Competitors Take on RSA

As RSA introduces its first appliance, VeriSign and TriCipher roll out new authentication systems.

Several security companies will announce new, strong authentication solutions at the RSA Conference this week in San Francisco, including RSA Security Inc., which is introducing its first appliance and a pair of authentication tokens.

While RSA expands into the hardware market, VeriSign Inc. and TriCipher Inc., a company that is making its debut at the show, are rolling out solutions designed to go after RSAs core enterprise customer base on the strength of affordability and ease of use.

VeriSign and TriCipher officials acknowledge the difficulty of challenging RSA in a market it pioneered. But as the demand for stronger, more trustworthy credentials grows, so does the need for a wider variety of solutions, they said.

The announcement of the SecurID Appliance is a milestone for RSA, which traditionally has offered only software and SecurID tokens. But SMBs (small and midsize businesses), the target customers for the box, have made it clear that they need two-factor authentication that is easy to deploy.

"We wanted to move downstream into the SMB market, and this is much easier to install and deploy," said Greg Wood, senior product manager at RSA, in Bedford, Mass. "Its designed for simple configuration and setup."

The SecurID Appliance is designed for companies with fewer than 1,000 employees. It comes preloaded with RSA Authentication Manager 6.0; the cost also includes SecurID tokens for each user. The box runs a special version of Windows Server 2003 that has been hardened according to guidelines developed by the National Security Agency.

/zimages/4/28571.gifClick here to read an eWEEK Labs review of RSAs SecurID for Windows.

RSA is also introducing two tokens: the SecurID SID800 and SID700. The SID800 is a USB token that can handle multiple credential types and transfer one-time passwords directly to a users PC. The SID700 is a smaller version of the original SecurID token.

Pricing for the SecurID device will range from $4,000 for 10 users to $37,000 for 250 users.

Based in San Mateo, Calif., TriCipher, meanwhile, is unveiling its Armored Credential System, a two-factor authentication offering that splits user credentials. One piece of the credential is stored on the TriCipher appliance on the corporate network, and the other remains with the user.

Typically, the users portion of the credential is a password, but it can also be derived from a secret stored on a token, a smart card or even a TPM (Trusted Platform Module) inside the PC. The hashed password file stays on the users PC, not the appliance, officials said.

The strength of the authentication required to log on can be adjusted dynamically and based on the user, the applications he or she is attempting to access, or his or her location. The Armored Credential System will start at $5 per seat.

VeriSign, of Mountain View, Calif., is also introducing two new tokens at RSA. The more powerful of the two is a combination token with one-time password generation and a smart card that has on-board flash memory for encrypted storage of credentials. The other token is much like RSAs SecurID but costs far less—about $15 each—compared with upward of $50 per token for SecurID.

/zimages/4/28571.gifCheck out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at Security Center Editor Larry Seltzers Weblog.