Irvine-based SecureAuth, which specializes in identity security software, has acquired Acceptto to boost cyber protections as more workers go to a hybrid model shifting between home and office.
The acquisition will position SecureAuth to take advantage of the increasingly strategic need for enterprises to better secure identities to support their growing hybrid workforce, including the use of artificial intelligence (AI), according to SecureAuth.
“As an industry, we still have a long way ahead of us to deliver fully AI-based authentication policies that are not overly complex and inflexible,” said Ravi Khatod, chief executive and executive chairman of SecureAuth.
Acceptto is “an emerging leader in passwordless authentication and behavioral modeling to infer whether a user is a threat before authentication, during authentication, and post-authorization.”
Chief Product Officer Matthew Ulery said “balancing security with convenience is very challenging.”
He told the Business Journal on Nov. 5 that the goal is to let users “seamlessly authenticate through a variety of different systems from the desktop to applications and throughout the organization” with security involved as transparent or invisible as possible.
Ulery explained it like this:
“I can walk up to the machine, I can click sign-in. I have opened my phone, an app shows up. I hit a button for that machine, and it unlocks the machine, and that’s my login journey,” Ulery said. He said facial recognition could also be added.
Acceptto is a Portland, Ore.-based startup that developed a set of cloud AI-powered multi-factor authentication and passwordless solutions. It has 25 employees.
SecureAuth, founded in 2005, has more than 600 customers globally, and its products are distributed in the cloud, on premises and hybrid.
Clients include two of the three top health insurance companies in the U.S. and three of the top five U.S. airlines, according to the company.
SecureAuth’s subscription software is used by companies including Scripps Health, Michaels, Esteé Lauder, Southwest Airlines, Western Union and the U.S. Environmental Protection Agency.
The privately held company doesn’t disclose revenue; as of 2017 it was estimated to have an annual run rate in the $100 million range.
Identity is the primary security weakness at most organizations, the company says.
The SecureAuth system, based on what it calls “adaptive authentication,” considers context about the user and what they are attempting to access to determine the right login journey for that user.
In addition to its Irvine headquarters, SecureAuth has an office in Buenos Aires and employees around the world, including Canada, Australia, and the U.K.
Vinny Smith’s Newport Beach-based Toba Capital previously held a 45% stake in SecureAuth. Toba cashed out in late 2017 when SecureAuth agreed to a $200 million sale to El Segundo-based private equity firm K1 Investment Management.
Another Irvine-based cybersecurity firm, Netwrix, said Nov. 8 it has introduced a tool known as Anixis Password Policy Enforcer to guard against cyberattacks.
“The combination of poor password practices and widely available hacking tools make compromised login credentials an easy way into a company’s IT infrastructure,” Netwrix said in the announcement.
While much of the cybersecurity concerns has focused on the hybrid workforce, experts are also warning against letting one’s guard down as people look toward the upcoming holiday travel.
Orange County cybersecurity expert and author of “Don’t Hack” Johnny Young—better known as of JohnE Upgrade—offers some tips to protect valuable details and information.
Among them: Don’t announce on social media you’re about to go on vacation; ensure your laptop has a power-on password, and a password for the operating system; and bring a $20 laptop cable lock on vacation with you.