Secure authentication company RSA Security Inc. announced a number of moves that will refocus and streamline the company, including the acquisition of Cyota Inc., which makes software that can detect malicious software programs.
RSA, based in Bedford, Mass., will pay $145 million, including $136 million in cash, for Cyota, which is privately held. The company said it plans to blend its secure authentication hardware and software with Cyotas anti-fraud technology to protect consumer identity and online transaction information.
The acquisition came amid news of shuffling at RSA, which also announced the departure of Jeff Glidden, the companys chief financial officer, and a plan to restructure and consolidate its engineering staff globally.
Cyota makes a number of secure authentication and anti-fraud products that are used by banks and financial services companies. The companys products all rely on Cyotas eRiskEngine and eFraudNetwork technology, which compile data from a number of sources to spot fraudulent activity.
Cyotas eVision and FraudAction are anti-fraud and anti-phishing products that are used by banks to spot and shut down phishing Web sites that pose as legitimate customer portals to steal sensitive information. SecureSuite is a payment security platform that is used by credit card-issuing banks to authenticate online payments.
The company also sells eSphinx, a two-factor authentication technology for online banking customers, and eStamp, a Web site watermarking program that is designed to thwart online fraud.
RSA said it will combine that risk calculation technology with its own products and sell risk-based layered authentication products. The company also plans to sell itself as a one-stop shop for online security that can sell to banks, e-commerce companies, and consumers and merchants.
“Financial services customers, in particular, are looking for different types of authentication solutions,” said John Worral, vice president of worldwide marketing at RSA.
RSA will be able to offer customers a range of authentication technology, from inexpensive solutions like challenge/response questions that add an additional factor to user names and passwords, to more expensive smart-card technologies that use digital signing and digital certificates, Worral said.
“It comes down to determining the right solution based on the risk, the potential downside and … the cost of ownership,” Worral said.
In the short term, RSA will be integrating Cyotas risk services into RSAs consumer authentication business. The company sees affinities between Cyotas monitoring, risk analysis and alert services, and RSAs token business. In the future, RSA tokens could be used to authorize—or block—transactions that are flagged by Cyotas real-time monitoring service, Worral said.
RSA may be trying to tap into growing demand among financial services companies for technology that can spot fast-moving and ill-defined threats like phishing and pharming attacks, as well as Trojan horse programs.
The company may also be looking for a way to build on the success it has had in the financial services arena with customers like eTrade Financial Corp., said John Oltsik, a senior analyst with Enterprise Strategy Group in Milford, Mass.
“It seems like theyve decided that [securing consumer financial transactions] is a niche they want to focus on,” he said.
What Will Spell Success
Oltsik said the results of RSAs Cyota purchase will depend on how successful RSA is at bundling the companys services and technology with its own offerings, enticing customers to buy packages of services and software from one vendor rather than cherry-picking them from other companies such as Internet Security Systems Inc. or Symantec Corp.
RSA is under increasing pressure to find new sources of revenue. Secure tokens have dropped in price in recent years.
Identity/access management also continues to be a difficult and competitive corner of the technology marketplace. and the companys investments there have not produced hoped-for returns, Oltsik said.
RSAs earnings have been flat in 2005, and there was evidence Monday that the company is looking to shake things up.
Along with the Cyota news, RSA said it was eliminating development centers in Vancouver, British Columbia, New York and San Mateo, Calif. Around 120 software engineers and other technical staff work in those centers.
RSA will be offering a small number of those people jobs in its Bedford, Mass., headquarters. The rest of the positions will be moved to development groups the company has in Brisbane, Australia and Bangalore, India, where RSA works through outsourcing firms like HCL Technologies Ltd., RSAs Worral said.
The company also announced that CFO Jeff Glidden, who has served for three and a half years, was leaving. Glidden is going to work for a private company he helped fund.
In a statement, Glidden said he leaves RSA with a strong balance sheet, and that the Cyota acquisition is a “good strategic decision” for RSA.
Worral said the move was unrelated to the other announcements from RSA, and credited Glidden with helping RSA comply with the complicated Sarbanes-Oxley Act regulations and with leaving the company on solid ground financially.
Experts, including Oltsik, also speculated that RSA was prettying itself for potential buyers. With a large customer base, solid cash reserves, new technology from Cyota and a streamlined engineering operation, RSA could be an attractive target for larger companies such as Oracle Corp., Computer Associates International Inc. and IBM, Oltsik said.