In February 2015, security vendors Accuvant and FishNet merged to form a new company, called Optiv Security. Now, Optiv is making the first acquisition of its own, picking up identity and access management (IAM) services vendor Advancive.
Financial terms of the deal are not being publicly disclosed at this time.
Prior to the Advancive acquisition, Optiv already had 50 people working on IAM services, explained Bryan Weise, Optiv's vice president of identity and access management. With the Advancive deal, Optive is adding another 35 experienced staff members to expand its capabilities and IAM services potential, he said, adding that Optiv has both been a partner and a competitor of Advancive.
"This deal allows us to go wider and deeper in identity and access management services for our customers," Weise told eWEEK.
In the past, many enterprises considered IAM to be just Microsoft ActiveDirectory, but what constitutes IAM in 2016 is significantly more expansive, Weise said. IAM includes technologies such as user behavior and identity intelligence, and ways to help prevent the root cause of insider breaches.
Many organizations lack the expertise to plan and build an IAM strategy properly, Weise said. Optiv aims to help organizations figure out a plan to solve IAM challenges and help reduce security risks.
"We build road maps, resell technology and help to implement it," Weise said. "With the Advancive acquisition, we now can also go deeper on some technology for integration and implementation support."
Weise noted that Advancive has domain expertise with both RSA Security and Ping Identity's IAM products.
Artyom Poghosyan, managing director for Advancive, said that the skills needed to manage IAM have evolved over time. "It's fairly complex and difficult for most organization to have the breadth and depth of skill in house to implement IAM, which is a big driver of why we're in business," Poghosyan told eWEEK.
Another driver is the fact that organizations are moving from some form of disjointed, custom-built IAM or open-source approach to a more integrated commercial product. In recent years, commercial IAM products have become cheaper, and many organizations have learned that with open-source software, even though the technology might be free, that doesn't mean there aren't costs for management or deployment, Poghosyan explained.
Weise noted that what is also increasingly part of all IAM deployments is the use of some form of multifactor authentication approach to help harden security and reduce the risks of users relying on a single password.
From an overall architecture perspective, there can also be a need to design a network using software-defined networking approaches to help improve security in combination with IAM.
One area that Optiv is now working on building out is an improved incident response integration for IAM services. Optiv has incident response services that can come in and help an organization deal with a breach. The plan is to bring in the IAM services piece to help remediate the root causes of a breach and to help reduce risks for future breaches.
Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.