Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Analytics

EMC Secures Verid

Vendor continues its security spending tear, picking up authentication specialist Verid

EMC has bought identity management startup Verid for an undisclosed fee, attempting to add an additional layer of security to its RSA product line. (See EMC Buys Verid and EMC's World.)

The deal is the latest in a string of security acquisitions from EMC, although it is unlikely that the fee matched the $175 million paid last fall for Network Intelligence, which boasted 700 customers and $25 million in funding. (See EMC Pockets Network Intelligence.)

In contrast, Verid has around 130 customers, and just over $20 million in funding, although the Fort Lauderdale, Fla.-based firm lists financial services giant Vanguard amongst its clients. (See Verid Secures $13.2 Million.)

Verid, which offers a managed service built around its own authentication software, will be added to the portfolio of RSA, EMC's security unit. The startup checks whether users of online banking or e-commerce sites are who they say they are. (See EMC Secures RSA for $2.1B and Execs Concerned About Data Loss.)

In a nutshell, Verid links up with its customers' Web portals to verify end-user details, which are transferred via encrypted HTTPS links. Rather than the traditional approach of relying on usernames and passwords, Verid also asks its clients' customers a series of questions.

RSA spokesman Matt Buckley told Byte and Switch that the startup's 43-strong workforce, including CEO Kevin Watson, will be staying with the firm. "Those employees, and the management team, will be moving over to EMC [where] they will be integrated into RSA."

At least for the time being, it seems that Verid's Fla.-based headquarters is secure. "There's no plans to change anything with regard to facilities or staffing," says Buckley.

The startup will function as a separate product line within RSA for at least the remainder of 2007, with Watson continuing to head the business, reporting directly to Christopher Young, vice president of consumer and access solutions at RSA.

Today's deal isn't exactly a bolt out of the blue. Last September Verid signed a deal to integrate its technology into RSA's Adaptive Authentication platform as part of a security push into the financial services arena.

At least one analyst told Byte and Switch that the move reflects CIOs' paranoia about data loss, particularly in banking. "There's a lot of pressure on financial services firms to expand what they consider to be strong authentication," said Scott Crawford, senior analyst at Enterprise Management Associates (EMA), adding that Verid will be complimentary to RSA's existing Cyota and Passmark authentication technologies. (See RSA to Acquire Cyota, RSA Touts Achievements, and RSA Announces Earnings.)

Lack of effective identity management products has already been cited as a major challenge by IT managers, with Verid coming up against credit checking firms such as Experian and Equifax, which also offer identity checking services. (See CIOs Face Identity Crisis.)

The startup initially focused on credit card fraud, although it changed tack in 2003 to focus its energies on authentication.

EMC execs promised major initiatives in areas such as security and document management at the recent EMC World event, although some users have voiced concern that the vendor could lose sight of its core storage business. (See Cisco, EMC Team on Fabric Encryption, Room for Dessert, and US MEPCOM.)

— James Rogers, Senior Editor Byte and Switch

  • EMC Corp. (NYSE: EMC)
  • Enterprise Management Associates
  • Verid Inc.

    Comment  | 
    Print  | 
    More Insights
  • Comments
    Newest First  |  Oldest First  |  Threaded View
    Data Privacy Protections for the Most Vulnerable -- Children
    Dimitri Sirota, Founder & CEO of BigID,  10/17/2019
    Sodinokibi Ransomware: Where Attackers' Money Goes
    Kelly Sheridan, Staff Editor, Dark Reading,  10/15/2019
    7 SMB Security Tips That Will Keep Your Company Safe
    Steve Zurier, Contributing Writer,  10/11/2019
    Register for Dark Reading Newsletters
    White Papers
    Video
    Cartoon Contest
    Write a Caption, Win a Starbucks Card! Click Here
    Latest Comment: The old using of sock puppets for Shoulder Surfing technique. 
    Current Issue
    7 Threats & Disruptive Forces Changing the Face of Cybersecurity
    This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
    Flash Poll
    2019 Online Malware and Threats
    2019 Online Malware and Threats
    As cyberattacks become more frequent and more sophisticated, enterprise security teams are under unprecedented pressure to respond. Is your organization ready?
    Twitter Feed
    Dark Reading - Bug Report
    Bug Report
    Enterprise Vulnerabilities
    From DHS/US-CERT's National Vulnerability Database
    CVE-2019-8071
    PUBLISHED: 2019-10-17
    Adobe Download Manager versions 2.0.0.363 have an insecure file permissions vulnerability. Successful exploitation could lead to privilege escalation.
    CVE-2019-10752
    PUBLISHED: 2019-10-17
    Sequelize, all versions prior to version 4.44.3 and 5.15.1, is vulnerable to SQL Injection due to sequelize.json() helper function not escaping values properly when formatting sub paths for JSON queries for MySQL, MariaDB and SQLite.
    CVE-2019-12611
    PUBLISHED: 2019-10-17
    An issue was discovered in Bitdefender BOX firmware versions before 2.1.37.37-34 that affects the general reliability of the product. Specially crafted packets sent to the miniupnpd implementation in result in the device allocating memory without freeing it later. This behavior can cause the miniupn...
    CVE-2019-13657
    PUBLISHED: 2019-10-17
    CA Performance Management 3.5.x, 3.6.x before 3.6.9, and 3.7.x before 3.7.4 have a default credential vulnerability that can allow a remote attacker to execute arbitrary commands and compromise system security.
    CVE-2019-15626
    PUBLISHED: 2019-10-17
    The Deep Security Manager application (Versions 10.0, 11.0 and 12.0), when configured in a certain way, may transmit initial LDAP communication in clear text. This may result in confidentiality impact but does not impact integrity or availability.