Vulnerabilities / Threats
4/4/2011
03:11 PM
50%
50%

EMC Buys Network Security Company NetWitness

NetWitness' network analysis and visualization tools, used to investigate the high-profile breach of RSA's SecurID authentication system, will be folded into EMC's RSA security management products.

Strategic Security Survey: Global Threat, Local Pain
Strategic Security Survey: Global Threat, Local Pain
(click image for larger view and for full slideshow)
EMC has bought NetWitness, whose network security analysis and visualization software is expected to give EMC an edge over other enterprise vendors, such HP, Cisco, and IBM.

EMC announced the acquisition Monday and said the purchase had been completed April 1. NetWitness will become a "core element" of EMC's RSA security management products. EMC acquired security firm RSA in 2006 in becoming a one-stop shop for enterprise information and content management.

NetWitness recently extended the network security analysis capabilities in its technology to also include automated malware analysis, which is important for tracking persistent threats to a corporate network. The company announced at the 2011 RSA Conference that it would release in the second quarter a new product called Spectrum, which provides multiple signature-free methods to identify advanced and zero-day malware.

"The intensity and sophistication of advanced adversaries and zero-day malware challenge every organization to rethink traditional approaches to network security," RSA president Tom Heiser said in a statement.

Rocky DeStefano, president and chief executive of consulting firm Decurity, said RSA can use NetWitness to close "some gaping holes" in current products, and add advanced security analytics that go beyond what is currently available from other enterprise vendors, such as HP, Cisco, Symantec, and CA.

"My advice to EMC is very simple," DeStefano said in his blog. "Let NetWitness run wild. It's a family that can deliver you to greatness if you allow them to lead the way."

Experts also expect the deal to raise the profile of other companies offering data-driven security products, such as AccessData, Niksun, Solera Networks, Fireeye, NitroSecurity, Mandiant, and Q1Labs. The market is likely to see acquisitions or partnerships arise as enterprise companies like HP, SourceFire, CA, Cisco, and IBM look to compete more directly with what EMC will have, according to DeStafano.

Scott Crawford, analyst for Enterprise Management Associates, pointed out in his blog that the acquisition followed a recent high-profile breach of RSA systems, which NetWitness helped investigate. In March, RSA reported "an extremely sophisticated cyber attack," called an advanced persistent threat (APT), which resulted in information being taken from RSA's systems.

Some of the information was related to RSA's SecurID two-factor authentication products. RSA said the information could potentially be used to reduce the effectiveness of a SecurID implementation.

"If there's anything that highlights that [NetWitness'] level of deep visibility in security has arrived, it's RSA's own recent breach," Crawford said. "Though one must assume that at least part of RSA's generous reference to the role NetWitness played in revealing the nature of its breach was to lead up to this announcement, it cannot be denied that NetWitness is already widely used for just this purpose."

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading Tech Digest, Dec. 19, 2014
Software-defined networking can be a net plus for security. The key: Work with the network team to implement gradually, test as you go, and take the opportunity to overhaul your security strategy.
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2011-1793
Published: 2014-12-25
rendering/svg/RenderSVGResourceFilter.cpp in WebCore in WebKit in Google Chrome before 11.0.696.65 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted SVG document that leads to a "stale pointer."

CVE-2011-1794
Published: 2014-12-25
Integer overflow in the FilterEffect::copyImageBytes function in platform/graphics/filters/FilterEffect.cpp in the SVG filter implementation in WebCore in WebKit in Google Chrome before 11.0.696.65 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified ...

CVE-2011-1795
Published: 2014-12-25
Integer underflow in the HTMLFormElement::removeFormElement function in html/HTMLFormElement.cpp in WebCore in WebKit in Google Chrome before 11.0.696.65 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted HTML document con...

CVE-2011-1796
Published: 2014-12-25
Use-after-free vulnerability in the FrameView::calculateScrollbarModesForLayout function in page/FrameView.cpp in WebCore in WebKit in Google Chrome before 11.0.696.65 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via crafted JavaS...

CVE-2011-1798
Published: 2014-12-25
rendering/svg/RenderSVGText.cpp in WebCore in WebKit in Google Chrome before 11.0.696.65 does not properly perform a cast of an unspecified variable during an attempt to handle a block child, which allows remote attackers to cause a denial of service (application crash) or possibly have unknown othe...

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Join us Wednesday, Dec. 17 at 1 p.m. Eastern Time to hear what employers are really looking for in a chief information security officer -- it may not be what you think.