Vulnerabilities / Threats
4/4/2011
03:11 PM
50%
50%

EMC Buys Network Security Company NetWitness

NetWitness' network analysis and visualization tools, used to investigate the high-profile breach of RSA's SecurID authentication system, will be folded into EMC's RSA security management products.

Strategic Security Survey: Global Threat, Local Pain
Strategic Security Survey: Global Threat, Local Pain
(click image for larger view and for full slideshow)
EMC has bought NetWitness, whose network security analysis and visualization software is expected to give EMC an edge over other enterprise vendors, such HP, Cisco, and IBM.

EMC announced the acquisition Monday and said the purchase had been completed April 1. NetWitness will become a "core element" of EMC's RSA security management products. EMC acquired security firm RSA in 2006 in becoming a one-stop shop for enterprise information and content management.

NetWitness recently extended the network security analysis capabilities in its technology to also include automated malware analysis, which is important for tracking persistent threats to a corporate network. The company announced at the 2011 RSA Conference that it would release in the second quarter a new product called Spectrum, which provides multiple signature-free methods to identify advanced and zero-day malware.

"The intensity and sophistication of advanced adversaries and zero-day malware challenge every organization to rethink traditional approaches to network security," RSA president Tom Heiser said in a statement.

Rocky DeStefano, president and chief executive of consulting firm Decurity, said RSA can use NetWitness to close "some gaping holes" in current products, and add advanced security analytics that go beyond what is currently available from other enterprise vendors, such as HP, Cisco, Symantec, and CA.

"My advice to EMC is very simple," DeStefano said in his blog. "Let NetWitness run wild. It's a family that can deliver you to greatness if you allow them to lead the way."

Experts also expect the deal to raise the profile of other companies offering data-driven security products, such as AccessData, Niksun, Solera Networks, Fireeye, NitroSecurity, Mandiant, and Q1Labs. The market is likely to see acquisitions or partnerships arise as enterprise companies like HP, SourceFire, CA, Cisco, and IBM look to compete more directly with what EMC will have, according to DeStafano.

Scott Crawford, analyst for Enterprise Management Associates, pointed out in his blog that the acquisition followed a recent high-profile breach of RSA systems, which NetWitness helped investigate. In March, RSA reported "an extremely sophisticated cyber attack," called an advanced persistent threat (APT), which resulted in information being taken from RSA's systems.

Some of the information was related to RSA's SecurID two-factor authentication products. RSA said the information could potentially be used to reduce the effectiveness of a SecurID implementation.

"If there's anything that highlights that [NetWitness'] level of deep visibility in security has arrived, it's RSA's own recent breach," Crawford said. "Though one must assume that at least part of RSA's generous reference to the role NetWitness played in revealing the nature of its breach was to lead up to this announcement, it cannot be denied that NetWitness is already widely used for just this purpose."

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2012-1978
Published: 2015-05-21
Multiple cross-site request forgery (CSRF) vulnerabilities in Simple PHP Agenda 2.2.8 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) add an administrator via a request to auth/process.php, (2) delete an administrator via a request to auth/admi...

CVE-2015-0741
Published: 2015-05-21
Multiple cross-site request forgery (CSRF) vulnerabilities in Cisco Prime Central for Hosted Collaboration Solution (PC4HCS) 10.6(1) and earlier allow remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCut04596.

CVE-2015-0742
Published: 2015-05-21
The Protocol Independent Multicast (PIM) application in Cisco Adaptive Security Appliance (ASA) Software 9.2(0.0), 9.2(0.104), 9.2(3.1), 9.2(3.4), 9.3(1.105), 9.3(2.100), 9.4(0.115), 100.13(0.21), 100.13(20.3), 100.13(21.9), and 100.14(1.1) does not properly implement multicast-forwarding registrati...

CVE-2015-0746
Published: 2015-05-21
The REST API in Cisco Access Control Server (ACS) 5.5(0.46.2) allows remote attackers to cause a denial of service (API outage) by sending many requests, aka Bug ID CSCut62022.

CVE-2015-0915
Published: 2015-05-21
Cross-site scripting (XSS) vulnerability in RAKUS MailDealer 11.2.1 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted attachment filename.

Dark Reading Radio
Archived Dark Reading Radio
Join security and risk expert John Pironti and Dark Reading Editor-in-Chief Tim Wilson for a live online discussion of the sea-changing shift in security strategy and the many ways it is affecting IT and business.