Xceedium, Inc., was a network security software company providing privileged identity and access management solutions which was subsequently acquired by

CA Technologies CA Technologies, Inc., formerly Computer Associates International, Inc., and CA, Inc., was an American multinational corporation, multinational enterprise software developer and publisher that existed from 1976 to 2018. CA grew to rank as one o ...

. Their software is used to control and manage the risks that privileged users, privileged accounts (admin, root, etc.) and privileged credentials (passwords, certificates, digital keys, etc.) pose to systems and data.

History

Xceedium Inc., was founded in 2000 by David Van and David Cheung when the company split from Lucid Technologies Group, a company created in 1995. The company developed software for internal use that provided its consultants with secure remote access to sensitive customer systems. This software became the core technology for the ''Xceedium GateKeeper'' product. Xceedium's products were aimed at mid-large sized enterprises in vertical market segments including

banking A bank is a financial institution that accepts Deposit account, deposits from the public and creates a demand deposit while simultaneously making loans. Lending activities can be directly performed by the bank or indirectly through capital m ...

and

financial services Financial services are service (economics), economic services tied to finance provided by financial institutions. Financial services encompass a broad range of tertiary sector of the economy, service sector activities, especially as concerns finan ...

retail Retail is the sale of goods and services to consumers, in contrast to wholesaling, which is the sale to business or institutional customers. A retailer purchases goods in large quantities from manufacturers, directly or through a wholes ...

, telecom,

healthcare Health care, or healthcare, is the improvement or maintenance of health via the preventive healthcare, prevention, diagnosis, therapy, treatment, wikt:amelioration, amelioration or cure of disease, illness, injury, and other disability, physic ...

energy Energy () is the physical quantity, quantitative physical property, property that is transferred to a physical body, body or to a physical system, recognizable in the performance of Work (thermodynamics), work and in the form of heat and l ...

and

government A government is the system or group of people governing an organized community, generally a State (polity), state. In the case of its broad associative definition, government normally consists of legislature, executive (government), execu ...

agencies. They marketed their product through a global partner network. Xceedium's headquarters was originally located in Jersey City, New Jersey until it relocated to Northern Virginia in March 2011. Initial funding for the venture-backed company came from ArrowPath Venture Partners and Nationwide Mutual Capital. Xceedium was a private,

venture capital Venture capital (VC) is a form of private equity financing provided by firms or funds to start-up company, startup, early-stage, and emerging companies, that have been deemed to have high growth potential or that have demonstrated high growth in ...

backed company with funding from ArrowPath Venture Partners and Nationwide Mutual Capital. In June 2012, Xceedium closed a $12 million financing led by ArrowPath Venture Partners bringing the total capital raised to $25 million Xceedium was acquired by

in August 2015.

Products

''Xceedium Gatekeeper'' was the first product designed by the company, initially built with

out-of-band In telecommunications, out-of-band activity is activity outside a defined frequency band, or, metaphorically, outside of any primary communication channel. Protection from falsing is among its purposes. Examples General usage * Out-of-band agr ...

and

in-band In telecommunications, in-band signaling is the sending of control information within the same band or channel used for data such as voice or video. This is in contrast to out-of-band signaling which is sent over a different channel, or even o ...

KVM for remote IT control. The ''GateKeeper'' software was updated to provide network-based access control and session recording/playback. Later, ''GateKeeper'' and ''Cloakware Password Authority'' (a product acquired from Irdeto) were integrated to form ''Xceedium Xsuite''. The main capabilities of ''Xceedium Xsuite'' were: role-based access control, command filtering (white/black list), user containment (prevents SSH based leapfrogging or RDP hopping to unauthorized nodes), session monitoring/policy violation alerting, session recording and playback and privileged password vaulting and management. The ''Xceedium Xsuite'' platform enabled organizations to apply the

principle of least privilege In information security, computer science, and other fields, the principle of least privilege (PoLP), also known as the principle of minimal privilege (PoMP) or the principle of least authority (PoLA), requires that in a particular abstraction l ...

, which holds that systems and individuals should only be granted access to the resources and commands that are absolutely necessary for the required task. According to the company, ''Xsuite'' limited access for privileged users to the systems and commands for which they are explicitly authorized (

Role-based access control In computer systems security, role-based access control (RBAC) or role-based security is an approach to restricting system access to authorized users, and to implementing mandatory access control (MAC) or discretionary access control, discretion ...

). It also monitored the activities of privileged users and sent alerts when individuals attempted to violate a policy. The system recorded privileged user sessions such as

telnet Telnet (sometimes stylized TELNET) is a client-server application protocol that provides access to virtual terminals of remote systems on local area networks or the Internet. It is a protocol for bidirectional 8-bit communications. Its main ...

RDP RDP may refer to: Computing * Ramer–Douglas–Peucker algorithm, an algorithm for polygonal simplification * Recombination detection program, for analysing genetic recombination * Recursive descent parser, a type of top-down parser * Remote Desk ...

, SSH, and VNC and provided a mechanism to replay recorded session for investigations and forensics. ''Xsuite Cloud for

Amazon Web Services Amazon Web Services, Inc. (AWS) is a subsidiary of Amazon.com, Amazon that provides Software as a service, on-demand cloud computing computing platform, platforms and Application programming interface, APIs to individuals, companies, and gover ...

(AWS)'' was introduced as an extension to the ''Xsuite'' platform. It provided privileged identity and access management for standalone AWS implementations or hybrid architectures that can include infrastructure nodes (e.g., servers, network devices, storage devices, security systems) running on: AWS

Amazon Elastic Compute Cloud Amazon Elastic Compute Cloud (EC2) is a part of Amazon's cloud-computing platform, Amazon Web Services (AWS), that allows users to rent virtual computers on which to run their own computer applications. EC2 encourages scalable deployment of ap ...

(EC2), private clouds, as virtual machines or traditional single OS/hardware scenarios. Following the acquisition of Xceedium by CA, ''Xceedium Xsuite'' was integrated into the CA product range as ''CA Privileged Access Manager''.

References

{{Reflist 2000 establishments in Virginia 2015 mergers and acquisitions 2015 disestablishments in Virginia American companies established in 2000 American companies disestablished in 2015 CA Technologies Computer companies established in 2000 Computer companies disestablished in 2015 Computer security software Defunct computer companies of the United States Defunct computer hardware companies