Vulnerabilities / Threats
4/4/2011
03:11 PM
50%
50%

EMC Buys Network Security Company NetWitness

NetWitness' network analysis and visualization tools, used to investigate the high-profile breach of RSA's SecurID authentication system, will be folded into EMC's RSA security management products.

Strategic Security Survey: Global Threat, Local Pain
Strategic Security Survey: Global Threat, Local Pain
(click image for larger view and for full slideshow)
EMC has bought NetWitness, whose network security analysis and visualization software is expected to give EMC an edge over other enterprise vendors, such HP, Cisco, and IBM.

EMC announced the acquisition Monday and said the purchase had been completed April 1. NetWitness will become a "core element" of EMC's RSA security management products. EMC acquired security firm RSA in 2006 in becoming a one-stop shop for enterprise information and content management.

NetWitness recently extended the network security analysis capabilities in its technology to also include automated malware analysis, which is important for tracking persistent threats to a corporate network. The company announced at the 2011 RSA Conference that it would release in the second quarter a new product called Spectrum, which provides multiple signature-free methods to identify advanced and zero-day malware.

"The intensity and sophistication of advanced adversaries and zero-day malware challenge every organization to rethink traditional approaches to network security," RSA president Tom Heiser said in a statement.

Rocky DeStefano, president and chief executive of consulting firm Decurity, said RSA can use NetWitness to close "some gaping holes" in current products, and add advanced security analytics that go beyond what is currently available from other enterprise vendors, such as HP, Cisco, Symantec, and CA.

"My advice to EMC is very simple," DeStefano said in his blog. "Let NetWitness run wild. It's a family that can deliver you to greatness if you allow them to lead the way."

Experts also expect the deal to raise the profile of other companies offering data-driven security products, such as AccessData, Niksun, Solera Networks, Fireeye, NitroSecurity, Mandiant, and Q1Labs. The market is likely to see acquisitions or partnerships arise as enterprise companies like HP, SourceFire, CA, Cisco, and IBM look to compete more directly with what EMC will have, according to DeStafano.

Scott Crawford, analyst for Enterprise Management Associates, pointed out in his blog that the acquisition followed a recent high-profile breach of RSA systems, which NetWitness helped investigate. In March, RSA reported "an extremely sophisticated cyber attack," called an advanced persistent threat (APT), which resulted in information being taken from RSA's systems.

Some of the information was related to RSA's SecurID two-factor authentication products. RSA said the information could potentially be used to reduce the effectiveness of a SecurID implementation.

"If there's anything that highlights that [NetWitness'] level of deep visibility in security has arrived, it's RSA's own recent breach," Crawford said. "Though one must assume that at least part of RSA's generous reference to the role NetWitness played in revealing the nature of its breach was to lead up to this announcement, it cannot be denied that NetWitness is already widely used for just this purpose."

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-5427
Published: 2015-03-29
Johnson Controls Metasys 4.1 through 6.5, as used in Application and Data Server (ADS), Extended Application and Data Server (aka ADX), LonWorks Control Server 85 LCS8520, Network Automation Engine (NAE) 55xx-x, Network Integration Engine (NIE) 5xxx-x, and NxE8500, allows remote attackers to read pa...

CVE-2014-5428
Published: 2015-03-29
Unrestricted file upload vulnerability in unspecified web services in Johnson Controls Metasys 4.1 through 6.5, as used in Application and Data Server (ADS), Extended Application and Data Server (aka ADX), LonWorks Control Server 85 LCS8520, Network Automation Engine (NAE) 55xx-x, Network Integratio...

CVE-2014-9205
Published: 2015-03-29
Stack-based buffer overflow in the PmBase64Decode function in an unspecified demonstration application in MICROSYS PROMOTIC stable before 8.2.19 and PROMOTIC development before 8.3.2 allows remote attackers to execute arbitrary code by providing a large amount of data.

CVE-2015-0528
Published: 2015-03-29
The RPC daemon in EMC Isilon OneFS 6.5.x and 7.0.x before 7.0.2.13, 7.1.0 before 7.1.0.6, 7.1.1 before 7.1.1.2, and 7.2.0 before 7.2.0.1 allows local users to gain privileges by leveraging an ability to modify system files.

CVE-2015-0996
Published: 2015-03-29
Schneider Electric InduSoft Web Studio before 7.1.3.4 SP3 Patch 4 and InTouch Machine Edition 2014 before 7.1.3.4 SP3 Patch 4 rely on a hardcoded cleartext password to control read access to Project files and Project Configuration files, which makes it easier for local users to obtain sensitive info...

Dark Reading Radio
Archived Dark Reading Radio
Good hackers--aka security researchers--are worried about the possible legal and professional ramifications of President Obama's new proposed crackdown on cyber criminals.