Tenable CEO on reducing cybersecurity risks amid work from home surge

Tenable CEO Amit Yoran joins the Yahoo Finance Live panel to break down the latest cybersecurity outlook in wake of the SolarWinds hack.

Video Transcript

AKIKO FUJITA: Cybersecurity firm Tenable announcing it is acquiring Paris-based startup Alsid for $98 million today. The firm saying the acquisition will help customers find and fix security weaknesses in Microsoft's Active Directory in real-time. Let's bring in Amit Yoran. He is the CEO of Tenable. Amit, it's good to talk to you today. Walk me through this acquisition. How has something like the SolarWinds hack that we have seen play out more recently strengthened the case to really beef up some of your security assets?

AMIT YORAN: Well, I think SolarWinds is a great example of the types of cybersecurity challenges that are facing corporate America today in organizations around the world. So there are so many ways to enter a network, so many vulnerable systems out there and ways to compromise and gain access. And so organizations really need to be agile-- identify where they have exposures, tighten those up, and be able to respond to incidents as they unfold.

ZACK GUZMAN: And when we talk about the opportunity here, obviously, cybersecurity names had seen quite the pop in 2020, whether you look at a CrowdStrike or a Zscaler or Okta. When you're looking to kind of address these issues, what is Tenable doing different to maybe focus in on the enterprise opportunity here with an acquisition like this?

AMIT YORAN: Well, Tenable is foundationally about answering this question, how secure am I? How at risk am I? And how can I most efficiently reduce risk? So we help customers do that in their enterprise environments. We help them do it in the cloud. With the acquisition of Alsid, we have the ability to-- or the technology has the ability to look at directory services.

So all of the accounts across your enterprises, directory services store all of those accounts and all the passwords. And Alsid evaluates how securely or how weakly that active directory has been configured. In many cases, in many instances, there's lots of vulnerabilities there. And the configuration needs to be tightened down.

As part of the attack lifecycle, when an adversary gains access to systems, they will attempt to raise their privilege level to be able to move laterally across the environment to gain access to the information they want. And they will create new accounts to establish persistence, so that if you shut them down, they'll have these back doors to get back into your environment. So we think active directory plays an absolutely critical role in corporate cybersecurity and is part of Tenable's overall strategy to help assess and understand and address cyber risk.

AKIKO FUJITA: No question the concerns around cybersecurity have been heightened as so many of these companies have merely migrated a lot of their operations online. We've talked a lot about the digital acceleration. We had a guest on from Microsoft earlier, who was talking about being able to connect everything in the cloud in terms of the work environment. From your vantage point, how have the threats evolved as a result of this acceleration into the cloud that we've seen over the last year?

AMIT YORAN: Well, there's-- great question. And there's two things that have happened in the last year that have a profound impact on cybersecurity. One is this migration to work from home. All of the employees which were coming into an office and accessing networks and information from offices are now working from home. In that work from home world, you have fewer control points. You have less control of the environment. And one of those few and critical control points is the user's account, the account itself, their identity.

The same is true as you migrate to cloud-based infrastructures. Again, you don't have the same type of control of the overall environment. One of those few remaining control points is the actual and are the actual accounts. So again, we feel like active directory and tightly configuring and securing your active directory is an absolutely critical component to cloud security and security in a work from home environment. And again, it's one of the key reasons why this acquisition with Alsid makes tremendous sense for us.

ZACK GUZMAN: It would also, I suppose, maybe hinge on, you know, a want and a need for companies to really be investing on making sure they're checking the boxes to secure their operations here. We've been talking a lot about maybe more companies moving in the direction of Tesla to put Bitcoin or other cryptocurrencies on their balance sheet. I imagine that that makes it even more important to make sure security stop gaps are filled in here.

Talk to me about maybe some of the catalysts here because SolarWinds is obviously one. But each time we hear about these hacks, and increasingly, maybe even the nation state actors here, how has that maybe led to the overall sector as a whole growing, and how do you see that changing, moving forward?

AMIT YORAN: Well, I think all of these hacks highlight-- and SolarWinds is just the latest of a long litany of examples that we hear about almost every week in, week out. The examples continue.

What we're seeing-- and I think the most profound trend occurring in cybersecurity-- is the engagement of senior executives in understanding the board of directors. The CEO the audit and risk committee have an incredibly important role to play to assess the cybersecurity of the enterprise and ensure that you're adequately measuring and protecting against that cyber risk. We're seeing it a a corporate level. And I think that's leading to an increased level of spend and growth for the cybersecurity market.

And we're also now seeing it a a national level. We saw it with President Biden's recent attachment of cybersecurity dollars to cyber relief budget. We saw it in his initial engagements with Putin. The Cybersecurity issue has come up. So it is achieving a level of awareness and attention at senior levels of corporate and national security communities.

ZACK GUZMAN: Yeah, and nobody wants to be caught dealing with that situation, too, in those executive level positions. But Amit Yoran, Tenable CEO, appreciate you coming on here to chat all of that. Be well.