Industry rumor is building this week that RSA, the security division of EMC, is poised to acquire NetWitness, a privately-held company whose flagship product is used by U.S. government agencies and in the enterprise to detect and analyze security threats.
"No comment," say both RSA and NetWitness about any such deal, but several sources say the buzz about a potential acquisition is getting attention in several quarters.
"It makes sense from a product point of view," says Robert Breza, managing director at RBC Capital Markets, who predicts there's likely to be a public announcement about RSA acquiring NetWitness by the next quarter.
MERGER RECAP: Top tech M&A deals of 2011 - so far
Industry watchers note that RSA could strengthen its security information and event management (SIEM) product enVision by acquiring NetWitness, which was founded in 2006.
While not commenting directly on any deal, Jon Oltsik, principal analyst at Enterprise Strategy Group, says that in terms of product, NetWitness with its NextGen monitoring offering would give RSA with its enVision security information and event management (SIEM) offering "an additional source of network activity" and '"another angle on analysis."
And competitors waiting to see if the RSA/NetWitness deal happens seem to agree.
The traditional log-based SIEM that RSA has with enVision would get more "telemetry, forensics and anomaly detection," says Tom Turner, senior vice president of marketing at Q1 Labs, noting that's why Q1 Labs years ago integrated those kinds of functions into its own SIEM.
RSA and NetWitness are hardly strangers. Last July, NetWitness joined the RSA Secured Partner Program and the two announced a level of interoperability between their products.