Vulnerabilities / Threats
03:11 PM

EMC Buys Network Security Company NetWitness

NetWitness' network analysis and visualization tools, used to investigate the high-profile breach of RSA's SecurID authentication system, will be folded into EMC's RSA security management products.

Strategic Security Survey: Global Threat, Local Pain
Strategic Security Survey: Global Threat, Local Pain
(click image for larger view and for full slideshow)
EMC has bought NetWitness, whose network security analysis and visualization software is expected to give EMC an edge over other enterprise vendors, such HP, Cisco, and IBM.

EMC announced the acquisition Monday and said the purchase had been completed April 1. NetWitness will become a "core element" of EMC's RSA security management products. EMC acquired security firm RSA in 2006 in becoming a one-stop shop for enterprise information and content management.

NetWitness recently extended the network security analysis capabilities in its technology to also include automated malware analysis, which is important for tracking persistent threats to a corporate network. The company announced at the 2011 RSA Conference that it would release in the second quarter a new product called Spectrum, which provides multiple signature-free methods to identify advanced and zero-day malware.

"The intensity and sophistication of advanced adversaries and zero-day malware challenge every organization to rethink traditional approaches to network security," RSA president Tom Heiser said in a statement.

Rocky DeStefano, president and chief executive of consulting firm Decurity, said RSA can use NetWitness to close "some gaping holes" in current products, and add advanced security analytics that go beyond what is currently available from other enterprise vendors, such as HP, Cisco, Symantec, and CA.

"My advice to EMC is very simple," DeStefano said in his blog. "Let NetWitness run wild. It's a family that can deliver you to greatness if you allow them to lead the way."

Experts also expect the deal to raise the profile of other companies offering data-driven security products, such as AccessData, Niksun, Solera Networks, Fireeye, NitroSecurity, Mandiant, and Q1Labs. The market is likely to see acquisitions or partnerships arise as enterprise companies like HP, SourceFire, CA, Cisco, and IBM look to compete more directly with what EMC will have, according to DeStafano.

Scott Crawford, analyst for Enterprise Management Associates, pointed out in his blog that the acquisition followed a recent high-profile breach of RSA systems, which NetWitness helped investigate. In March, RSA reported "an extremely sophisticated cyber attack," called an advanced persistent threat (APT), which resulted in information being taken from RSA's systems.

Some of the information was related to RSA's SecurID two-factor authentication products. RSA said the information could potentially be used to reduce the effectiveness of a SecurID implementation.

"If there's anything that highlights that [NetWitness'] level of deep visibility in security has arrived, it's RSA's own recent breach," Crawford said. "Though one must assume that at least part of RSA's generous reference to the role NetWitness played in revealing the nature of its breach was to lead up to this announcement, it cannot be denied that NetWitness is already widely used for just this purpose."

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Current Issue
E-Commerce Security: What Every Enterprise Needs to Know
The mainstream use of EMV smartcards in the US has experts predicting an increase in online fraud. Organizations will need to look at new tools and processes for building better breach detection and response capabilities.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2015-10-15
The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated b...

Published: 2015-10-15
netstat in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x, when a fibre channel adapter is used, allows local users to gain privileges via unspecified vectors.

Published: 2015-10-15
Cross-site request forgery (CSRF) vulnerability in eXtplorer before 2.1.8 allows remote attackers to hijack the authentication of arbitrary users for requests that execute PHP code.

Published: 2015-10-15
Directory traversal vulnerability in QNAP QTS before 4.1.4 build 0910 and 4.2.x before 4.2.0 RC2 build 0910, when AFP is enabled, allows remote attackers to read or write to arbitrary files by leveraging access to an OS X (1) user or (2) guest account.

Published: 2015-10-15
Cisco Application Policy Infrastructure Controller (APIC) 1.1j allows local users to gain privileges via vectors involving addition of an SSH key, aka Bug ID CSCuw46076.

Dark Reading Radio