Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Analytics

2/20/2009
02:59 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Novell Acquires Privileged User Management Technology From Fortefi

Company also acquires perpetual source code license to ActivIdentity's industry-leading single sign-on solution, SecureLogin

WALTHAM, Mass. - Feb. 19, 2009 " Novell announces it acquired the technology assets of Fortefi Ltd., a provider of compliance and privileged user management solutions. Novell also acquired a perpetual source code license to ActivIdentity's industry-leading single sign-on solution, SecureLogin, which had been previously available to customers through an OEM agreement as Novell' SecureLogin. The two deals cement Novell's leadership position in bringing together identity, access and security management technologies to help customers reduce cost, complexity and risk while proving compliance with industry regulations.

"We're excited about adding Fortefi's privileged user management solutions to our portfolio and bringing SecureLogin technology, development and support in-house," said Jim Ebzery, senior vice president and general manager of Identity and Security at Novell. "With these two moves, we continue our evolution to become the 'category-killer' for identity and security management. Customers can come to Novell as a one-stop-shop for all of their identity and security needs " whether they are seeking a point solution or a complete platform. Our best-of-breed approach is both modular and integrated, to let customers address their specific problems with the flexibility to expand to the rest of their enterprise."

License Agreement Overview " ActivIdentity Corporation Novell SecureLogin is the industry's leading solution for enterprise single sign-on. Since 2001, Novell has delivered Novell SecureLogin via an OEM agreement with ActivIdentity. Novell acquired a perpetual source code license to the ActivIdentity code and can fully manage the future development and road map for Novell SecureLogin. This will allow for better integration of SecureLogin into Novell's portfolio of identity management solutions and faster additions of Novell customer requirements into future generations of the product.

Novell is positioned in the leaders quadrant of Gartner, Inc.'s, "Magic Quadrant for Enterprise Single Sign-On" by Gregg Kreizman, Sept. 18, 2008. According to Gartner, "Enterprises continue to make tactical investments in ESSO to resolve the problem of users having too many passwords, with no relief in sight for the next two to three years."

Enterprise Single Sign-on (ESSO) enables a user to access all permitted computers and systems without the need to enter multiple passwords. ESSO reduces human error and helpdesk requests but is difficult to implement because most applications and systems support different password mechanisms.

Novell SecureLogin is part of Novell Identity and Access Management solutions, the industry's leading solutions to automate business processes, mitigate security risks and lay the foundation for complying with internal security mandates and government regulations.

Novell licensed the SecureLogin source code for an undisclosed sum using current cash. SecureLogin will be fully integrated into Novell's identity and security business unit.

Technology Acquisition Overview " Fortefi Ltd. Using the technology acquired from Fortefi, Novell plans to introduce Novell Privileged User Manager in the second quarter of 2009. Novell Privileged User Manager is built on two Fortefi products, Command Control and Compliance Auditor, and provides granular access control and auditing of "super" or "root" users across multiple systems. Novell Privileged User Manager limits exposure to unauthorized activity and information access by helping customers rapidly enable or disable administrator-level users across both UNIX* and Linux*. This acquisition also expands Novell's focus on UNIX to Linux migration by offering customers a single tool for managing superuser access while they migrate to SUSE' Linux Enterprise. Industry regulations such as Sarbanes-Oxley, PCI DSS, HIPAA and others call for better control of user access to sensitive information. Despite these requirements, many organizations share superuser, or root account credentials among multiple users, increasing the likelihood of a security breach from inside the organization. Privileged user management mitigates these types of potential security risks by governing privileged users' access and passwords to an organization's information and systems.

"Poorly managed superuser privileges leave enterprises exposed to security breaches and regulatory rebuke, which may result in business losses and financial penalties," notes Gartner, Inc. in Best Practices for Managing Superuser Privileges, Ant Allan, et. al., November 2008. "Smart enterprises will oblige system administrators to use SUPM tools, rather than being permanently assigned superuser privileges."

Novell Privileged User Manager will become part of Novell Compliance Management solutions, the industry's leading solutions to automatically enforce security and access-related policies, making it easy to prove compliance and ensure trusted access.

Novell acquired the technology assets from Fortefi Corporation for an undisclosed sum using current cash. These technologies will be fully integrated into the Novell identity and security business unit.

About Novell Novell, Inc. (Nasdaq: NOVL) delivers the best engineered, most interoperable Linux platform and a portfolio of integrated IT management software that helps customers around the world reduce cost, complexity and risk. With our infrastructure software and ecosystem of partnerships, Novell harmoniously integrates mixed IT environments, allowing people and technology to work as one. For more information visit www.novell.com.

Comment  | 
Print  | 
More Insights
Comments
Threaded  |  Newest First  |  Oldest First
Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-27491
PUBLISHED: 2021-07-30
Ypsomed mylife Cloud, mylife Mobile Application:Ypsomed mylife Cloud,All versions prior to 1.7.2,Ypsomed mylife App,All versions prior to 1.7.5,The Ypsomed mylife Cloud discloses password hashes during the registration process.
CVE-2021-27495
PUBLISHED: 2021-07-30
Ypsomed mylife Cloud, mylife Mobile Application:Ypsomed mylife Cloud,All versions prior to 1.7.2,Ypsomed mylife App,All versions prior to 1.7.5,he Ypsomed mylife Cloud reflects the user password during the login process after redirecting the user from a HTTPS endpoint to a HTTP endpoint.
CVE-2021-32807
PUBLISHED: 2021-07-30
The module `AccessControl` defines security policies for Python code used in restricted code within Zope applications. Restricted code is any code that resides in Zope's object database, such as the contents of `Script (Python)` objects. The policies defined in `AccessControl` severely restrict acce...
CVE-2021-22521
PUBLISHED: 2021-07-30
A privileged escalation vulnerability has been identified in Micro Focus ZENworks Configuration Management, affecting version 2020 Update 1 and all prior versions. The vulnerability could be exploited to gain unauthorized system privileges.
CVE-2021-34629
PUBLISHED: 2021-07-30
The SendGrid WordPress plugin is vulnerable to authorization bypass via the get_ajax_statistics function found in the ~/lib/class-sendgrid-statistics.php file which allows authenticated users to export statistic for a WordPress multi-site main site, in versions up to and including 1.11.8.