Building The New EMC, One Acquisition At A Time

EMC's acquisition this week of security vendor Network Intelligence, and its June acquisition of RSA, are part of a strategy to bring security into everything EMC produces, but not at bringing the company into the perimeter security business.

That's the word from Dennis Hoffman, vice president of information security at EMC, who in a conversation with CRN discussed how EMC will integrate the two companies into his organization and how EMC will bring their technologies into its other products.

EMC this week acquired Network Intelligence, Westwood, Mass., for $175 million. Network Intelligence offers tools which capture data from the network, security, host, application and storage layers of an enterprise. The tools then transform that data into reports for compliance, security forensics and auditing purposes. The acquisition follows closely on the heels of EMC's $2.1 billion acquisition in June of RSA Security. That acquisition formally closed on Monday.

With the close of the two acquisitions, EMC also unveiled the formation of its new information security division. The division, headquartered in RSA's Bedford, Mass. headquarters, is led by Art Coviello, the former CEO of RSA who now serves an executive vice president of EMC and president of RSA.

Hoffman was tapped by EMC Chairman, President and CEO Joe Tucci in August of 2005 to help put together the company's information security strategy. He said EMC divides the security market into two buckets: perimeter-centric security, which focuses on technologies such as firewalls and anti-virus, and information-centric security, which focuses on ways to protect a business' data.

All the big security players except RSA are in the perimeter-centric security market, a market that EMC has no intention of entering, Hoffman said. "That's not where the primary battle is," he said. "It's important. But we have a lot of partners on that side like Microsoft and Cisco."

Hoffman also notes that many of the CEOs and other executives he's spoken with say they're OK with their perimeter security, so there is little need or opportunity for EMC to focus on the space.

When planning on how to beef up its presence in the information-centric security space, EMC evaluated dozens of security companies before deciding on RSA. RSA was an anomaly in that it was the one large vendor in a pool of small companies and startups in the market.

Interestingly, RSA's size did not factor into EMC's decision to purchase it. Instead, Hoffman said RSA has the best business platform, including a brand name and a yearly conference that will bring name-brand recognition to EMC's move into this space. "This is important," he said. "I spend a lot of time in front of [chief security officers] who say EMC who?"

The other reason behind the RSA acquisition is its technology platform, including its experience in areas such as ID management. "Those technologies have moved from a monolithic platform to a modular security platform that can be applied to EMC storage, VMware and so on," he said.

On the technology side, RSA also has a services-oriented architecture (SOA) that is open to bringing in technology from other vendors which customers use, Hoffman said. "We want to keep this open for our sales needs and for customer needs."

Hoffman contrasted EMC's approach to security, which is to look for one or two companies that best fit its market and technology needs, to that of Symantec. "They buy a lot of companies and knit them together," he said. "That approach just doesn't work. EMC is too big and can never move like a startup again."

While Network Intelligence is a much smaller company than RSA, and smaller than its rival ArcSight, Cupertino, Calif., it still fit EMC's needs for a market leader, Hoffman said.

Network Intelligence plays in three areas of the security industry, he said. The first is log management, a space where the leader is another company, LogLogic, San Jose, Calif., Hoffman said.

Next: More on Network Intelligence's strengths, and how EMC will deal with direct-indirect sales conflicts

The second is event management, or the real-time processing of data for security purposes. "ArcSight is the leader," Hoffman said. "There are lots of others in this space, too. Names you've never heard of."

The third is security information management, which includes the reporting and forensic analysis of where security problems occur. Network Intelligence is the leader here, Hoffman said.

Network Intelligence is the key player here because it is involved in all three areas, Hoffman said. The fact that competitor ArcSight leads the event management space is not a concern, he said, because EMC already has technology in that space thanks to its February, 2005 acquisition of Smarts.

EMC's new security division, which incorporates the RSA and Network Intelligence acquisitions, is organized as a stand-alone division. Almost every employee from the two original companies joined the new division, Hoffman said.

It is organized into four business units. Three of the four units, namely identity assurance and access management, consumer-facing identity and fraud detection, and data security, come from RSA. The data security unit includes RSA's BSAFE-branded data encryption technology and RSA Key Manager (RKM). The fourth business unit is Network Intelligence.

Over time, the security division will have its own specialized sales force, with each business unit having its own sales specialists.

On the channel side, Network Intelligence has traditionally been a channel-friendly company, and EMC will work with its channel partners, Hoffman said.

EMC is also working to ensure that EMC's own direct and indirect sales channels do not interfere with its new acquisitions' sales efforts. There is little synergy between RSA's SecurWorld and EMC's Velocity channel programs. To protect and grow RSA's channel, and to not subject it to EMC cannibalization, EMC plans to keep the two separate.

"EMC's direct sales can't quote RSA products, but RSA is part of their quota," he said. "If an EMC sales rep stumbles onto a potential RSA deal, he can't generate a quote. But he can link with a group of RSA sales reps who can then engage the appropriate partner."

Going forward, EMC will move to integrate technology from its new security acquisitions into the rest of the company's product line, including its storage and content management products, Hoffman said.

The company already has integrated RSA's encryption and key management technologies into its Documentum offerings. The Legato NetWorker and Retrospect data protection software currently use non-RSA encryption technology. "It's a safe bet they will eventually use RSA," Hoffman said. "But encryption is a commodity. The key management is the most important technology."

That encryption key management technology will eventually become a part of every EMC product for which encryption is appropriate, Hoffman said. "RKM is extremely broad," he said. "It will work with a wide range of devices, not just storage or databases."

For instance, Hoffman said that every EMC storage product needs to authenticate the administrators and the junior administrators to protect the data within. One of the ways to protect the storage array is to challenge an administrator with something stronger than a password, such as RSA's identity management technology. Also, he said that junior administrators often need different views of the data based on their restrictions. And every storage platform needs to have a way to manage and audit its logs.

As a result, Hoffman said, EMC's security division will be very busy in terms of integrating with the rest of EMC. "If our division is not the most integrated division in the company within 15 months, we've made a big mistake," he said.