Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

6/17/2011
03:04 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

CA Technologies Expands Token Exchange Offer

Customers using any security hardware token can trade them for CA ArcotID secure software credentials

ISLANDIA, N.Y., June 13, 2011 /PRNewswire/ -- CA Technologies (NASDAQ: CA) today announced an update to its previously launched token replacement program that offers customers using any security hardware token the opportunity to trade their tokens for CA ArcotID secure software credentials in a one-for-one swap.

For each hardware token, CA Technologies will provide a three-year enterprise license for the CA ArcotID software credential, including the CA Arcot WebFort authentication server. The only cost to the customer making the switch is maintenance. The program is in effect until Sept. 30, 2011.

"Hardware tokens are a security mechanism whose time has expired. The inconvenience of carrying an additional key fob or device for today's increasingly mobile workforce is not practical, and the difficulty of remediation in case of a hardware token breach is overwhelming," said Mike Denning, general manager, Security, CA Technologies. "We have seen increased interest in the CA ArcotID secure software credential. Companies are re-evaluating their reliance on hardware tokens for authentication and consider software credentials as a superior alternative. CA ArcotID, with more than 30 million users, offers increased flexibility and simplicity of deployment, while providing unsurpassed security."

There are significant advantages to using the CA ArcotID secure software credential versus standalone hardware tokens for advanced authentication including:

-- Simple deployment and management - The CA ArcotID software credential can be easily and securely downloaded and deployed using patented cryptographic camouflage technology. This is more efficient than a hardware token which must be manufactured, physically distributed to the customer site and then delivered to the end-user. In addition, in the event of a security breach, a software-based authentication approach provides a speed advantage by allowing organizations to immediately reset the credential. Users would then self-provision a new, and potentially larger, private key the next time they log in. If a hardware token is compromised, the situation requires deploying a new token, which requires the vendor's assistance, and could be a costly, time-consuming and inefficient process. -- Flexibility - The CA ArcotID software credential works across multiple applications and environments, and it scales to support millions of users. Organizations also have the flexibility to store the CA ArcotID software credential on any supported client device, such as a PC, notebook, tablet device or smartphone. -- Uncompromised Security- The CA ArcotID software credential combines a standard x.509v3 digital certificate with patented cryptographic camouflage private key concealment technology to allow users to authenticate securely. In addition, each organization creates, manages and stores its own private keys for all its CA ArcotID users. CA Technologies holds no information about any individual software credentials, thereby reducing the risk of compromising customer data.

View a webcast "Exploring the Security, Cost And User Convenience Benefits of a Software Credential over Hardware Tokens" to hear Jim Reno, CA Technologies distinguished engineer and former Arcot CTO, discuss how software credentials can help eliminate some of the cost, distribution, provisioning and support issues found with hardware tokens. Register for the webcast at http://www.ca.com/us/lpg/forms/na/fy12/sec/47824_49505.aspx.

For more information on the Token Replacement Program, please visit www.ca.com/replacetokens.

(Logo: http://photos.prnewswire.com/prnh/20100516/NY05617LOGO)

About CA Technologies

CA Technologies (NASDAQ: CA) is an IT management software and solutions company with expertise across all IT environments - from mainframe and distributed, to virtual and cloud. CA Technologies manages and secures IT environments and enables customers to deliver more flexible IT services. CA Technologies innovative products and services provide the insight and control essential for IT organizations to power business agility. The majority of the Global Fortune 500 relies on CA Technologies to manage evolving IT ecosystems. For additional information, visit CA Technologies at www.ca.com.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Manchester United Suffers Cyberattack
Dark Reading Staff 11/23/2020
As 'Anywhere Work' Evolves, Security Will Be Key Challenge
Robert Lemos, Contributing Writer,  11/23/2020
Cloud Security Startup Lightspin Emerges From Stealth
Kelly Sheridan, Staff Editor, Dark Reading,  11/24/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-27218
PUBLISHED: 2020-11-28
In Eclipse Jetty version 9.4.0.RC0 to 9.4.34.v20201102, 10.0.0.alpha0 to 10.0.0.beta2, and 11.0.0.alpha0 to 11.0.0.beta2, if GZIP request body inflation is enabled and requests from different clients are multiplexed onto a single connection, and if an attacker can send a request with a body that is ...
CVE-2020-29367
PUBLISHED: 2020-11-27
blosc2.c in Blosc C-Blosc2 through 2.0.0.beta.5 has a heap-based buffer overflow when there is a lack of space to write compressed data.
CVE-2020-26245
PUBLISHED: 2020-11-27
npm package systeminformation before version 4.30.5 is vulnerable to Prototype Pollution leading to Command Injection. The issue was fixed with a rewrite of shell sanitations to avoid prototyper pollution problems. The issue is fixed in version 4.30.5. If you cannot upgrade, be sure to check or sani...
CVE-2017-15682
PUBLISHED: 2020-11-27
In Crafter CMS Crafter Studio 3.0.1 an unauthenticated attacker is able to inject malicious JavaScript code resulting in a stored/blind XSS in the admin panel.
CVE-2017-15683
PUBLISHED: 2020-11-27
In Crafter CMS Crafter Studio 3.0.1 an unauthenticated attacker is able to create a site with specially crafted XML that allows the retrieval of OS files out-of-band.