Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Analytics

EMC Secures Verid

Vendor continues its security spending tear, picking up authentication specialist Verid

EMC has bought identity management startup Verid for an undisclosed fee, attempting to add an additional layer of security to its RSA product line. (See EMC Buys Verid and EMC's World.)

The deal is the latest in a string of security acquisitions from EMC, although it is unlikely that the fee matched the $175 million paid last fall for Network Intelligence, which boasted 700 customers and $25 million in funding. (See EMC Pockets Network Intelligence.)

In contrast, Verid has around 130 customers, and just over $20 million in funding, although the Fort Lauderdale, Fla.-based firm lists financial services giant Vanguard amongst its clients. (See Verid Secures $13.2 Million.)

Verid, which offers a managed service built around its own authentication software, will be added to the portfolio of RSA, EMC's security unit. The startup checks whether users of online banking or e-commerce sites are who they say they are. (See EMC Secures RSA for $2.1B and Execs Concerned About Data Loss.)

In a nutshell, Verid links up with its customers' Web portals to verify end-user details, which are transferred via encrypted HTTPS links. Rather than the traditional approach of relying on usernames and passwords, Verid also asks its clients' customers a series of questions.

RSA spokesman Matt Buckley told Byte and Switch that the startup's 43-strong workforce, including CEO Kevin Watson, will be staying with the firm. "Those employees, and the management team, will be moving over to EMC [where] they will be integrated into RSA."

At least for the time being, it seems that Verid's Fla.-based headquarters is secure. "There's no plans to change anything with regard to facilities or staffing," says Buckley.

The startup will function as a separate product line within RSA for at least the remainder of 2007, with Watson continuing to head the business, reporting directly to Christopher Young, vice president of consumer and access solutions at RSA.

Today's deal isn't exactly a bolt out of the blue. Last September Verid signed a deal to integrate its technology into RSA's Adaptive Authentication platform as part of a security push into the financial services arena.

At least one analyst told Byte and Switch that the move reflects CIOs' paranoia about data loss, particularly in banking. "There's a lot of pressure on financial services firms to expand what they consider to be strong authentication," said Scott Crawford, senior analyst at Enterprise Management Associates (EMA), adding that Verid will be complimentary to RSA's existing Cyota and Passmark authentication technologies. (See RSA to Acquire Cyota, RSA Touts Achievements, and RSA Announces Earnings.)

Lack of effective identity management products has already been cited as a major challenge by IT managers, with Verid coming up against credit checking firms such as Experian and Equifax, which also offer identity checking services. (See CIOs Face Identity Crisis.)

The startup initially focused on credit card fraud, although it changed tack in 2003 to focus its energies on authentication.

EMC execs promised major initiatives in areas such as security and document management at the recent EMC World event, although some users have voiced concern that the vendor could lose sight of its core storage business. (See Cisco, EMC Team on Fabric Encryption, Room for Dessert, and US MEPCOM.)

— James Rogers, Senior Editor Byte and Switch

  • EMC Corp. (NYSE: EMC)
  • Enterprise Management Associates
  • Verid Inc.

     

    Recommended Reading:

    Comment  | 
    Print  | 
    More Insights
  • Comments
    Newest First  |  Oldest First  |  Threaded View
    COVID-19: Latest Security News & Commentary
    Dark Reading Staff 7/2/2020
    Ripple20 Threatens Increasingly Connected Medical Devices
    Kelly Sheridan, Staff Editor, Dark Reading,  6/30/2020
    DDoS Attacks Jump 542% from Q4 2019 to Q1 2020
    Dark Reading Staff 6/30/2020
    Register for Dark Reading Newsletters
    White Papers
    Video
    Cartoon
    Current Issue
    How Cybersecurity Incident Response Programs Work (and Why Some Don't)
    This Tech Digest takes a look at the vital role cybersecurity incident response (IR) plays in managing cyber-risk within organizations. Download the Tech Digest today to find out how well-planned IR programs can detect intrusions, contain breaches, and help an organization restore normal operations.
    Flash Poll
    The Threat from the Internetand What Your Organization Can Do About It
    The Threat from the Internetand What Your Organization Can Do About It
    This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
    Twitter Feed
    Dark Reading - Bug Report
    Bug Report
    Enterprise Vulnerabilities
    From DHS/US-CERT's National Vulnerability Database
    CVE-2020-9498
    PUBLISHED: 2020-07-02
    Apache Guacamole 1.1.0 and older may mishandle pointers involved inprocessing data received via RDP static virtual channels. If a userconnects to a malicious or compromised RDP server, a series ofspecially-crafted PDUs could result in memory corruption, possiblyallowing arbitrary code to be executed...
    CVE-2020-3282
    PUBLISHED: 2020-07-02
    A vulnerability in the web-based management interface of Cisco Unified Communications Manager, Cisco Unified Communications Manager Session Management Edition, Cisco Unified Communications Manager IM & Presence Service, and Cisco Unity Connection could allow an unauthenticated, remote attack...
    CVE-2020-5909
    PUBLISHED: 2020-07-02
    In versions 3.0.0-3.5.0, 2.0.0-2.9.0, and 1.0.1, when users run the command displayed in NGINX Controller user interface (UI) to fetch the agent installer, the server TLS certificate is not verified.
    CVE-2020-5910
    PUBLISHED: 2020-07-02
    In versions 3.0.0-3.5.0, 2.0.0-2.9.0, and 1.0.1, the Neural Autonomic Transport System (NATS) messaging services in use by the NGINX Controller do not require any form of authentication, so any successful connection would be authorized.
    CVE-2020-5911
    PUBLISHED: 2020-07-02
    In versions 3.0.0-3.5.0, 2.0.0-2.9.0, and 1.0.1, the NGINX Controller installer starts the download of Kubernetes packages from an HTTP URL On Debian/Ubuntu system.