Tenable banking on Vulcan Cyber acquisition and partner ecosystem to drive exposure management

“The integration of Vulcan is ongoing, and it has been a highly adaptive, API driven platform. We’re really excited about how fast we’re going to be able to integrate the solution,” says Talib Yousry, Channel Director APJ at Tenable.

Operating a 100% channel-first model, Tenable relies on its partner ecosystem to empower organizations to manage their exposure and reduce cyber risk. The exposure management company continues to unveil critical vulnerabilities in systems which it hopes businesses will be aware of and take the necessary steps to address them.

Most recently, Tenable uncovered vulnerabilities in Kubernetes environments. According to its 2024 Tenable Cloud Risk Report, the widespread adoption of containerized applications, coupled with insufficient security measures, is exposing cloud infrastructure to risks that can result in data breaches, service disruptions, and unauthorized access to critical workloads.

Tenable also recently closed its acquisition of Vulcan Cyber, a leading innovator in exposure management. Vulcan Cyber’s capabilities are expected to enhance Tenable’s industry-leading Exposure Management platform, delivering comprehensive visibility, prioritization and remediation across the entire attack surface.

In an interview with CRN Asia, Talib Yousry, Channel Director APJ at Tenable shared how the vulnerability management company has evolved after a series of acquisitions in the past few years and now offers a host of solutions to clients not only in vulnerability management but in adjacent spaces as well.

Can you share with us how customers view Tenable’s capabilities today?

We are often used to meeting regulatory and governance requirements. I think increasingly we're perceived as and used for much more than governance and regulation because the solution is dynamic and also spreads across the entire attack surface now. It's far more than just saying I need to tick this box and make sure I have compliance and governance on the solution. And one of the areas that's particularly relevant is contextualization.

So, if you think about a long time ago, when the attack surface was quite simple, a lot of it was about, let's find our vulnerabilities and let's patch those vulnerabilities. And then as it gets more complex and bigger and there's more and more vulnerabilities, what am I going to do? I can't patch them all. So how am I supposed to manage this? Now I'm looking at my OT infrastructure as well, and so the contextualization across that becomes really important. Not all vulnerabilities and misconfigurations are created the same. So which ones do I look at? Which ones present the greatest level of risk to me. Which ones do I focus on fastest? And how do I communicate this to my own organization? And then how do I remediate all of these things. This has gone well beyond just regulation.

Why does contextualization matter in cybersecurity today?

For us, it's all about the contextualization across different domains. We can look at the whole lot and let customers know where those vulnerabilities sit between the various domains. We can also provide this for customers in a way that they can digest it and manage it. And so, we will continue to evolve and grow providing this capability as the attack surface continues to grow and expand, and the platform is really key to being able to provide these solutions.

Most customers still struggle to understand in principle and conceptually about these problems. They are aware that there are risks but are often unsure of which areas to focus on. We customers with the contextualization, because they often don't even know where vulnerabilities are sitting and where exposures are.

As an organization, we aim to help with this. The Vulcan acquisition provides continuous threat exposure management, which brings us third party integration. So now, we offer this platform to customers, whereby we offer the capability to scan for vulnerabilities and misconfiguration across the entire attack surface. We provide them with contextualization and understanding of what this data means. And through the acquisition, we can now bring third party data. We’ve gone very far beyond vulnerability management, but the concept is the same. We're finding vulnerabilities within the attack surface.

The integration of Vulcan is ongoing, and it has been a highly adaptive, API driven platform. We’re really excited about how fast we’re going to be able to integrate the solution.

How important is the partner ecosystem for Tenable?

We pride ourselves on the fact that we're a 100% channel company, and what that means is we don't do business unless partners are involved and when it sets that structure, we can't be successful without the channel. And everyone is incentivized to make sure that partners are successful. It makes it much easier to work with them. We get much better trust and engagement with them. And ultimately that helps, because we've got to teach the partners about the value proposition. We've got to ensure they trust that it's going to work. They trust us, and we work together on selling to the customers. And it does work very well

We have a very strong future value proposition whereby we’re evolving just as much as how the attack surface evolves as well. There's a degree of certainty that Tenable’s technology and solutions will remain valid on an ongoing basis.

The customer may be using a competitor of ours in one of the domains, and it may be too hard for that customer to remove that competitor. It may also be because the partner doesn't want to remove them, but we can still work beside them. We use our data ingestion from our Vulcan acquisition whereby we'll bring in that data and we'll give you analysis across the whole data stack. Now we can sit beside those other entities, and so the customer has the choice of where they use us. And that's a very strong value proposition for our channel. And this, the acquisition of Vulcan, is only a few weeks old, but the feedback we've had from the market has been tremendous.

What are the challenges partners are facing today?

We want our partners to evolve with us. One of the challenges is the pace of change is so fast, it's hard enough for us to keep up with the changes in our own business. So, what we need from partners is to bring them along with us and continually educate them and let them understand that this is what we're doing. This is why we're doing it, and this is why it's valuable for your customers, and this is how we can help you with it.

With pace being one of the challenges, keeping up the pace and ensuring that they're enabled is imperative. They understand the solution; they have the tools they need. We're supporting them into their customers, and we're able to continue to differentiate ourselves as well from the messages which everyone else is putting out onto the market.

Is Tenable looking to grow its partner ecosystem as well?

We have hundreds of partners in the region, and it's actually very easy to become a partner of Tenable. So, our goal isn't, let's find more. Our goal is more about, let's evolve the ones that we have. It doesn't mean we won't take more partners. We're always taking on new partners, but we're not in that sort of growth phase.

It's really a case of developing and expanding with the partners that we have, and that's the combination we like any organization, we have our tiering model, and we have our biggest partners at the top, and we have the size and the tail of smaller partners we want to develop rapport, distributors are key to us for this. We can't touch everyone everywhere, and so we continue to work with the distributors to provide that safety net and those enablement skills and support skills for the smaller partners, while we invest directly ourselves in evolving the bigger ones.