Xceedium, which specializes in privileged access management, acquired the password management business from security company Irdeto on Sept. 8. Irdeto's Cloakware Password Authority product gives customers access to a secure and cloud-based password management service.
The deal gives Xceedium the technology behind the product, Irdeto's client roster of enterprises using Password Authority and the engineering, support and sales staff associated with the business, the company said. Xceedium also gained a perpetual license to Irdeto's white-box cryptographic libraries, which are used within Password Authority.
Irdeto's Cloakware Password Authority was "clearly the premier technology in the space," said Glenn C. Hazard, CEO of Xceedium.
The financial details of the transaction were not disclosed. Xceedium has opened a new research and development facility in Ottawa, Canada, to support the new technology. The Canadian team will work closely with the company's R&D team in Jersey, City, N.J.
Security threats from privileged insiders and trusted third parties are at an all-time high, Xceedium said. There have been a number of incidents this year where employees abused their privileges to access network services and data they didn't need or accidentally exposed information to others. Organizations are looking for ways to safeguard important data from insider breaches, whether intentionally or accidentally, Xceedium said. There are also certain compliance requirements that have to be met while securing the data.
Xceedium has combined the newly acquired password management technology with its GateKeeper access control and monitoring tool and A2A Authority into a single hardened appliance. The newly launched Xceedium Xsuite comes in two models.
The strategic acquisition and the new Xsuite will allow Xceedium to meet customer needs, especially in the government and critical infrastructure markets, Hazard said.
Xsuite offers enterprises an integrated privileged access management platform that handles both access control and password management, Hazard said. This eliminates employees sharing administrative passwords to critical assets, or storing them in clear text, as often happens. Administrators would be able to control, contain and audit user activity, regardless of whether they are partners, employees or consultants, in and out of the corporate network.
The Cloakware technology within the Xsuite appliance would allow administrators to enforce password policies and manage privileged passwords throughout the lifecycle. Passwords are encrypted while stored as well as when being used during the log-in process.
Xsuite would extend the "zero trust" architecture, where the assumption is that no one has any default privileges on the network. This eliminates instances where privileges are too wide and give employees too much access, or when certain privileges are not revoked after the employee no longer needs them.
"We are seeing rapidly rising demand for solutions addressing insider threats," said Sally Hudson, a research director at research firm IDC. The integrated product will allow customers to address insider threats while meeting regulatory compliance, Hudson said.
Xsuite is available immediately and pricing starts at $50,000 for the hardened appliance. Existing GateKeeper customers can upgrade by installing a patch.