a critical milestone in delivering on our Cyber Exposure strategy to help organizations understand and reduce cyber risk across the entire modern attack surface. Indegy extends our depth of OT expertise and intelligence, and our breadth of OT-specific capabilities from vulnerability management to asset inventory, configuration management and threat detection. We look forward to working with the Indegy team to help the industry usher in the next wave of IT/OT convergence.”
“When we started Indegy we set out on a mission to protect industrial networks through a mix of cybersecurity expertise and hands-on OT experience, developing products which solve the hardest industrial cybersecurity challenges,” said Barak Perelman, co-founder and CEO, Indegy. “We are excited to accelerate this mission by joining Tenable, a visionary IT cybersecurity leader with a trusted brand and proven track record of product innovation. We look forward to working with the Tenable team and bringing OT cyber capabilities to its broad customer base.”
OT Cybersecurity Risk is a Critical Business Risk
In the digital era, OT cybersecurity risk is a critical business risk. Not only is the frequency of OT attacks increasing but the impact of an OT security event can have a material effect on business operations spanning beyond information leakage to equipment damage, safety concerns for employees, or a major environmental incident. A recent survey by the Ponemon Institute and Siemens found that the majority of respondents viewed cyber threats to be a greater risk to OT environments than to IT. Modern OT environments increasingly interconnect with IT as companies consolidate their operational data to optimize costs and accelerate innovation. The result is a complex, sensitive and vastly expanded attack surface for Chief Information Security Officers (CISO) to manage, often without visibility into OT environments.
Tenable and Indegy deliver the following capabilities within a single platform:
- Risk-based measurement: Score, trend and benchmark IT and OT together in Tenable Lumin™, the company’s advanced visualization, analytics and measurement solution for cyber exposure. Organizations can apply a dedicated approach to IT and OT through asset-relevant policies, metrics and KPIs, while leveraging the power of Tenable Lumin to measure IT and OT risk together for more comprehensive decision-making.
- Unified view of IT and OT vulnerabilities: View and manage OT security issues alongside IT vulnerabilities, from assessment through closed-loop remediation verification. OT vulnerabilities now leverage the power of Tenable Predictive Prioritization, which applies data science to prioritize OT issues for remediation based on the vulnerability and its likelihood of exploitability.
- Depth of intelligence into OT environments: Indegy brings a deep understanding of the complete OT device, including components from multiple vendors and how they relate to each other, for more accurate and comprehensive management.
- IT and OT vulnerability assessment: Through its deep OT device intelligence, Indegy pioneered and patented a safe and non-intrusive way to bring active analysis to OT devices alongside passive monitoring. Indegy’s assessment approach, alongside Tenable’s combination of agent-based scanning, active analysis and passive monitoring, create the industry’s most accurate and comprehensive vulnerability data set.
- OT-specific process management: Security and plant operations teams both benefit from Indegy’s powerful OT asset inventory, configuration management and threat detection capabilities, in addition to its vulnerability management.
The Indegy Industrial Cybersecurity Suite integration with Tenable.sc™, for on-prem vulnerability management, is available today. The Indegy integration with Tenable.io®, for cloud-based vulnerability management, and Tenable Lumin will be available in the first half of 2020.
We completed the transaction today for $78 million in cash, subject to customary purchase price adjustments.
Indegy’s financial results are expected to be immaterial to our fourth quarter 2019 revenue and current calculated billings performance. Our fourth quarter 2019 non-GAAP net loss and non-GAAP net loss per share are expected to increase approximately $2 million and $0.02 per share, respectively.
In connection with this transaction, we expect to incur certain deal-related costs in the range of $15 million to $17 million, primarily related to the transfer of acquired intellectual property and other transaction costs. These costs are primarily one-time in nature and anticipated to increase our GAAP net loss per share in the range of $0.15 to $0.17 in the fourth quarter of 2019.
Management Conference Call
We will host a conference call on December 2, 2019 at 4:30 p.m. ET to discuss this transaction. A live webcast of the event will be on the Investor Relations portion of our website. A live dial-in will be available domestically at 1-877-407-9716 and internationally at 1-201-493-6779. A replay will be available on the Tenable Investor Relations website at https://investors.tenable.com until 11:59 p.m. ET on December 16, 2019.
Tenable®, Inc. is the Cyber Exposure company. Over 27,000 organizations around the globe rely on Tenable to understand and reduce cyber risk. As the creator of Nessus®, Tenable extended its expertise in vulnerabilities to deliver the world’s first platform to see and secure any digital asset on any computing platform. Tenable customers include more than 50 percent of the Fortune 500, more than 25 percent of the Global 2000, and large government agencies. Learn more at tenable.com.
This press release includes forward-looking statements within the meaning of the "safe harbor" provisions of the Private Securities Litigation Reform Act of 1995. All statements contained in this press release other than statements of historical fact, including statements regarding our acquisition of Indegy, statements about the potential benefits of the acquisition, our possible or assumed business strategies, potential growth opportunities and new products, potential market opportunities and Tenable’s anticipated future financial and business performance for the fourth quarter ended December 31, 2019, are forward-looking statements and represent our views as of the date of this press release. The words “anticipate,” believe,” “continue,” “estimate,” “expect,” “intend,” “may,” “will” and similar expressions are intended to identify forward-looking statements. We have based these forward-looking statements on our current expectations and projections about future events and financial trends that we believe may affect our financial condition, results of operations, business strategy, short-term and long-term business operations and objectives and financial needs. These forward-looking statements are subject to a number of assumptions and risks and uncertainties, many of which involve factors or circumstances that are beyond our control that could affect our financial results, including risks related to our ability to successfully integrate Indegy’s operations, our ability to implement our plans, forecasts and other expectations with respect to Indegy’s business, our ability to realize the anticipated benefits of the acquisition of Indegy (including the possibility that the expected benefits from the acquisition will not be realized or will not be realized within the expected time period), disruption from the acquisition making it more difficult to maintain business and operational relationships, the negative effects of the consummation of the acquisition on the market price of our common stock or on our operating results, unknown liabilities, attracting new customers and maintaining and expanding our existing customer base, our ability to scale and update our platform to respond to customers' needs and rapid technological change, increased competition on our market and our ability to compete effectively and expansion of our operations and increased adoption of our platform internationally. Additional risks and uncertainties are detailed in the sections titled "Risk Factors" and "Management's Discussion and Analysis of Financial Condition and Results of Operations" in our Annual Report on Form 10-K for the year ended December 31, 2018, our Quarterly Report on Form 10-Q for the quarter ended September 30, 2019 and other filings that we make from time to time with the SEC, which are available on the SEC's website at sec.gov. Moreover, we operate in a very competitive and rapidly changing environment. New risks emerge from time to time. It is not possible for our management to predict all risks, nor can we assess the impact of all factors on our business or the extent to which any factor, or combination of factors, may cause actual results to differ materially from those contained in any forward-looking statements we may make. In light of these risks, uncertainties and assumptions, the future events and trends discussed in this press release may not occur and actual results could differ materially and adversely from those anticipated or implied in any forward-looking statements. Except as required by law, we are under no obligation to update these forward-looking statements subsequent to the date of this press release, or to update the reasons if actual results differ materially from those anticipated in the forward-looking statements.
Non-GAAP Financial Measures
This press release contains references to non-GAAP net loss and non-GAAP net loss per share, which are measures that we present to enhance investors' overall understanding of our financial performance and should not be considered a substitute for, or superior to, the financial information prepared and presented in accordance with generally accepted accounting principles in the United States (GAAP). For a description of these non-GAAP measures, their limitations and a reconciliation to the most comparable GAAP financial measures, see the Company's press release issued on October 29, 2019 reporting financial results for the quarter ended September 30, 2019.