Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News

8/10/2015
12:45 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

CA Technologies to Acquire Xceedium and Provide Comprehensive Offering for Combating Privileged User Security Breaches and Compliance Risks

Acquisition of Privileged Identity Management 'Trailblazer' Will Expand Customer Options for Securing IT Administrator Accounts Across Hybrid IT Environments

NEW YORK, Aug. 4, 2015 – CA Technologies (NASDAQ:CA) today announced it has signed a definitive agreement to acquire privately held Xceedium, Inc., a provider of privileged identity management solutions that protect on-premise, cloud and hybrid IT environments. Terms of the agreement were not disclosed. The transaction is expected to close within the quarter.

Recent mega breaches and growing compliance and audit demands have increased the need to control and manage the credentials and activities of privileged users who have unfettered access to high-value systems that store and process sensitive information. Acquiring Xceedium will extend CA’s security portfolio, giving customers a comprehensive solution for controlling and protecting IT administrator or other privileged user accounts from external attacks or insider mistakes and malicious misuse.

“Our digital world gives organizations tremendous opportunity; it also introduces additional regulatory demands and increased risk as bad actors penetrate our networks using stolen credentials which give them the proverbial ‘keys to the kingdom,’” said Steve Firestone, senior vice president and Security general manager, CA Technologies. “The CA and Xceedium combination will reinforce our leadership position in privileged identity management and offer customers a flexible approach to managing privileged identity compliance and risk.” 

Xsuite®, Xceedium’s innovative privileged identity management solution for hybrid IT environments, offers an identity-centric, proxy-based approach. It provides a centralized point of authentication for administrators, brokering the release of credentials for shared administrative accounts without exposing them to the risk of theft, compromise, or misuse. Deployed as a physical or virtual appliance or as an Amazon machine image, Xsuite provides scalability and simplified deployment. It also helps address security and compliance needs: namely, centralized shared account management for enhanced administrator accountability, administrative session recording for audit and incident forensics, and command filtering to limit the scope of administrator activity and network access.

This complements CA Privileged Identity Manager’s resource- or host-based access control approach, which focuses on controlling access to the server operating system and limits the scope for administrators—especially superusers—to modify processes, configuration files or registries. CA’s solution supplements centralized IT administrator access management with controls to minimize the risk of a privileged user unleashing malware—a common tactic used by attackers to launch breaches and avoid detection. Together, the solutions will help protect privileged accounts from compromise, provide tightly-defined access controls, and enable monitoring of privileged user activity across an organization’s entire hybrid IT infrastructure, further minimizing the risk of breaches.

“Protecting against attacks on privileged user credentials can be the difference between staying in business and going out of business. It also has become a critical element of our national defense as recent attacks on government systems reveal an escalation in attacks from cybercrime to cyberespionage,” said Glenn Hazard, Xceedium CEO. “Stealing and exploiting privileged accounts is a central element of the kill chain in cyber attacks of all kinds, regardless of attacker origin. We’re excited to join forces with CA to help deliver a next generation threat mitigation suite to the market that directly addresses these devastating data breaches and attacks.”

Xceedium, headquartered in Herndon, Va., was founded in 2000 and has offices in Jersey City, NJ, and Ottawa, Canada.  It holds four patents in the area of privileged identity management and supports customers across multiple markets including finance, retail, manufacturing and federal government.

 

About Xceedium

Xceedium is the leading provider of privileged identity management solutions for hybrid enterprises. Large companies and global government agencies use Xceedium products to reduce the risks privileged users and unprotected credentials pose to systems and data. The company’s Xsuite platform enables customers to implement a zero trust security model. It vaults privileged account credentials, implements role-based access controls, and monitors and records privileged user sessions. With unified policy management, Xsuite enables the seamless administration of security controls across systems, whether they reside in a traditional data center, a private cloud, on public cloud infrastructure, or a combination of environments.

Xceedium’s solutions enable organizations to comply with security and privacy mandates, such as PCI DSS, FISMA, HIPAA, and NERC CIP. The company’s products provide industry-leading reliability, availability, and scalability, and they are the most highly certified products in the market, with designations including FIPS 140-2 validation, Common Criteria EAL4+ certification, and inclusion on the U.S. DOD Unified Command Approved Products List (UC/APL). For more information, please visitwww.xceedium.com.

 

About CA Technologies

CA Technologies (NASDAQ:CA) creates software that fuels transformation for companies and enables them to seize the opportunities of the application economy. Software is at the heart of every business in every industry. From planning, to development, to management and security, CA is working with companies worldwide to change the way we live, transact, and communicate – across mobile, private and public cloud, distributed and mainframe environments. Learn more at www.ca.com.

 

Follow CA Technologies

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Attackers Leave Stolen Credentials Searchable on Google
Kelly Sheridan, Staff Editor, Dark Reading,  1/21/2021
How to Better Secure Your Microsoft 365 Environment
Kelly Sheridan, Staff Editor, Dark Reading,  1/25/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: I can't find the back door.
Current Issue
2020: The Year in Security
Download this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.
Flash Poll
Assessing Cybersecurity Risk in Today's Enterprises
Assessing Cybersecurity Risk in Today's Enterprises
COVID-19 has created a new IT paradigm in the enterprise -- and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-21275
PUBLISHED: 2021-01-25
The MediaWiki "Report" extension has a Cross-Site Request Forgery (CSRF) vulnerability. Before fixed version, there was no protection against CSRF checks on Special:Report, so requests to report a revision could be forged. The problem has been fixed in commit f828dc6 by making use of Medi...
CVE-2021-21272
PUBLISHED: 2021-01-25
ORAS is open source software which enables a way to push OCI Artifacts to OCI Conformant registries. ORAS is both a CLI for initial testing and a Go Module. In ORAS from version 0.4.0 and before version 0.9.0, there is a "zip-slip" vulnerability. The directory support feature allows the ...
CVE-2021-23901
PUBLISHED: 2021-01-25
An XML external entity (XXE) injection vulnerability was discovered in the Nutch DmozParser and is known to affect Nutch versions < 1.18. XML external entity injection (also known as XXE) is a web security vulnerability that allows an attacker to interfere with an application's processing of XML ...
CVE-2020-17532
PUBLISHED: 2021-01-25
When handler-router component is enabled in servicecomb-java-chassis, authenticated user may inject some data and cause arbitrary code execution. The problem happens in versions between 2.0.0 ~ 2.1.3 and fixed in Apache ServiceComb-Java-Chassis 2.1.5
CVE-2020-12512
PUBLISHED: 2021-01-22
Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to an authenticated reflected POST Cross-Site Scripting