Itself a customer, EMC buys NetWitness for network analysis
EMC has acquired NetWitness, a fast-growing network monitoring and analysis firm that caters to a slew of Fortune 100 and government customers.
Terms of the deal, announced Monday, were not released, though analyst firm The 451 Group estimated the price tag to be around $500 million.
Producing solutions that have been called the "TiVo for the network," NetWitness launched in November 2006 under the leadership of Amit Yoran, former director of the National Cyber Security Division at the Department of Homeland Security.
The company reported earlier this year that its customer base grew by 60 percent in 2010, largely because its technology helps detect some of the most advanced network threats, which typically are designed to sniff out coveted intellectual property. These types of attacks gained significant notoriety last year.
"The intensity and sophistication of advanced adversaries and zero-day malware challenge every organization to rethink traditional approaches to network security,” said Tom Heiser, president of RSA, the security arm of EMC. “NetWitness has redefined the security landscape, providing a powerful solution for organizations seeking to gain immediate insight, precise clarity, and timely closure in the face of the toughest cyberthreats."
The NetWitness offerings will integrate with RSA's security management portfolio, which includes its enVision security information and event management (SIEM) platform, its Data Loss Prevention Suite and its Cybercrime Intelligence service, according to EMC.
"It's a direct synergy," Joshua Corman, research director at The 451 Group, told SCMagazineUS.com on Monday.
He said the acquisition could boost innovation within the IT security space, considering NetWitness products enabled customers to go above and beyond traditional check-box compliance.
"NetWitness is one of those very capable technologies that has helped the elite fight off elite attackers," Corman said. "It has a more complete record of what happens on the network than more specific anti-threat technologies have. As a post-mortem device, you know where something happens and it can help you see someone moving through your network laterally."