EMC Acquires NetWitness To Investigate Network Security Breaches

EMC on Monday announced the acquisition of NetWitness, a company whose technology monitors computer networks to detect and re-mediate security threats while also automating the process of investigating security incidents. NetWitness will operate as part of EMC's security business, RSA. Coincidentally, the acquisition closed on April 1, the same day RSA disclosed that its own systems were the target of a phishing attack. RSA categorized the event as an Advanced Persistent Threat (APT).

April 6, 2011

2 Min Read
Network Computing logo

NetWitness is used by several Global 1000 companies in fields such as financial services, power and energy, telecommunications and retail as well as government agencies involved in defense, homeland security and law enforcement. According to EMC, security threats that NetWitness defends against include: insider threats; zero-day exploits and targeted malware; advanced persistent threats; fraud; espionage; and data leakage. NetWitness also provides continuous monitoring of critical security controls.

NetWitness is a well respected security analysis and visualization platform, according to Scott Crawford, managing research director at Enterprise Management Associates, an industry research firm. "It has become popular with investigative security professionals that value more than just insight into a more complete context of threat activity," Crawford wrote in a blog post Monday. "It has become a critical aspect of recognizing the extent to which any exploit can succeed."

Other companies competing with NetWitness include Solera Networks, Nicksun and AccessData and interest in them as acquisition targets should increase in the wake of the EMC/NetWitness deal, Crawford said in an interview.

RSA was forced to disclose a breach, which "resulted in certain information being extracted from RSA's systems," wrote Art Coviello, executive chairman of RSA, in a blog post Friday.The attack targeted RSA's SecureID two-factor authentication products, Coviello wrote.While RSA does not believe the breach will result in customers' SecureID protection being subverted, it could weaken SecureID as part of a broader attack. "We do not believe that either customer or employee personally identifiable information was compromised as a result of this incident," Coviello added.

While lauding RSA for its disclosure and for contacting customers to help, EMA's Crawford was critical of RSA for overusing the term "Advanced Persistent Threat" to describe a phishing attack that a company of that stature should know how to prevent. "Such vague terms as 'advanced' and 'persistent' make it possible for us to absolve ourselves for any attacker's not-so-sophisticated successes," he wrote in another Monday blog post about the breach.

NetWitness will become a core element of RSA's Advanced Security Management Solutions by providing real-time visibility into network activity and aiding incident investigations, EMC said. At the RSA Conference 2011 in San Francisco in February, an industry-wide convention hosted by RSA, NetWitness introduced Spectrum, a product that does automated malware analysis. NetWitness is a privately-held company and EMC did not disclose what it paid for the Virginia-based firm.

See more on this topic by subscribing to Network Computing Pro Reports Research: WAN Security (subscription required).

SUBSCRIBE TO OUR NEWSLETTER
Stay informed! Sign up to get expert advice and insight delivered direct to your inbox

You May Also Like


More Insights