Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Analytics

EMC Secures Verid

Vendor continues its security spending tear, picking up authentication specialist Verid

EMC has bought identity management startup Verid for an undisclosed fee, attempting to add an additional layer of security to its RSA product line. (See EMC Buys Verid and EMC's World.)

The deal is the latest in a string of security acquisitions from EMC, although it is unlikely that the fee matched the $175 million paid last fall for Network Intelligence, which boasted 700 customers and $25 million in funding. (See EMC Pockets Network Intelligence.)

In contrast, Verid has around 130 customers, and just over $20 million in funding, although the Fort Lauderdale, Fla.-based firm lists financial services giant Vanguard amongst its clients. (See Verid Secures $13.2 Million.)

Verid, which offers a managed service built around its own authentication software, will be added to the portfolio of RSA, EMC's security unit. The startup checks whether users of online banking or e-commerce sites are who they say they are. (See EMC Secures RSA for $2.1B and Execs Concerned About Data Loss.)

In a nutshell, Verid links up with its customers' Web portals to verify end-user details, which are transferred via encrypted HTTPS links. Rather than the traditional approach of relying on usernames and passwords, Verid also asks its clients' customers a series of questions.

RSA spokesman Matt Buckley told Byte and Switch that the startup's 43-strong workforce, including CEO Kevin Watson, will be staying with the firm. "Those employees, and the management team, will be moving over to EMC [where] they will be integrated into RSA."

At least for the time being, it seems that Verid's Fla.-based headquarters is secure. "There's no plans to change anything with regard to facilities or staffing," says Buckley.

The startup will function as a separate product line within RSA for at least the remainder of 2007, with Watson continuing to head the business, reporting directly to Christopher Young, vice president of consumer and access solutions at RSA.

Today's deal isn't exactly a bolt out of the blue. Last September Verid signed a deal to integrate its technology into RSA's Adaptive Authentication platform as part of a security push into the financial services arena.

At least one analyst told Byte and Switch that the move reflects CIOs' paranoia about data loss, particularly in banking. "There's a lot of pressure on financial services firms to expand what they consider to be strong authentication," said Scott Crawford, senior analyst at Enterprise Management Associates (EMA), adding that Verid will be complimentary to RSA's existing Cyota and Passmark authentication technologies. (See RSA to Acquire Cyota, RSA Touts Achievements, and RSA Announces Earnings.)

Lack of effective identity management products has already been cited as a major challenge by IT managers, with Verid coming up against credit checking firms such as Experian and Equifax, which also offer identity checking services. (See CIOs Face Identity Crisis.)

The startup initially focused on credit card fraud, although it changed tack in 2003 to focus its energies on authentication.

EMC execs promised major initiatives in areas such as security and document management at the recent EMC World event, although some users have voiced concern that the vendor could lose sight of its core storage business. (See Cisco, EMC Team on Fabric Encryption, Room for Dessert, and US MEPCOM.)

— James Rogers, Senior Editor Byte and Switch

  • EMC Corp. (NYSE: EMC)
  • Enterprise Management Associates
  • Verid Inc.

    Comment  | 
    Print  | 
    More Insights
  • Comments
    Newest First  |  Oldest First  |  Threaded View
    10 Ways to Keep a Rogue RasPi From Wrecking Your Network
    Curtis Franklin Jr., Senior Editor at Dark Reading,  7/10/2019
    The Security of Cloud Applications
    Hillel Solow, CTO and Co-founder, Protego,  7/11/2019
    Where Businesses Waste Endpoint Security Budgets
    Kelly Sheridan, Staff Editor, Dark Reading,  7/15/2019
    Register for Dark Reading Newsletters
    White Papers
    Video
    Cartoon Contest
    Write a Caption, Win a Starbucks Card! Click Here
    Latest Comment: "Jim, stop pretending you're drowning in tickets."
    Current Issue
    Building and Managing an IT Security Operations Program
    As cyber threats grow, many organizations are building security operations centers (SOCs) to improve their defenses. In this Tech Digest you will learn tips on how to get the most out of a SOC in your organization - and what to do if you can't afford to build one.
    Flash Poll
    The State of IT Operations and Cybersecurity Operations
    The State of IT Operations and Cybersecurity Operations
    Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
    Twitter Feed
    Dark Reading - Bug Report
    Bug Report
    Enterprise Vulnerabilities
    From DHS/US-CERT's National Vulnerability Database
    CVE-2019-1575
    PUBLISHED: 2019-07-16
    Information disclosure in PAN-OS 7.1.23 and earlier, PAN-OS 8.0.18 and earlier, PAN-OS 8.1.8-h4 and earlier, and PAN-OS 9.0.2 and earlier may allow for an authenticated user with read-only privileges to extract the API key of the device and/or the username/password from the XML API (in PAN-OS) and p...
    CVE-2019-1576
    PUBLISHED: 2019-07-16
    Command injection in PAN-0S 9.0.2 and earlier may allow an authenticated attacker to gain access to a remote shell in PAN-OS, and potentially run with the escalated user?s permissions.
    CVE-2018-19629
    PUBLISHED: 2019-07-16
    A Denial of Service vulnerability in the ImageNow Server service in Hyland Perceptive Content Server before 7.1.5 allows an attacker to crash the service via a TCP connection.
    CVE-2019-10100
    PUBLISHED: 2019-07-16
    Quake3e < 5ed740d is affected by: Buffer Overflow. The impact is: Possible code execution and denial of service. The component is: Argument string creation.
    CVE-2019-10100
    PUBLISHED: 2019-07-16
    UPX 3.95 is affected by: Integer Overflow. The impact is: attacker can cause a denial of service. The component is: src/p_lx_elf.cpp PackLinuxElf32::PackLinuxElf32help1() Line 262. The attack vector is: the victim must open a specially crafted ELF file.