Vulnerabilities / Threats
4/4/2011
03:11 PM
50%
50%

EMC Buys Network Security Company NetWitness

NetWitness' network analysis and visualization tools, used to investigate the high-profile breach of RSA's SecurID authentication system, will be folded into EMC's RSA security management products.

Strategic Security Survey: Global Threat, Local Pain
Strategic Security Survey: Global Threat, Local Pain
(click image for larger view and for full slideshow)
EMC has bought NetWitness, whose network security analysis and visualization software is expected to give EMC an edge over other enterprise vendors, such HP, Cisco, and IBM.

EMC announced the acquisition Monday and said the purchase had been completed April 1. NetWitness will become a "core element" of EMC's RSA security management products. EMC acquired security firm RSA in 2006 in becoming a one-stop shop for enterprise information and content management.

NetWitness recently extended the network security analysis capabilities in its technology to also include automated malware analysis, which is important for tracking persistent threats to a corporate network. The company announced at the 2011 RSA Conference that it would release in the second quarter a new product called Spectrum, which provides multiple signature-free methods to identify advanced and zero-day malware.

"The intensity and sophistication of advanced adversaries and zero-day malware challenge every organization to rethink traditional approaches to network security," RSA president Tom Heiser said in a statement.

Rocky DeStefano, president and chief executive of consulting firm Decurity, said RSA can use NetWitness to close "some gaping holes" in current products, and add advanced security analytics that go beyond what is currently available from other enterprise vendors, such as HP, Cisco, Symantec, and CA.

"My advice to EMC is very simple," DeStefano said in his blog. "Let NetWitness run wild. It's a family that can deliver you to greatness if you allow them to lead the way."

Experts also expect the deal to raise the profile of other companies offering data-driven security products, such as AccessData, Niksun, Solera Networks, Fireeye, NitroSecurity, Mandiant, and Q1Labs. The market is likely to see acquisitions or partnerships arise as enterprise companies like HP, SourceFire, CA, Cisco, and IBM look to compete more directly with what EMC will have, according to DeStafano.

Scott Crawford, analyst for Enterprise Management Associates, pointed out in his blog that the acquisition followed a recent high-profile breach of RSA systems, which NetWitness helped investigate. In March, RSA reported "an extremely sophisticated cyber attack," called an advanced persistent threat (APT), which resulted in information being taken from RSA's systems.

Some of the information was related to RSA's SecurID two-factor authentication products. RSA said the information could potentially be used to reduce the effectiveness of a SecurID implementation.

"If there's anything that highlights that [NetWitness'] level of deep visibility in security has arrived, it's RSA's own recent breach," Crawford said. "Though one must assume that at least part of RSA's generous reference to the role NetWitness played in revealing the nature of its breach was to lead up to this announcement, it cannot be denied that NetWitness is already widely used for just this purpose."

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-0999
Published: 2015-06-02
Sendio before 7.2.4 includes the session identifier in URLs in emails, which allows remote attackers to obtain sensitive information and hijack sessions by reading the jsessionid parameter in the Referrer HTTP header.

CVE-2014-8391
Published: 2015-06-02
The Web interface in Sendio before 7.2.4 does not properly handle sessions, which allows remote authenticated users to obtain sensitive information from other users' sessions via a large number of request.

CVE-2015-0759
Published: 2015-06-02
Cross-site request forgery (CSRF) vulnerability in Cisco Headend Digital Broadband Delivery System allows remote attackers to hijack the authentication of arbitrary users.

CVE-2015-0850
Published: 2015-06-02
The Git plugin for FusionForge before 6.0rc4 allows remote attackers to execute arbitrary code via an unspecified parameter when creating a secondary Git repository.

CVE-2015-1945
Published: 2015-06-02
Unspecified vulnerability in the Reference Data Management component in IBM InfoSphere Master Data Management 10.1, 11.0, 11.3 before FP3, and 11.4 allows remote authenticated users to gain privileges via unknown vectors.

Dark Reading Radio
Archived Dark Reading Radio
From Target to Sony to Anthem, they are happening all around you: the “big” data breaches that compromise critical data and threaten the welfare of the corporate brand. Is your organization ready to respond?