What NetWitness brings to the RSA table

EMC Corp.’s acquisition of NetWitness Corp., officially announced yesterday, gives EMC and its RSA security division new network visibility and analysis capabilities that can help detect increasingly sophisticated attacks.

Privately-held NetWitness, a provider of network security analysis solutions, will operate as a part of RSA. NetWitness’ technologies are designed to provide organizations with precise network visibility, allowing them to detect and remediate advanced threats while automating the incident investigation process.

Companies have deployed NetWitness products to solve information security problems including insider threats, zero-day attacks and targeted malware, advanced persistent threats, espionage, data leakage, and continuous monitoring of critical security controls.

NetWitness’ network security analysis capabilities will extend RSA’s solutions for managing security risk and compliance across both physical and virtual environments, according to Tom Heiser, president of RSA.

The acquired company will become a core element of RSA’s Advanced Security Management Solutions, providing real-time visibility into network activity. Organizations will be able to combine the NetWitness network monitoring and analysis technology with RSA’s enVision platform, Data Loss Prevention Suite and CyberCrime Intelligence service.

Joshua Corman, research director, Enterprise Security Practice at The 451 Group, says the technology provided by NetWitness would not have stopped the recent security breach against RSA — the technology doesn’t actually block attacks — but it would help companies experiencing such attacks to detect and analyze them early on and then notify law enforcement of the activity.

“The value proposition NetWitness brings is you can increase your situational awareness either before or during an event,” Corman says. “I’m very happy to see this acquisition because it validates a very important class of technology that’s not gotten much investment.”