A decade after Tenable made its Nessus vulnerability scanner closed-source, the company's founder explains why he believes he made the right decision.
In October 2005, Ron Gula, CEO of Tenable, decided
to take his open-source Nessus vulnerability scanner and closed-source it. Ten years later, Gula's foresight has been proven to be accurate, as Tenable, the company he helped create, is raising a new $250 million round of funding and closed-source Nessus continues to prosper.
Tenable was founded in 2002, but only reached out to the venture capital markets in 2012, raising $50 million. Total funding to date for Tenable now stands at $300 million.
When asked why Tenable is now raising $250 million, Gula said that Insight Ventures approached his company with the opportunity.
"It has been a hot year for cyber-security companies, and we have had a lot of interest from financial institutions and financial analysts," Gula said. "The vulnerability management and continuous monitoring market is a lot larger than people give it credit for."
The new funding will help Tenable expand its business model in terms of both technology and market reach. Jack Huffard, president and chief operating officer of Tenable, said that his company will need to invest in research and development to continue to grow the business to provide capabilities that keep up with evolving threats.
In addition to Nessus, Tenable's lineup includes SecurityCenter Continuous View, which provides continuous network monitoring and vulnerability analytics capabilities. Tenable also has a Passive Vulnerability Scanner that helps identify server and client-side vulnerability in new assets.
"A lot of people know us for Nessus, which is a period scan, like going to the doctor once a year, whereas our Security Center product is all about continuous monitoring and reacting to your biggest risks to drive remediation," Gula explained.
Compliance requirements, including the Payment Card Industry Data Security Standard (PCI DSS) are helping drive Tenable's business forward. Many organizations use Nessus and SecurityCenter Continuous View for PCI DSS scanning, Gula said.
Tenable is also looking to expand its platforms for emerging areas of technology, including the Internet of things, the cloud and Docker containers.
Larger enterprises are now testing Docker container usage, and the need to secure containers will only grow over time, Huffard said.
"We're not announcing any new capabilities with Docker today, but if you look at the Insight Ventures list of companies they have invested in, Docker Inc. is there and it's very prominent," Gula said. "It's an area that we're definitely focusing on."
Looking back on a decade of Nessus being closed-source, Gula remains confident that he made the right decision.
"By closed-sourcing Nessus, it wasn't about cutting off access; it was about supporting the community," Gula said. "We have been able to grow the community of Nessus users by investing in the product, making it easier to use and adding features."
A decade ago, when Nessus was open-source, there was a community of users, but not a community of contributors, Gula said, adding that, by being closed-source, Tenable has been able to more easily do commercial integrations as well.
"What we're looking at now are new opportunities with the cloud, so it's more about use cases and functionality," Gula said. "We get very few people that come to us that want source code today; they want functions and support."
Sean Michael Kerner is a senior editor at
InternetNews.com. Follow him on Twitter @TechJournalist