GlobeNewswire | October 03, 2023
Tenable® Holdings, Inc., the Exposure Management company, today announced it has closed its acquisition of Ermetic, Ltd. (“Ermetic”), an innovative cloud-native application protection platform (CNAPP) company, and a leading provider of cloud infrastructure entitlement management (CIEM). The acquisition combines two cybersecurity innovators and marks an important milestone in Tenable’s mission to shift organizations to proactive security. The combination of Tenable and Ermetic offerings will add capabilities to both the Tenable One Exposure Management Platform and the Tenable Cloud Security solution to deliver market-leading contextual risk visibility, prioritization and remediation across infrastructure and identities, both on-premises and in the cloud.
With unified CNAPP, iron-clad CSPM protection, and industry-leading CIEM, security teams receive the context and prioritization guidance to make efficient and accurate remediation decisions. Security teams will no longer need to be cloud security experts to understand where the most urgent risks exist and what to do about them.
Tenable and Ermetic together will help organizations address some of the most difficult challenges in cybersecurity today:
Simplifying security management to meet the increasing demands of cloud infrastructure growth
Reducing the risk caused by an explosion in volume of user and machine identities in the cloud
Understanding the complex relationships and risks across all assets and identities
The unique combination of Tenable and Ermetic will give customers tightly integrated CNAPP capabilities for cloud environments, delivered through an elegant user experience that minimizes complexity and speeds adoption, said Amit Yoran, chairman and chief executive officer, Tenable. We’re delivering unparalleled insights into identities and access, which are absolutely critical to securing cloud environments. And with the integration of insights from Tenable One, customers can also consolidate, simplify and reduce costs.
The Tenable One Exposure Management Platform enables customers to gain a more complete, accurate and actionable view of their attack surface. Exposure management shifts preventive security from securing technology silos to applying contextual risk intelligence to protect the business. The acquisition of Ermetic accelerates this shift for Tenable customers, adding a depth of cloud security expertise and capabilities that provide context to prioritize risk and simplify remediation. Ermetic adds analytical strength to ExposureAI, more contextual relationships and deep data insights to make Tenable One an even more effective platform for preventive security.
Ermetic will also expand and augment Tenable Cloud Security, which enables security teams to continuously assess the security posture of cloud environments, offering full visibility and helping to prioritize efforts based on business risk.
Tenable® is the Exposure Management company. Approximately 43,000 organizations around the globe rely on Tenable to understand and reduce cyber risk. As the creator of Nessus®, Tenable extended its expertise in vulnerabilities to deliver the world’s first platform to see and secure any digital asset on any computing platform. Tenable customers include approximately 60 percent of the Fortune 500, approximately 40 percent of the Global 2000, and large government agencies. Learn more at tenable.com.
Hyper-Converged Infrastructure, Data Storage
businesswire | August 03, 2023
Ermetic, a leading cloud infrastructure security company, today announced CNAPPgoat, an open source project that allows organizations to safely test their cloud security skills, processes, tools and posture in interactive sandbox environments that are easy to deploy and destroy. CNAPPgoat supports AWS, Azure and GCP platforms for assessing the security capabilities included in Cloud Native Application Protection Platforms (CNAPP).
The CNAPPgoat project will be officially presented at DEF CON Demo Labs in Las Vegas on Friday, August 11 from 12:00pm-1:55pm by Noam Dahan, Research Lead and Igal Gofman, Head of Research for Ermetic. On Wednesday, August 16 at 10am PST/1pm EST, Ermetic will present a webinar on using CNAPPgoat, to register visit thislink.
Unlike projects that illustrate possible attack paths, CNAPPgoat provides a large and expanding library of scenarios that security teams can execute to create a customized cloud environment for simulating unsecured and vulnerable assets and validating their defenses. The ability to easily provision a vulnerable environment with a broad range of risk scenarios provides the following benefits:
Create a sandbox for testing an organization’s security posture by assessing security team capabilities, procedures and protocols
Use vulnerable environments for hands-on workshops to train team members on new skills and techniques
Provision a “shooting range” for pentesters to test their skills at exploiting the scenarios and developing relevant capabilities
Benchmark CNAPP tools against known environments to evaluate their capabilities
“Compared to existing open-source projects that create ‘capture the flag’ scenarios where participants are expected to follow a certain path, CNAPPgoat spans the leading cloud provider platforms and CNAPP capabilities while providing a modular and granular approach for provisioning specific categories of risks and vulnerabilities,” said Igal Gofman, Director of Research for Ermetic.
“This breadth and depth allows pentesters and defenders to precisely isolate the elements they want to explore for training, new skills acquisition, prevention and security posture assessments,” added Noam Dahan, Research Lead.
CNAPPgoat enables security teams, trainers and pentesters to provision and run vulnerable scenarios from the following modules that make up the CNAPP specification defined byGartner:
Cloud Infrastructure Entitlement Management (CIEM) - covers risks associated with identities and entitlements, such as the unintended ability of an identity to escalate its privileges
Cloud Workload Protection Platform (CWPP) - includes the exposure of workloads to vulnerabilities such as running vulnerable/end of life software or OS versions
Cloud Security Posture Management (CSPM) - spans the misconfiguration of cloud infrastructure components, such as publicly exposed storage resources
Infrastructure as Code (IaC) scanning - will be added soon for finding misconfigurations directly in the code
CNAPPgoat is an open community initiative designed to be used by anyone for commercial, technical and educational purposes. See today’sblogfor implementation details. Additional artifacts including deeper technical dives and guides will be released soon. Contributions are encouraged including new scenarios, scenario proposals, issues, suggestions, feature requests or simply sharing feedback. To learn more and access CNAPPgoat visit thislink.
Ermetic reveals and prioritizes security gaps in AWS, Azure and GCP and enables organizations to remediate them immediately. The Ermetic cloud native application protection platform (CNAPP) uses an identity-first approach to unify and automate cloud infrastructure entitlement management (CIEM), cloud security posture management (CSPM), cloud workload protection and Kubernetes security posture management (KSPM). It unifies full asset discovery, deep risk analysis, runtime threat detection and compliance reporting, combined with pinpoint visualization and step-by-step guidance. The company is one of America’s Best Startup Employers according toForbesand led by proven technology entrepreneurs whose previous companies have been acquired by Microsoft, Palo Alto Networks and others. Ermetic has received funding from Accel, Forgepoint, Glilot Capital Partners, Norwest Venture Partners, Qumra Capital and Target Global.
businesswire | July 21, 2023
Cadence Design Systems, Inc. (Nasdaq: CDNS) and Rambus Inc. (Nasdaq: RMBS), a premier chip and silicon IP provider making data faster and safer, today announced that they have entered into a definitive agreement for Cadence to acquire the Rambus SerDes and memory interface PHY IP business. Rambus will retain its digital IP business, including memory and interface controllers and security IP. The expected technology asset purchase also brings Cadence proven and experienced PHY engineering teams in the United States, India and Canada, further expanding Cadence’s domain-rich talent base.
“Memory and SerDes IP design and integration continues to be integral to the design of AI, data center and hyperscale applications, CPU architectures and networking devices, and the addition of the Rambus IP and seasoned team further accelerates Cadence’s Intelligent System Design strategy, which drives design excellence,” said Boyd Phelps, senior vice president and general manager of the IP Group at Cadence. “The acquisition of the Rambus PHY IP broadens Cadence’s well-established enterprise IP portfolio and expands its reach across geographies and vertical markets, such as the aerospace and defense market, providing complete subsystem solutions that meet the demands of our worldwide customers.”
“The accelerating momentum of AI and continued growth in the data center is driving ever-increasing demand for memory and security,” said Sean Fan, senior vice president and chief operating officer at Rambus. “With this transaction, we will increase our focus on market-leading digital IP and chips and expand our roadmap of novel memory solutions to support the continued evolution of the data center and AI.”
The transaction is expected to be immaterial to revenue and earnings this year for each company. It is expected to close in the third calendar quarter of 2023, subject to certain closing conditions.
Cadence is a pivotal leader in electronic systems design, building upon more than 30 years of computational software expertise. The company applies its underlying Intelligent System Design™ strategy to deliver software, hardware and IP that turn design concepts into reality. Cadence® customers are the world’s most innovative companies, delivering extraordinary products from chips to boards to complete systems for the most dynamic market applications, including hyperscale computing, 5G communications, automotive, mobile, aerospace, consumer, industrial and healthcare. For nine years in a row, Fortune magazine has named Cadence one of the 100 Best Companies to Work For. Learn more at www.cadence.com.
Rambus is a provider of industry-leading chips and silicon IP making data faster and safer. With over 30 years of advanced semiconductor experience, we are a pioneer in high-performance memory subsystems that solve the bottleneck between memory and processing for data-intensive systems. Whether in the cloud, at the edge or in your hand, real-time and immersive applications depend on data throughput and integrity. Rambus products and innovations deliver the increased bandwidth, capacity and security required to meet the world’s data needs and drive ever-greater end-user experiences. For more information, visit rambus.com.