RSA Security and Rivals VeriSign and TriCipher Launch Competing Security Offerings at RSA Conference
- By John K. Waters
SAN FRANCISCO, CA--The 14th annual RSA 2005 Security Conference and Expo, under way this week in San Francisco, saw an upstart and an old rival announce products and initiatives aimed at taking market share from the event's namesake.
RSA Security, which is known primarily as a software company, unveiled its first security appliance at this year's show, along with two new authentication tokens.
The SecurID Appliance, which runs on a special version of Windows Server 2003 that has been hardened in accordance with National Security Agency guidelines, is designed for companies with fewer than 1,000 employees, and it comes preloaded with RSA Authentication Manager 6.0. The price of the device includes SecurID tokens for each user.
RSA's two new tokens, the SecurID SID800 and SID700, are USB-enabled key fob tokens that allow companies to manage a range of authentication credentials--including one-time passwords, digital certificates, and static passwords--on a single device that supports logon for remote access. The SID800 can handle multiple credential types and transfer one-time passwords directly to a user's PC. The SID700 has a new, sleeker form factor than the original SecurID token (35 percent smaller), making it more pocket friendly. Cost of the SecurID device will range from $4,000 for 10 users to $37,000 for 250 users, according to the company.
RSA Security also announced the release of five open specifications to simplify the secure integration of various one-time password (OTP) methods into enterprise applications and infrastructure (with a sixth specification expected shortly). According to the company, these open specifications, which are available for public review and comment, "will provide technology solutions vendors with greater ease and flexibility in integrating support for a wide range of OTP methods, including time-synchronous, event- synchronous and challenge-response solutions." The company cites a number of heavyweight endorsements of the new specs from such companies as Adobe Systems, Check Point Software Technologies, Cisco Systems, Funk Software, iPass, Juniper Networks, Meetinghouse, and Microsoft.
Meanwhile, VeriSign, the Mountain View, CA-based provider of intelligent infrastructure services for the Internet and telecom networks, unveiled some new tokens of its own, along with some new services and programs designed to drive industry adoption of strong authentication. The tokens include one that combines OTP generation and a smart card with on-board flash memory for encrypted storage of credentials. The second token is similar to RSA's SecurID, but priced well below that device (about $15 for the VeriSign token versus around $50 for the SecurID tokens).
The company also announced tighter integration of VeriSign Unified Authentication with the Windows operating environment; an on-premise deployment option that brings the VeriSign worldwide infrastructure to the enterprise; a new channel-partner program and a "competitive upgrade" program, an aggressive pricing initiative that seemed to take aim at RSA's SecurID customers. Under the program, any company migrating 500 or more users to VeriSign will get a price that works out to about $10 per user per year.
A brand new RSA competitor, San Mateo, CA-based TriCipher, made its debut at this year's show, rolling out solutions aimed at RSA's core enterprise customers. Incubated as a division of NSD Japan, a multi-billion dollar Japanese systems integration firm, TriCipher actually launched as a stand-alone entity in the U.S. on February 15. Along with its own start, the startup launched its Armored Credential System at this year's show. The two-factor authentication system splits user credentials: one piece is stored on the TriCipher appliance on the corporate network; the other remains with the user. Typically, the user's portion of the credential is a password, the company says, but it can also be derived from a secret stored on a token, a smart card, or a Trusted Platform Module inside the PC. The hashed password file stays on the user's PC, not the appliance. The strength of the authentication required to log on can be adjusted dynamically and based on the user, the application that is being accessed, or the user's location. The Armored Credential System will start at $5 per seat.
The RSA Security Conference and Expo is the information security industry's largest annual conference and trade show. This year's event, which runs from February 14 to 18, is reportedly setting records with an estimated 10,000-plus attendees and 250 exhibitors.
The theme of this year's show is "The Codes of Prohibition," and event organizers decorated the south wing of San Francisco's Moscone Center with art-deco-style, Depression-era images. Attendees swarmed to the City by the Bay for five days of keynotes, classes, and product demos--not to mention a chance to schmooze with peers and industry heavyweights.
The keynote speakers' list for this year's event includes Microsoft chairman and chief architect Bill Gates, Cisco CEO John Chambers, RSA Security chief exec Art Coviello, and Frank Abagnale, author and world-renowned conman, whose best-selling book, "Catch Me if You Can," was made into a movie starring Leonardo DiCaprio and Tom Hanks.
The conference also features 200 business and technical workshops scheduled in 16 different educational tracks.
For more information, go to: http://2005.rsaconference.com/us.