February 10, 2021
Tenable Holdings, Inc. (“Tenable”) (Nasdaq: TENB), the Cyber Exposure company, today announced that it has entered into a definitive agreement to acquire Alsid SAS (“Alsid”), a leader in Active Directory security. Alsid for Active Directory is a Software as a Service (SaaS) solution with an on-premises deployment option that monitors the security of Active Directory in real time. The solution enables users to find and fix existing weaknesses with dynamic threat scoring, complexity ratings and recommended actions. Alsid continuously and non-disruptively discovers new attack pathways and detects ongoing attacks in real time, recommending remediations without the need to deploy agents or leverage privileged accounts.
Exploiting user privileges via Active Directory is a favorite and predictable tactic in many sophisticated compromises and common hacks. This risk has never been more acute than it is today, with so many people working remotely and often using personal devices to connect to corporate systems, with Active Directory playing a critical role in managed single sign on. For this reason, organizations are increasingly focusing on securing accounts -- employees, service contractors, temporary workers, systems accounts and others -- and their access to and permissions across systems as strategic to their cybersecurity posture. Understanding account access to systems and how those cascade across compute environments is a strategic and important complement to vulnerability management and systems hygiene and is increasingly imperative to managing risk holistically, especially in complex cloud and hybrid environments.
“Tightly controlling the privileges of accounts in Active Directory is as foundational to reducing risk to the business as the basic blocking and tackling of deploying security updates. As we've seen with the flurry of hacks, ranging from the sophisticated SolarWinds compromise all the way down to common ransomware attacks, attackers go after the Active Directory infrastructure to increase access and establish persistence,” said Amit Yoran, chairman and CEO, Tenable. “We’re impressed with the insights that Alsid brings to enterprise customers and look forward to working with the Alsid team to add this critical element to Cyber Exposure and risk management.”
“We started Alsid to help organizations solve one of the biggest security challenges, an unprotected Active Directory, which is one of the most common ways for threat actors to move laterally across enterprise systems,” said Emmanuel Gras, CEO and co-founder, Alsid. “Our approach has always focused on helping our customers anticipate future attacks so they can keep their business running as usual. We believe Tenable cherishes this same vision of cybersecurity, and we’re excited to join forces and to have the opportunity to provide our users with a better, more complete approach to cyber preparedness.”
Alsid was founded in 2016 by two former incident responders from the French National Cybersecurity Agency (ANSSI), Emmanuel Gras and Luc Delsalle. Alsid’s founders will join Tenable in senior leadership roles focused on continuing to develop innovative solutions to Active Directory risk and security assessment and expanding into new markets globally.
Under the terms of the agreement, Tenable will acquire Alsid for a total purchase price of $98 million in cash, subject to customary purchase price adjustments. The acquisition is expected to close early in the second quarter of 2021, subject to regulatory approvals and the satisfaction of customary closing conditions.
Alsid’s financial results in 2021 are expected to contribute approximately one percentage point of growth to revenue and calculated current billings and increase incremental operating expenses in the range of $15-20 million, while free cash flow is expected to be impacted to a lesser extent and be accretive some time in 2022. We expect to incur $3-4 million in acquisition-related expenses, including transaction expenses over the course of the first and second quarters in 2021. Consistent with prior practice, we plan to exclude these costs from our non-GAAP results.
For more information about the announcement, visit the Investor FAQ page. Tenable also shares news and updates on its Investor Relations website at investors.tenable.com, which may be of interest or material to Tenable investors.
The company will participate in a fireside chat at the Goldman Sachs Technology and Internet Conference 2021 on Wednesday, February 10 at 9:40 AM ET. More information and a webcast link is available here.
Tenable® is the Cyber Exposure company. Over 30,000 organizations around the globe rely on Tenable to understand and reduce cyber risk. As the creator of Nessus®, Tenable extended its expertise in vulnerabilities to deliver the world’s first platform to see and secure any digital asset on any computing platform. Tenable customers include more than 50 percent of the Fortune 500, more than 30 percent of the Global 2000 and large government agencies. Learn more at www.tenable.com.
Forward Looking Statements
This press release contains forward-looking information related to Tenable, Alsid and the potential acquisition that involves substantial risks, uncertainties and assumptions that could cause actual results to differ materially from those expressed or implied by such statements. Forward-looking statements in this communication include, among other things, statements about the potential benefits of the acquisition, anticipated earnings enhancements, anticipated capital expenditures and product developments and other possible or assumed business strategies, potential growth opportunities, new products and potential market opportunities. Risks and uncertainties include, among other things, our ability to successfully integrate Alsid’s operations; our ability to implement our plans, forecasts and other expectations with respect to Alsid’s business; our ability to realize the anticipated benefits of the acquisition, including the possibility that the expected benefits from the acquisition will not be realized or will not be realized within the expected time period; our ability to consummate the transaction pursuant to the terms and in accordance with the timing described in this press release; failure to obtain necessary regulatory approvals (and the risk that such approvals may result in the imposition of conditions that could adversely affect the combined company or the expected benefits of the transaction); disruption from the acquisition making it more difficult to maintain business and operational relationships; the inability to retain key employees; the negative effects of the consummation of the acquisition on the market price of our common stock or on our operating results; unknown liabilities; attracting new customers and maintaining and expanding our existing customer base, our ability to scale and update our platform to respond to customers’ needs and rapid technological change, increased competition on our market and our ability to compete effectively, and expansion of our operations and increased adoption of our platform internationally.
Additional risks and uncertainties that could affect our financial results are included in the section titled “Risk Factors” and “Management’s Discussion and Analysis of Financial Condition and Results of Operations” in our Annual Report on Form 10-K for the year ended December 31, 2019, our quarterly report on Form 10-Q for the quarter ended September 30, 2020 and other filings that we make from time to time with the Securities and Exchange Commission which are available on the SEC’s website at www.sec.gov. In addition, any forward-looking statements contained in this communication are based on assumptions that we believe to be reasonable as of this date. Except as required by law, we assume no obligation to update these forward-looking statements, or to update the reasons if actual results differ materially from those anticipated in the forward-looking statements.