But the market has evolved over the past five years, as more companies are dealing with a plethora of new risks and threats. Employees increasingly using their personal devices, such as laptops, smartphones or personal computers, on a company's network — part of the so-called "bring your own device" trend. Information technology professionals have to account for, and track, the activities of these devices.
The federal government has also imposed tighter guidelines on its agencies to monitor for network attacks and vulnerabilities, and many industry observers expect the standards to become even tighter in coming years. Where the industry standard for companies is to do a full network security scan once a quarter, Gula sees the federal government leading the way to push for such scans every 72 hours.
Eventually, the standard will be continuous, real-time monitoring of networks, a task that will require the kind of software that Tenable sells, which can make sense of a torrent of data points coming in every minute. Tenable bills it as its "Passive Vulnerability Scanner."
Such continuous monitoring software is "like the Doppler radar of network management," said GovWin's Slye.
In a presentation at the CyberMaryland conference in Baltimore earlier this month, Slye noted that the future of cybersecurity will hinge on real-time network security solutions. For instance, the Defense Department wants to know the external and internal threats to its network at every moment, from an unauthorized service member downloading classified data, to a nation-state launching a prolonged cyber attack.
The White House is pushing for an update to the Federal Information Security Act of 2002 that would move from paper-based reports to the continuous computer monitoring of the government's networks.
Tenable's sales to U.S. government agencies account for about a quarter of the company's revenues, said Gula. The rest comes from commercial customers in diverse industries, such as health care, energy, and finance, and governments outside the U.S., he said.
The company sells a low-cost version of its network-scanning software for $1,500 a year; that configuration essentially offers a basic overview of a company's network vulnerabilities.
But for companies with 1,000 to 5,000 employees, Tenable's software packages can range from $100,000 to $250,000, Gula said.
"We really believe there's this emerging market coming," said Gula. "And we're positioned to be there."
Text BUSINESS to 70701 to get Baltimore Sun Business text alerts