Tenable Network Security Acquires FlawCheck To Boost Security In Docker Containers
For the first acquisition in the company's 14-year history, Tenable Network Security has purchased container security startup FlawCheck to enhance security in Docker containers with plans to launch an integrated product next year.
Tenable, a Columbia, Md.-based vendor that develops the widely used Nessus vulnerability scanner, said the acquisition makes it the first vulnerability management company to provide security for Docker containers that support organizations' DevOps processes.
Terms of the deal were not disclosed.
[Related: 10 Things Partners Should Know About Cisco's $2 Billion Security Business]
Bill Tracy, director of solution architecture at Structured Communications Systems, a Portland, Ore.-based solution provider and Tenable partner ranked No. 241 on the 2016 Solution Provider 500 list, said the FlawCheck acquisition should help fix security issues inside container environments.
"DevOps and containerized software are becoming somewhat of the norm," said Tracy. "Vulnerabilities are being introduced into production through these DevOps processes … so the [acquisition of FlawCheck] will be a big help to solve some of those problems for customers."
San Francisco-based FlawCheck was founded in 2015 with the goal of making Docker containers more secure by helping businesses scan container images for vulnerabilities, malware and other risks.
The company scans containers early in the software development life cycle to make it easier and safer to deploy them in production, followed up by continuous monitoring for vulnerabilities and malware, according to Renaud Deraison, chief technology officer and co-founder of Tenable.
"The unique capabilities within FlawCheck to continuously monitor container images for malware and vulnerabilities are a natural extension of the container security capabilities already available to Tenable customers," said Deraison in a statement.
Tenable’s flagship products include SecurityCenter Continuous View that delivers real-time monitoring of IT assets, network activity and device events, as well as Nessus, which it touts as the global standard in detecting and assessing network data. Its security software uses analytics to give organizations a real-time view of their entire network.
In 2015, Tenable raised $250 million in a Series B funding round led by Insight Venture Partners and Accel.
"We're excited for the innovation ahead [at Tenable]," said Structured Communications Systems' Tracy. "FlawCheck looks like it will help them build more pipelines."
In July, Tenable made a key hire in Dave Cole from Crowdstrike as its new chief product officer. A former executive at Symantec, Foundstone and Internet Security Systems, Cole is responsible for driving Tenable's technology development.
At the RSA Conference this year, the company launched three new security offerings to build on its Defense in Depth model. Tenable added a NIST Cybersecurity Framework that provides automated assessment of technical controls based on the NIST framework; threat hunting, a scanning and data collection offering; and ShadowIT, an advanced set of capabilities to prevent shadow IT.
Tenable has more than 1 million users and more than 20,000 enterprise customers worldwide including the U.S. Department of Defense, according to a release.