Security Solution Relying on CA, Arcot Technology Helps Businesses Reduce Risks Associated with On-Line Fraud, Identity Theft

CA to Resell Arcot RiskFort with CA SiteMinder Web Access Manager to Secure Web Businesses Using Risk-based Authentication and Web Access Management

ISLANDIA, N.Y., August 2008 – CA, Inc. (NASDAQ:CA) and Arcot Systems today announced the availability of a solution designed to help organizations reduce the risk of fraud and identity theft in online transactions through risk-based authentication. Businesses are employing risk-based authentication technologies for their Web-facing applications in light of threats such as phishing and other forms of social engineering, as well as in response to regulatory initiatives such as online banking guidance issued by the Federal Financial Institutions Examination Council, the market trend to deliver software-as-a-service, and simple good business practices.

The reseller agreement with Arcot allows CA to extend its suite of identity and access management products that help secure Web businesses and identities online. By implementing risk-based authentication technology, CA customers can confidently conduct Web-based transactions. It also helps instill in their customers and other users a level of comfort that their identities and their personal, private information are better protected online.

Further driving the movement to risk-based authentication is the need to improve security practices to protect a corporate reputation and assure customers their data is safe. A recent security survey sponsored by CA revealed that an average of 34 percent of the respondents reported either loss of trust or confidence, embarrassment or reduced customer satisfaction as a result of a security breach.

“Financial institutions, government agencies, retail businesses, and health care organizations are struggling with the dramatic increase in online fraud and identity theft,” noted Mark Diodati, senior identity and privacy analyst with Burton Group. “The integration of web access management with risk-based authentication provides great synergies by enabling organizations to dynamically adapt to evolving threats, and improve their compliance posture. The use of stronger authentication with web access management can also reduce risk and improve customer confidence.”

CA SiteMinder Web Access Manager and Arcot RiskFort

The combination of CA SiteMinder Web Access Manager with Arcot RiskFort offers organizations a risk-based authentication capability that helps detect, assess and block fraud attempts in real time for any consumer- or enterprise-facing portal. By comparing the context of current transactional requests with historical performance, and using statistics and analysis to identify abnormal activity, RiskFort calculates a risk score. CA SiteMinder can then grant or deny access, or initiate other actions based on the risk score and corporate security policies.

For example, if you normally access your online bank account from your home desktop computer in New York, but you are attempting to log in from a laptop connected in Germany, this could raise a flag because it is outside the “normal activity” RiskFort has identified for your account. As a result, you may be granted access, denied access, granted access with limited rights or redirected for further qualification all based on the risk policies of the organization.

“Proving that you are who you say you are is of paramount importance for everyone involved in any online transaction. As all industry sectors expand to take advantage of the Web and open more applications to customers, remote employees, contractors and partners, it is essential that they have additional capabilities to assure the identity of the individuals requesting access,” said Bill Mann, senior vice president, CA Security Management.

“Moving forward as Web 2.0, software-as-a-service, collaboration and social networks gain greater relevance for business, the demand for identity assurance will be even more critical. CA SiteMinder and the addition of Arcot RiskFort gives customers a solution for risk-based authentication, identity assurance and application access that is easily and cost-effectively deployed,” said Mann.

CA SiteMinder Web Access Manager and Arcot WebFort

For those customers who prefer to use a software-only approach to strong authentication versus hardware-based alternatives, the agreement between Arcot and CA also enables CA to resell Arcot WebFort and provide it integrated with CA SiteMinder Web Access Manager. This provides customers with an easy-to-deploy, low cost, software based alternative for strong authentication and secure Web access.

“The days of simply requiring a user ID and password for authentication are numbered as the risk is simply too great,” said Ram Varadarajan, president and CEO of Arcot. "At the same time, stronger authentication must be simple and convenient for users or they will not use it. Arcot’s best-in-class authentication automatically strengthens the security of password-based authentication and bridges the gap between security, cost and convenience. Arcot RiskFort and WebFort products provide protection from Internet threats while retaining a familiar, easy-to-use username/password user experience without having to deploy hardware tokens.”