EMC Acquires Security Automation Vendor NetWitness

The timing of the acquisition is uncanny; EMC and RSA could have used this extra protection against a major hacker assault in March.

Rumors that circulated recently about EMC buying another data security-related company turned out to be true after all.

The storage and data security giant announced April 4 that it has acquired Virginia-based NetWitness, a provider of network security monitoring and analysis software, and had closed the deal on April 1. Terms of the transaction were not disclosed.

NetWitness will operate as a part of RSA, the security division of EMC. The transaction is not expected to have a material impact to revenue or EPS for the full 2011 fiscal year, EMC said.

eWEEK and other publications had been tipped off on March 24 in emails about the impending deal, but nothing factual was made available for publication at that time.

NetWitness provides what it describes as "pervasive" network visibility with its networking monitoring package. This enables security teams to detect and remediate advanced threats in real time as the automated software handles the background investigation process.

Timing of Deal Uncanny

The timing of this acquisition is uncanny; EMC and RSA could have used this extra protection against a major hacker assault in March.

Only three weeks ago, on March 17, RSA revealed that it had been hit by an "extremely sophisticated" attack and that information related to its SecurID two-factor authentication products had been stolen.

Intruders succeeded in breaching RSA networks recently as part of an Advanced Persistent Threat attack, RSA Chairman Art Coviello wrote in an open letter to customers on the division Website on March 17. Attackers stole information specific to RSA's SecurID two-factor authentication products, Coviello said.

Coviello on April 1 told security analysts in a conference call that the attack that breached RSA's defenses appears to have begun as a phishing attack. RSA on April 4 was still in the midst of its investigation.

"With NetWitness, RSA gains a well-reputed security analysis and visualization platform that has become popular with investigative security professionals who value more than just insight into a more complete context of threat activity," EMA security analyst Scott Crawford wrote in his blog.

"Adding to NetWitness's edge in its space are the company's impressive analytic and visualization capabilities, which have recently expanded with malware analysis and insight that better informs security management."

Becomes Core Element in New Security Package

NetWitness' frontline product will become a core element of RSA's Advanced Security Management Solutions by providing real-time visibility into network activity and adding efficiency to incident investigations and workflow, EMC said.

Last month at the RSA 2011 Conference in San Francisco, NetWitness unveiled Spectrum, a new product that replicates the knowledge, process and workflow of malware analysts. When informed by data collected through RSA's FraudAction and CyberCrime Intelligence services, Spectrum can perform a key role in addressing evolving threats.

RCA will combine the NetWitness network monitoring and analysis package with its own enVision platform, RSA Data Loss Prevention Suite and RSA CyberCrime Intelligence service to provide more options for users.

Chris Preimesberger

Chris J. Preimesberger

Chris J. Preimesberger is Editor-in-Chief of eWEEK and responsible for all the publication's coverage. In his 15 years and more than 4,000 articles at eWEEK, he has distinguished himself in reporting...