RSA Buys Consumer Authentication Specialist

RSA claims the acquisition of PassMark Security significantly extends its ability to provide two-factor authentication technologies for consumers, including the addition of some voice-recognition applications.

RSA Security has added to its growing array of user authentication and data encryption technologies with the acquisition of PassMark Security, which specializes in tools used by businesses to grant Web site access to customers.

Under the terms of the deal, which will amount to a payout of roughly $44.7 million by RSA, the company will hand over $9 million in cash and approximately 2 million shares of its common stock for the rival security applications vendor, with the final number of shares determined by the average closing price of RSAs stock over the past 30 days.

Company officials said the deal will substantially extend RSAs ability to offer consumer-oriented two-factor authentication to its customers, the market sector where most of PassMarks customers lie. At least 20 of the companies already using PassMarks products are financial services institutions, and RSA said the addition of those firms to its eFraudNetwork will also help its researchers stay further ahead of emerging threats and phishing attacks. Companies share information on newly discovered threats via the network, helping to alert each other, and RSA, about potential attacks.

Among the specific technologies gained by RSA through the buyout is a two-factor authentication system that uniquely associates individuals to Web sites based on a password and specific information about the devices they use to access the URLs. The package includes what Menlo Park, Calif.-based PassMark identifies as a voice-based biometric authentication system that promises to recognize wired and wireless phones in combination with the sound of a persons voice to offer remote two-factor account access over a handset.

On the flip side, the PassMark tools serve up unique images to end users upon entering their information in order to reassure people that they are logging onto legitimate sites and not phishing schemes.

The PassMark acquisition marks the second major deal announced by RSA in recent months. In December the company bought out Cyota, which makes malware detection applications, for $145 million. The company said it made that deal in an effort to blend its secure authentication hardware and software with Cyotas anti-fraud technology to better protect consumer identity and online transaction information.

/zimages/2/28571.gifClick here to read more about RSAs acquisition of Cyota.

The latest buyout is aimed at expanding RSAs reach in a similar manner, said John Worrall, vice president of marketing for the Bedford, Mass., company. RSAs overarching goal with the deals is to build a complete and fully integrated authentication and fraud-detection package.

"This deal allows us to offer financial services authentication and accelerate our market growth by bulking up with big-name customers and additional partners," said Worrall. "Were clear believers that when it comes to authentication, customers want to use different approaches for different audiences, and our overall strategy has been to try to offer more choice in the types of solutions customers want to deploy."

Worrall said that PassMarks software is particularly attractive to financial services companies because the device-authentication system allows the firms to better tailor their log-on and password policies to various types of customers. The system treats someone attempting to log on from an unfamiliar device much differently than someone accessing their account from the same machine they always use, for example. Companies using the PassMark tools include financial services behemoth Bank of America.

While RSA said it plans to add talent from PassMarks sales, engineering, implementation and support teams, the company did not say whether it planned any layoffs related to the merger of the two firms. The security company said it is setting aside $2.7 million to fund employee retention plans and termination costs, and that it will also reserve approximately 80,000 shares of its common stock related to the assumption of PassMarks stock option plan.

Bill Harris, PassMarks co-founder and chairman, will join RSAs board of directors effective immediately following the closing of the transaction. Harris previously served as the chief executive officer at Intuit and PayPal.

RSA, which announced first-quarter 2006 estimates that handily beat market analysts projections in mid-April, upped its second-quarter estimates based on the addition of PassMark. The company said it anticipates revenue for the quarter to be in the range of $89 million to $94 million, compared with its previous guidance of sales ranging from $88 million to $92 million.

According to a new research report released by analysts at Merrill Lynch, demand for security software slowed down in March after increasing slightly in February, with sales of anti-virus applications continuing to outpace other types of products. Among the companies seeing sales of their non-malware-related applications drop off noticeably were market leaders McAfee and Symantec, according to the report.

However, Merrill Lynch said that solid financial returns from RSA and rivals including Citrix may indicate that customers are shifting spending to newer technologies such as authentication systems.

Some industry experts have predicted a trend toward consolidation among security industry players, a concept that would appear to be proven by RSAs acquisition of PassMark. RSA executives would not comment on any further buyout plans, but said the company will retain its current growth strategy.

"Were finally starting to see the signs of Moores Law applying to security, where the number of companies being bought, sold or shut down now outnumber the new startups," said John Pescatore, an analyst with Stamford, Conn.-based Gartner. "In addition to the simple fact that customers may not be spending as much on security as they were during the post-9/11 and compliance eras, you have large companies like Microsoft and Cisco bringing rival technologies to market; this will likely have an effect on the entire industry over the next decade, and there will likely be more consolidation for all these reasons."

/zimages/2/28571.gifCheck out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at Security Center Editor Larry Seltzers Weblog.