EMC has bought NetWitness, whose network security analysis and
visualization software is expected to give EMC an edge over other
enterprise vendors, such HP, Cisco, and IBM.
EMC announced the acquisition Monday and said the purchase had been
completed April 1. NetWitness will become a "core element" of EMC's
RSA security management products. EMC acquired security firm RSA in
2006 in becoming a one-stop shop for enterprise information and
content management.
NetWitness recently extended the network security analysis
capabilities in its technology to also include automated malware
analysis, which is important for tracking persistent threats to a
corporate network. The company announced at the 2011 RSA Conference
that it would release in the second quarter a new product called
Spectrum, which provides multiple signature-free methods to
identify advanced and zero-day malware.
"The intensity and sophistication of advanced adversaries and
zero-day malware challenge every organization to rethink
traditional approaches to network security," RSA president Tom
Heiser said in a statement.
Rocky DeStefano, president and chief executive of consulting
firm Decurity, said RSA can use NetWitness to close "some gaping
holes" in current products, and add advanced security analytics
that go beyond what is currently available from other enterprise
vendors, such as HP, Cisco, Symantec, and CA.
"My advice to EMC is very simple," DeStefano said in his blog.
"Let NetWitness run wild. It's a family that can deliver you to
greatness if you allow them to lead the way."
Experts also expect the deal to raise the profile of other
companies offering data-driven security products, such as
AccessData, Niksun, Solera Networks, Fireeye, NitroSecurity,
Mandiant, and Q1Labs. The market is likely to see acquisitions or
partnerships arise as enterprise companies like HP, SourceFire, CA,
Cisco, and IBM look to compete more directly with what EMC will
have, according to DeStafano.
Scott Crawford, analyst for Enterprise Management Associates,
pointed out in his blog that the acquisition followed a recent
high-profile breach of RSA systems, which NetWitness helped
investigate. In March, RSA reported "an extremely sophisticated
cyber attack," called an advanced persistent threat (APT), which
resulted in information being taken from RSA's systems.
Some of the information was related to RSA's SecurID two-factor
authentication products. RSA said the information could potentially
be used to reduce the effectiveness of a SecurID
implementation.
"If there's anything that highlights that [NetWitness'] level of
deep visibility in security has arrived, it's RSA's own recent
breach," Crawford said. "Though one must assume that at least part
of RSA's generous reference to the role NetWitness played in
revealing the nature of its breach was to lead up to this
announcement, it cannot be denied that NetWitness is already widely
used for just this purpose."