Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Analytics

2/20/2009
02:59 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Novell Acquires Privileged User Management Technology From Fortefi

Company also acquires perpetual source code license to ActivIdentity's industry-leading single sign-on solution, SecureLogin

WALTHAM, Mass. - Feb. 19, 2009 " Novell announces it acquired the technology assets of Fortefi Ltd., a provider of compliance and privileged user management solutions. Novell also acquired a perpetual source code license to ActivIdentity's industry-leading single sign-on solution, SecureLogin, which had been previously available to customers through an OEM agreement as Novell' SecureLogin. The two deals cement Novell's leadership position in bringing together identity, access and security management technologies to help customers reduce cost, complexity and risk while proving compliance with industry regulations.

"We're excited about adding Fortefi's privileged user management solutions to our portfolio and bringing SecureLogin technology, development and support in-house," said Jim Ebzery, senior vice president and general manager of Identity and Security at Novell. "With these two moves, we continue our evolution to become the 'category-killer' for identity and security management. Customers can come to Novell as a one-stop-shop for all of their identity and security needs " whether they are seeking a point solution or a complete platform. Our best-of-breed approach is both modular and integrated, to let customers address their specific problems with the flexibility to expand to the rest of their enterprise."

License Agreement Overview " ActivIdentity Corporation Novell SecureLogin is the industry's leading solution for enterprise single sign-on. Since 2001, Novell has delivered Novell SecureLogin via an OEM agreement with ActivIdentity. Novell acquired a perpetual source code license to the ActivIdentity code and can fully manage the future development and road map for Novell SecureLogin. This will allow for better integration of SecureLogin into Novell's portfolio of identity management solutions and faster additions of Novell customer requirements into future generations of the product.

Novell is positioned in the leaders quadrant of Gartner, Inc.'s, "Magic Quadrant for Enterprise Single Sign-On" by Gregg Kreizman, Sept. 18, 2008. According to Gartner, "Enterprises continue to make tactical investments in ESSO to resolve the problem of users having too many passwords, with no relief in sight for the next two to three years."

Enterprise Single Sign-on (ESSO) enables a user to access all permitted computers and systems without the need to enter multiple passwords. ESSO reduces human error and helpdesk requests but is difficult to implement because most applications and systems support different password mechanisms.

Novell SecureLogin is part of Novell Identity and Access Management solutions, the industry's leading solutions to automate business processes, mitigate security risks and lay the foundation for complying with internal security mandates and government regulations.

Novell licensed the SecureLogin source code for an undisclosed sum using current cash. SecureLogin will be fully integrated into Novell's identity and security business unit.

Technology Acquisition Overview " Fortefi Ltd. Using the technology acquired from Fortefi, Novell plans to introduce Novell Privileged User Manager in the second quarter of 2009. Novell Privileged User Manager is built on two Fortefi products, Command Control and Compliance Auditor, and provides granular access control and auditing of "super" or "root" users across multiple systems. Novell Privileged User Manager limits exposure to unauthorized activity and information access by helping customers rapidly enable or disable administrator-level users across both UNIX* and Linux*. This acquisition also expands Novell's focus on UNIX to Linux migration by offering customers a single tool for managing superuser access while they migrate to SUSE' Linux Enterprise. Industry regulations such as Sarbanes-Oxley, PCI DSS, HIPAA and others call for better control of user access to sensitive information. Despite these requirements, many organizations share superuser, or root account credentials among multiple users, increasing the likelihood of a security breach from inside the organization. Privileged user management mitigates these types of potential security risks by governing privileged users' access and passwords to an organization's information and systems.

"Poorly managed superuser privileges leave enterprises exposed to security breaches and regulatory rebuke, which may result in business losses and financial penalties," notes Gartner, Inc. in Best Practices for Managing Superuser Privileges, Ant Allan, et. al., November 2008. "Smart enterprises will oblige system administrators to use SUPM tools, rather than being permanently assigned superuser privileges."

Novell Privileged User Manager will become part of Novell Compliance Management solutions, the industry's leading solutions to automatically enforce security and access-related policies, making it easy to prove compliance and ensure trusted access.

Novell acquired the technology assets from Fortefi Corporation for an undisclosed sum using current cash. These technologies will be fully integrated into the Novell identity and security business unit.

About Novell Novell, Inc. (Nasdaq: NOVL) delivers the best engineered, most interoperable Linux platform and a portfolio of integrated IT management software that helps customers around the world reduce cost, complexity and risk. With our infrastructure software and ecosystem of partnerships, Novell harmoniously integrates mixed IT environments, allowing people and technology to work as one. For more information visit www.novell.com.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Commentary
What the FedEx Logo Taught Me About Cybersecurity
Matt Shea, Head of Federal @ MixMode,  6/4/2021
Edge-DRsplash-10-edge-articles
A View From Inside a Deception
Sara Peters, Senior Editor at Dark Reading,  6/2/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-34682
PUBLISHED: 2021-06-12
Receita Federal IRPF 2021 1.7 allows a man-in-the-middle attack against the update feature.
CVE-2021-31811
PUBLISHED: 2021-06-12
In Apache PDFBox, a carefully crafted PDF file can trigger an OutOfMemory-Exception while loading the file. This issue affects Apache PDFBox version 2.0.23 and prior 2.0.x versions.
CVE-2021-31812
PUBLISHED: 2021-06-12
In Apache PDFBox, a carefully crafted PDF file can trigger an infinite loop while loading the file. This issue affects Apache PDFBox version 2.0.23 and prior 2.0.x versions.
CVE-2021-32552
PUBLISHED: 2021-06-12
It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-16 package apport hooks, it could expose private data to other local users.
CVE-2021-32553
PUBLISHED: 2021-06-12
It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-17 package apport hooks, it could expose private data to other local users.