One company’s misery is another’s opportunity. CA Technologies is reaching out to jittery RSA customers with a trade-in deal: SecurID tokens for CA ArcotID secure software licenses.
Ever since RSA Security’s executive chairman Art Coviello disclosed on March 17 that attackers had successfully breached the companys networks and stolen information related to the company’s SecurID two-factor authentication technology, customers have been worried about the security of their SecurID deployments.
“Those hardware tokens have no upgrade path and would have to be replaced,” said Bruce Schneier, chief security technology officer at British Telecom. If customers feel that SecurID is compromised, they are likely to replace them with competing products, he said on his Schneier on Security blog.
CA Technologies made its move with a limited-time swap program that allows RSA customers to receive three-year enterprise licenses for CA ArcotID secure software credentials for every RSA SecurID tokens traded in. Customers will also receive the CA Arcot WebFort authentication server, CA announced on March 29. The program will run till Sept. 30.
Assuming that the attackers stole the seed values used to generate the one-time passwords on the SecurID tokens, a number of security experts have speculated that RSA customers will need to replace all deployed hardware tokens to prevent attackers from using the seed values to break in to secure networks.
CA’s offer may seem pretty attractive to RSA customers, as the company promised the only cost to the making the switch was on-going maintenance. In contrast, replacing these tokens with new ones from RSA could be an expensive proposition for customers.
For more, read the eWEEK article: CA Capitalizes on RSA SecurID Breach with a Token Trade-in Program.