CA Technologies announced it has signed a definitive agreement to acquire privately held Xceedium, a provider of privileged identity management solutions that protect on-premise, cloud and hybrid IT environments. Terms of the agreement were not disclosed. The transaction is expected to close within the quarter.
Recent mega breaches and growing compliance and audit demands have increased the need to control and manage the credentials and activities of privileged users who have unfettered access to high-value systems that store and process sensitive information.
The acquisition of Xceedium will extend CA’s security portfolio, giving customers a comprehensive solution for controlling and protecting IT administrator or other privileged user accounts from external attacks or insider mistakes and malicious misuse.
“Our digital world gives organizations tremendous opportunity; it also introduces additional regulatory demands and increased risk as bad actors penetrate our networks using stolen credentials which give them the proverbial ‘keys to the kingdom,'”  says Michael Horn, CA Southern Africa’s business unit head: security. “The CA and Xceedium combination will reinforce our leadership position in privileged identity management and offer customers a flexible approach to managing privileged identity compliance and risk.”
Xsuite, Xceedium’s innovative privileged identity management solution for hybrid IT environments, offers an identity-centric, proxy-based approach. It provides a centralized point of authentication for administrators, brokering the release of credentials for shared administrative accounts without exposing them to the risk of theft, compromise, or misuse.
Deployed as a physical or virtual appliance or as an Amazon machine image, Xsuite provides scalability and simplified deployment. It also helps address security and compliance needs: namely, centralized shared account management for enhanced administrator accountability, administrative session recording for audit and incident forensics, and command filtering to limit the scope of administrator activity and network access.
This complements CA Privileged Identity Manager’s resource- or host-based access control approach, which focuses on controlling access to the server operating system and limits the scope for administrators – especially superusers – to modify processes, configuration files or registries. CA’s solution supplements centralised IT administrator access management with controls to minimise the risk of a privileged user unleashing malware – a common tactic used by attackers to launch breaches and avoid detection. Together, the solutions will help protect privileged accounts from compromise, provide tightly-defined access controls, and enable monitoring of privileged user activity across an organization’s entire hybrid IT infrastructure, further minimising the risk of breaches.
“Protecting against attacks on privileged user credentials can be the difference between staying in business and going out of business. It also has become a critical element of our national defence as recent attacks on government systems reveal an escalation in attacks from cybercrime to cyberespionage,” says Glenn Hazard, Xceedium CEO. “Stealing and exploiting privileged accounts is a central element of the kill chain in cyber-attacks of all kinds, regardless of attacker origin. We’re excited to join forces with CA to help deliver a next generation threat mitigation suite to the market that directly addresses these devastating data breaches and attacks.”