theDocumentId => 1130431 Novell Acquires Privileged User Management ...

Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Analytics

2/20/2009
02:59 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Novell Acquires Privileged User Management Technology From Fortefi

Company also acquires perpetual source code license to ActivIdentity's industry-leading single sign-on solution, SecureLogin

WALTHAM, Mass. - Feb. 19, 2009 " Novell announces it acquired the technology assets of Fortefi Ltd., a provider of compliance and privileged user management solutions. Novell also acquired a perpetual source code license to ActivIdentity's industry-leading single sign-on solution, SecureLogin, which had been previously available to customers through an OEM agreement as Novell' SecureLogin. The two deals cement Novell's leadership position in bringing together identity, access and security management technologies to help customers reduce cost, complexity and risk while proving compliance with industry regulations.

"We're excited about adding Fortefi's privileged user management solutions to our portfolio and bringing SecureLogin technology, development and support in-house," said Jim Ebzery, senior vice president and general manager of Identity and Security at Novell. "With these two moves, we continue our evolution to become the 'category-killer' for identity and security management. Customers can come to Novell as a one-stop-shop for all of their identity and security needs " whether they are seeking a point solution or a complete platform. Our best-of-breed approach is both modular and integrated, to let customers address their specific problems with the flexibility to expand to the rest of their enterprise."

License Agreement Overview " ActivIdentity Corporation Novell SecureLogin is the industry's leading solution for enterprise single sign-on. Since 2001, Novell has delivered Novell SecureLogin via an OEM agreement with ActivIdentity. Novell acquired a perpetual source code license to the ActivIdentity code and can fully manage the future development and road map for Novell SecureLogin. This will allow for better integration of SecureLogin into Novell's portfolio of identity management solutions and faster additions of Novell customer requirements into future generations of the product.

Novell is positioned in the leaders quadrant of Gartner, Inc.'s, "Magic Quadrant for Enterprise Single Sign-On" by Gregg Kreizman, Sept. 18, 2008. According to Gartner, "Enterprises continue to make tactical investments in ESSO to resolve the problem of users having too many passwords, with no relief in sight for the next two to three years."

Enterprise Single Sign-on (ESSO) enables a user to access all permitted computers and systems without the need to enter multiple passwords. ESSO reduces human error and helpdesk requests but is difficult to implement because most applications and systems support different password mechanisms.

Novell SecureLogin is part of Novell Identity and Access Management solutions, the industry's leading solutions to automate business processes, mitigate security risks and lay the foundation for complying with internal security mandates and government regulations.

Novell licensed the SecureLogin source code for an undisclosed sum using current cash. SecureLogin will be fully integrated into Novell's identity and security business unit.

Technology Acquisition Overview " Fortefi Ltd. Using the technology acquired from Fortefi, Novell plans to introduce Novell Privileged User Manager in the second quarter of 2009. Novell Privileged User Manager is built on two Fortefi products, Command Control and Compliance Auditor, and provides granular access control and auditing of "super" or "root" users across multiple systems. Novell Privileged User Manager limits exposure to unauthorized activity and information access by helping customers rapidly enable or disable administrator-level users across both UNIX* and Linux*. This acquisition also expands Novell's focus on UNIX to Linux migration by offering customers a single tool for managing superuser access while they migrate to SUSE' Linux Enterprise. Industry regulations such as Sarbanes-Oxley, PCI DSS, HIPAA and others call for better control of user access to sensitive information. Despite these requirements, many organizations share superuser, or root account credentials among multiple users, increasing the likelihood of a security breach from inside the organization. Privileged user management mitigates these types of potential security risks by governing privileged users' access and passwords to an organization's information and systems.

"Poorly managed superuser privileges leave enterprises exposed to security breaches and regulatory rebuke, which may result in business losses and financial penalties," notes Gartner, Inc. in Best Practices for Managing Superuser Privileges, Ant Allan, et. al., November 2008. "Smart enterprises will oblige system administrators to use SUPM tools, rather than being permanently assigned superuser privileges."

Novell Privileged User Manager will become part of Novell Compliance Management solutions, the industry's leading solutions to automatically enforce security and access-related policies, making it easy to prove compliance and ensure trusted access.

Novell acquired the technology assets from Fortefi Corporation for an undisclosed sum using current cash. These technologies will be fully integrated into the Novell identity and security business unit.

About Novell Novell, Inc. (Nasdaq: NOVL) delivers the best engineered, most interoperable Linux platform and a portfolio of integrated IT management software that helps customers around the world reduce cost, complexity and risk. With our infrastructure software and ecosystem of partnerships, Novell harmoniously integrates mixed IT environments, allowing people and technology to work as one. For more information visit www.novell.com.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-32686
PUBLISHED: 2021-07-23
PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In PJSIP before version 2.11.1, there are a couple of issues found in the SSL socket. First, a race condition between callback and ...
CVE-2021-32783
PUBLISHED: 2021-07-23
Contour is a Kubernetes ingress controller using Envoy proxy. In Contour before version 1.17.1 a specially crafted ExternalName type Service may be used to access Envoy's admin interface, which Contour normally prevents from access outside the Envoy container. This can be used to shut down Envoy rem...
CVE-2021-3169
PUBLISHED: 2021-07-23
An issue in Jumpserver 2.6.2 and below allows attackers to create a connection token through an API which does not have access control and use it to access sensitive assets.
CVE-2020-20741
PUBLISHED: 2021-07-23
Incorrect Access Control in Beckhoff Automation GmbH & Co. KG CX9020 with firmware version CX9020_CB3011_WEC7_HPS_v602_TC31_B4016.6 allows remote attackers to bypass authentication via the "CE Remote Display Tool" as it does not close the incoming connection on the Windows CE side if t...
CVE-2021-25808
PUBLISHED: 2021-07-23
A code injection vulnerability in backup/plugin.php of Bludit 3.13.1 allows attackers to execute arbitrary code via a crafted ZIP file.