Next-Generation Technologies & Secure Development,
Privileged Access Management,
Security Operations
Risk Scoring to Enable Real-Time Action by Imprivata on Suspicious Access Attempts
Imprivata has acquired Verosint, a startup specializing in identity threat detection and response. This strategic move aims to enhance defenses against cybercriminals attempting to impersonate legitimate users, particularly in the healthcare sector.
According to Imprivata’s CEO Fran Rosch, the acquisition addresses the growing necessity for risk-based identity and access management. Verosint’s technology, which analyzes over 150 real-time risk signals, will be integrated into Imprivata’s existing access management and privileged access management (PAM) services to facilitate smarter, instantaneous authentication decisions.
“Bringing ITDR and SSO together allows for immediate intervention and helps prevent incidents from occurring in the first place,” Rosch explained. The integration will enable the detection of risks as they happen, allowing swift action to mitigate potential threats.
Founded in 2021, Verosint emerged from the shadows in mid-2022 with substantial funding from investors and a rebranding from its previous identity of 443ID. The company was co-founded by Steve Shoaff, a former leader at UnboundID and Ping Identity.
How Risk-Based Access Can Keep Organizations Safe
The rise of credential theft and phishing, compounded by AI-driven social engineering techniques, has underscored serious vulnerabilities in traditional access models. Verosint’s advanced risk engine provides Imprivata a quick-to-market solution that significantly enhances its capabilities in the face of evolving cyber threats.
“Historically, access management relied on static identifiers like passwords,” Rosch remarked. However, with the advancement of AI-powered impersonation tactics, there is a critical need for organizations to adopt more adaptive security measures. Verosint’s technology allows for real-time user behavior analysis, enabling immediate responses such as strengthened authentication or outright blocks when anomalies are detected.
Rosch pointed out that current systems tend to apply uniform authentication paths regardless of individual risk assessments. The integrated approach of combining ITDR with SSO can dynamically adjust, reducing friction for legitimate users while increasing scrutiny toward potentially compromised accounts.
Why Supply Chain Risk Is So Vexing for Identity Providers
A significant challenge for organizations lies in managing access controls for external parties, including contractors and vendors who may misuse shared passwords or compromised devices. With the implementation of Verosint’s ITDR, Imprivata can now scrutinize third-party behaviors in real-time to detect irregularities such as credential reuse or attempts from unusual locations.
This development is particularly important as supply chain vulnerabilities can expose systems to considerable risk. According to Rosch, integrating advanced risk signaling into existing systems enhances the ability to authenticate vendors and mitigate anomalous activity.
Imprivata aims to fully integrate Verosint’s risk management engine into its platform by the end of 2025, with ongoing functionality testing in 2026. The company is committed to developing a risk-based approach into its primary enterprise access management offerings, as well as its privileged access solutions.
Looking ahead, Imprivata will measure the success of the Verosint acquisition by assessing the adoption rate of its advanced passwordless access features among its existing customer base. These features, alongside capabilities like real-time ITDR scoring, will be pivotal in defining the long-term impact of this acquisition.
