SecureAuth and Core Security have announced plans to merge, combining security operations and identity and access management.
The aim of the two companies will be to combine network, endpoint, vulnerability and identity security, and offer the industry’s first identity-based security automation platform. The two companies said that this will allow enterprises to visualize and priorities risks, shorten their response time and provide context for identity actions to focus on the most meaningful threats as they occur.
Jeff Kukowski, who will act as CEO of the combined company, said: “Despite the incredible amount of money spent on security technology, front line security professionals in the most sophisticated security operations centers are challenged in managing and visualizing the full attack surface.
“Including identity information into the threat landscape alongside traditional network, endpoint and vulnerability information substantially reduces threat discovery and response time.”
Core Security was formerly acquired by Courion in 2015. This merger is pending regulatory approvals from US government agencies; the company is backed by K1 Investment Management and Toba Capital.
Dominic Trott, research manager (IT Security-Europe) at IDC, told Infosecurity that this reflects what IDC is calling “platform or unified security.”
He said that vendors are responding to the complexity of enterprises' security product environments, and the desire to either better integrate or even simplify them, in two ways:
1. By offering better integrated portfolios that offer more than the sum of their parts
2. By aiming to become the platform around which both in-house and third party products are integrated
He added: “It looks to me like SecureAuth seeks to position itself as more of a platform player, centered around identity, by expanding into vulnerability management and threat response to offer greater value through the combination of the two capability areas.
“It is also notable that the areas in which Core operates (threat and vulnerability management) aim to help customers be more proactive in their approach to security - addressing the potential for an incident before it can occur, rather than responding to it after the event. This is another key feature of the shifting approach towards security that IDC views as being important given the shifting market context (i.e. the three 'mega-drivers' of the evolving threat landscape, digital transformation and regulatory reform).
“Thus, SecureAuth's plan to become a more strategic partner for customers by building an identity-centric platform approach that focuses on IAM and what IDC terms SVM (security and vulnerability management), which happen to be the two fastest growing segments of the security software market according to IDC's forecasts, is a sound move.”