EMC today announced that it has closed the deal to buy NetWitness, adding a forensics-focused set of tools to its security monitoring arsenal.

NetWitness’ tools, which enable security technicians to collect and analyze detailed information about network events, are frequently used to help automate the incident response process. Those tools will now become part of the family of monitoring applications offered by RSA, the security division of EMC, which also offers security information and event management (SIEM), data leak prevention (DLP), and security data warehousing tools.

Terms of the deal were not announced, but EMC said the transaction "is not expected to have a material impact to revenue or [earnings per share] for the full 2011 fiscal year."

NetWitness has made a name for itself during the past few years as a tool used mostly by line-level technicians for identifying new attacks and malware that have penetrated enterprise defenses. It was one of the first vendors to encourage security professionals to assume that they've already been hacked, rather than to spend all of their time focusing on defending a perimeter.

"The intensity and sophistication of advanced adversaries and zero day malware challenge every organization to rethink traditional approaches to network security," said Tom Heiser, president of RSA, in a statement. "NetWitness has redefined the security landscape, providing a powerful solution for organizations seeking to gain immediate insight, precise clarity, and timely closure in the face of the toughest cyberthreats."

NetWitness will become a core element of RSA’s Advanced Security Management Solutions, providing real-time visibility into network activity and adding efficiency to incident investigations, EMC says.

"By combining the NetWitness network monitoring and analysis technology with RSA’s enVision platform, RSA [DLP] and RSA CyberCrime Intelligence service, security teams can achieve deep insight into the security posture of their organizations," the company said in a statement. "The precise intelligence and visibility that NetWitness provides, coupled with the RSA Archer eGRC platform, enables organizations to apply business context to security information for better identification and prioritization of security risks while improving and streamlining the incident management process."

Analysts and other observers generally offered a favorable view of the merger between RSA and NetWitness.

"With NetWitness, RSA gains a well-reputed security analysis and visualization platform that has become popular with investigative security professionals that value more than just insight into a more complete context of threat activity," says Scott Crawford, an analyst at Enterprise Management Associates, in his blog.

Crawford suggests that the NetWitness technology will partner well with RSA's enVision -- its SIEM product -- as well as its recently acquired Archer Technologies unit, which makes governanance, risk, and compliance (GRC) tools.

"Less obvious, however, may be the opportunity for NetWitness to take advantage of EMC’s Greenplum acquisition for data warehousing," Crawford says. "Security analysis platforms such as NetWitness collect and record significant amounts of fundamental data directly from infrastructure. This volume of raw data collected 'off the wire' can require substantial resources for data management. Greenplum’s support for performance may also be engaged to optimize NetWitness security analytics or data fusion with enVision, Archer, or other resources."

Have a comment on this story? Please click "Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message.