Tenable Ventures can offer risk prevention know-how you can't get from big IT corporates or specialist venture firms, it tells Global Venturing.

Digital circuit outlay in indigo light

Cybersecurity software producer Tenable took the wraps off corporate venture arm Tenable Ventures last week, and it believes its precise focus can give it the edge over other units.

“Intel Capital, Dell Technologies Capital – they have really become true venture firms on their own and they’re hugely sizeable,” says Matthew Olton, Tenable’s senior vice-president of strategy and corporate development, tells Global Venturing. “I don’t know the extent to which those firms provide incremental strategic value to the companies they work with.

“I think they trade on their name, and you would think the (portfolio) companies would further the strategy of Intel, Microsoft, Atlassian or whoever, but it’s hard for me to say. When the firms are that big, frankly, it’s hard for me to say what level of focus they’re able to provide.”

Olton has a point. Cybersecurity startups have had plenty of interest from corporate investors but apart from the odd outlier like CrowdStrike’s Falcon Fund, they tend to be chipmakers, banks, more generalised software companies or from neighbouring areas like access management. How many can offer the specialised focus of a Tenable?

And, while there are venture capital firms that specialise in cybersecurity startups, they have a different issue.

Matthew Olton in suit outside building
Photo courtesy of Tenable, Inc.

“There are several security-focused venture teams where, if you look at how they talk about their approach, they talk about it being aligned with name-brand venture capital firms,” Olton (pictured) says. “And I don’t really understand how that alignment is dedicated to furthering the strategy of the companies for which those venture teams work.

“They may coincidentally further the strategy, but it seems to me that they’re acting more like general venture capital firms and just chasing whatever the VCs are offering. I think from Tenable you will see a much more focused approach in 2023 and beyond, and frankly, one that brings a lot more value to the individual companies.”

US-based Tenable’s software helps organisations manage their vulnerability to cyber attacks, and Tenable Ventures is looking to fund creators of products that can integrate with and enhance its exposure management software. That’s a very precise brief.

“I think that will be a differentiator for us,” Olton says. “We don’t aspire to have a portfolio in the billions of dollars range, we aspire to have one that is very focused on our cyber risk and exposure management story. And we intend to work very closely with the companies we partner with.”

The company wants to build what it sees as an exposure management ecosystem around its platform. To give an idea of how that could look, Tenable Ventures’ first three startups are threat detection and response platform Authomize, exposure and threat management tool developer Araali Networks and Lineaje, which offers security management for the software supply chain.

“Tenable’s approach to security is preventive,” Olton explains. “We are really focused on managing your exposure, your vulnerabilities, and trying to reduce the attack surface you have. There are several other technologies out there that have the same approach, and this is the compliment to companies focused on threat detection.

“I think you will see software-as-a-service app security companies that become natural fits for the platform, as well as things like CIEM (cloud infrastructure entitlements management) vendors – anyone who takes a preventive approach to security and is focusing on building out the same exposure management vision that we have would be a future fit for the portfolio.”

A unit where the executives are the investors

Tenable Ventures is investing off the company balance sheet and it has up to $25m to play with initially, after which Olton expects a second batch of capital to be supplied.

But the unit isn’t structured like a traditional CVC arm, it’s one where everyone pitches in. The chief technology officer or chief product officer might be scouting startups, while the chief strategy officer will give their products the same intense analysis Tenable conducts with its own software.

“The beauty of the programme from my perspective is that we don’t just have venture investors,” Olton says. “We have lots of participation from our CEO, our CFO, our CTO, our chief strategy officer, our chief information officer and our chief product officer.

“Everybody is focused on the same strategy at Tenable and we all recognise this is an important extension, and so we all contribute to the process. And what’s great about that is that it’s a lot of validation for companies in which we invest, because we run them through our analysis.”

“We are not being measured on the number of investments or the capital we invest”

Olton says Tenable Ventures may not necessarily make another investment in 2023, though he expects it will, and says that if Tenable had infinite resources and the ability to start corporate VC earlier, it probably would have. The unit is at heart an extension of a growth strategy that already included acquisitions but not minority investment.

“We are not being measured on the number of investments or the capital we invest, we’re really being measured on the extent to which we can further the strategy of the business, which is the cyber risk and exposure management strategy,” he says.

“We’re excited to work with companies that do share the strategic vision we have, invest in them, help them grow and achieve their vision. Because honestly, we think it will be quite aligned with ours.”

Lead image courtesy of Adi Goldstein via Unsplash

Robert Lavine

Robert Lavine is special features editor for Global Venturing.