Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Analytics

2/20/2009
02:59 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Novell Acquires Privileged User Management Technology From Fortefi

Company also acquires perpetual source code license to ActivIdentity's industry-leading single sign-on solution, SecureLogin

WALTHAM, Mass. - Feb. 19, 2009 " Novell announces it acquired the technology assets of Fortefi Ltd., a provider of compliance and privileged user management solutions. Novell also acquired a perpetual source code license to ActivIdentity's industry-leading single sign-on solution, SecureLogin, which had been previously available to customers through an OEM agreement as Novell' SecureLogin. The two deals cement Novell's leadership position in bringing together identity, access and security management technologies to help customers reduce cost, complexity and risk while proving compliance with industry regulations.

"We're excited about adding Fortefi's privileged user management solutions to our portfolio and bringing SecureLogin technology, development and support in-house," said Jim Ebzery, senior vice president and general manager of Identity and Security at Novell. "With these two moves, we continue our evolution to become the 'category-killer' for identity and security management. Customers can come to Novell as a one-stop-shop for all of their identity and security needs " whether they are seeking a point solution or a complete platform. Our best-of-breed approach is both modular and integrated, to let customers address their specific problems with the flexibility to expand to the rest of their enterprise."

License Agreement Overview " ActivIdentity Corporation Novell SecureLogin is the industry's leading solution for enterprise single sign-on. Since 2001, Novell has delivered Novell SecureLogin via an OEM agreement with ActivIdentity. Novell acquired a perpetual source code license to the ActivIdentity code and can fully manage the future development and road map for Novell SecureLogin. This will allow for better integration of SecureLogin into Novell's portfolio of identity management solutions and faster additions of Novell customer requirements into future generations of the product.

Novell is positioned in the leaders quadrant of Gartner, Inc.'s, "Magic Quadrant for Enterprise Single Sign-On" by Gregg Kreizman, Sept. 18, 2008. According to Gartner, "Enterprises continue to make tactical investments in ESSO to resolve the problem of users having too many passwords, with no relief in sight for the next two to three years."

Enterprise Single Sign-on (ESSO) enables a user to access all permitted computers and systems without the need to enter multiple passwords. ESSO reduces human error and helpdesk requests but is difficult to implement because most applications and systems support different password mechanisms.

Novell SecureLogin is part of Novell Identity and Access Management solutions, the industry's leading solutions to automate business processes, mitigate security risks and lay the foundation for complying with internal security mandates and government regulations.

Novell licensed the SecureLogin source code for an undisclosed sum using current cash. SecureLogin will be fully integrated into Novell's identity and security business unit.

Technology Acquisition Overview " Fortefi Ltd. Using the technology acquired from Fortefi, Novell plans to introduce Novell Privileged User Manager in the second quarter of 2009. Novell Privileged User Manager is built on two Fortefi products, Command Control and Compliance Auditor, and provides granular access control and auditing of "super" or "root" users across multiple systems. Novell Privileged User Manager limits exposure to unauthorized activity and information access by helping customers rapidly enable or disable administrator-level users across both UNIX* and Linux*. This acquisition also expands Novell's focus on UNIX to Linux migration by offering customers a single tool for managing superuser access while they migrate to SUSE' Linux Enterprise. Industry regulations such as Sarbanes-Oxley, PCI DSS, HIPAA and others call for better control of user access to sensitive information. Despite these requirements, many organizations share superuser, or root account credentials among multiple users, increasing the likelihood of a security breach from inside the organization. Privileged user management mitigates these types of potential security risks by governing privileged users' access and passwords to an organization's information and systems.

"Poorly managed superuser privileges leave enterprises exposed to security breaches and regulatory rebuke, which may result in business losses and financial penalties," notes Gartner, Inc. in Best Practices for Managing Superuser Privileges, Ant Allan, et. al., November 2008. "Smart enterprises will oblige system administrators to use SUPM tools, rather than being permanently assigned superuser privileges."

Novell Privileged User Manager will become part of Novell Compliance Management solutions, the industry's leading solutions to automatically enforce security and access-related policies, making it easy to prove compliance and ensure trusted access.

Novell acquired the technology assets from Fortefi Corporation for an undisclosed sum using current cash. These technologies will be fully integrated into the Novell identity and security business unit.

About Novell Novell, Inc. (Nasdaq: NOVL) delivers the best engineered, most interoperable Linux platform and a portfolio of integrated IT management software that helps customers around the world reduce cost, complexity and risk. With our infrastructure software and ecosystem of partnerships, Novell harmoniously integrates mixed IT environments, allowing people and technology to work as one. For more information visit www.novell.com.

Comment  | 
Print  | 
More Insights
Comments
Oldest First  |  Newest First  |  Threaded View
Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-24498
PUBLISHED: 2021-08-02
The Calendar Event Multi View WordPress plugin before 1.4.01 does not sanitise or escape the 'start' and 'end' GET parameters before outputting them in the page (via php/edit.php), leading to a reflected Cross-Site Scripting issue.
CVE-2021-24503
PUBLISHED: 2021-08-02
The Popular Brand Icons – Simple Icons WordPress plugin before 2.7.8 does not sanitise or validate some of its shortcode parameters, such as "color", "size" or "class", allowing users with a role as low as Contributor ...
CVE-2021-24504
PUBLISHED: 2021-08-02
The WP LMS – Best WordPress LMS Plugin WordPress plugin through 1.1.2 does not properly sanitise or validate its User Field Titles, allowing XSS payload to be used in them. Furthermore, no CSRF and capability checks were in place, allowing such att...
CVE-2021-33526
PUBLISHED: 2021-08-02
In MB connect line mbDIALUP versions <= 3.9R0.0 a low privileged local attacker can send a command to the service running with NT AUTHORITY\SYSTEM instructing it to execute a malicous OpenVPN configuration resulting in arbitrary code execution with the privileges of the service.
CVE-2021-33527
PUBLISHED: 2021-08-02
In MB connect line mbDIALUP versions <= 3.9R0.0 a low privileged local attacker can send a command to the service running with NT AUTHORITY\SYSTEM that won't be validated correctly and allows for an arbitrary code execution with the privileges of the service.