Sophos has acquired Braintrace, to further enhance its Adaptive Cybersecurity Ecosystem and up its product teams as Braintrace’s developers, data scientists and security analysts have joined Sophos’ global Managed Threat Response (MTR) and Rapid Response teams.
Braintrace’s proprietary Network Detection and Response (NDR) technology provides deep visibility into network traffic patterns, including encrypted traffic, without the need for Man-in-the-Middle (MitM) decryption.
“The technology enhancement due to this acquisition will help Sophos’ customers in all the markets globally, including Africa, which is one of the important markets for Sophos. Cybercriminals hardly respect international boundaries and we have seen sophisticated cyberattacks like ‘ransomware’ a top concern for African organizations as well. The addition of Braintrace’s NDR technology into Sophos’ adaptive cybersecurity ecosystem, will also help our regional customers to quickly discover and disrupt active adversaries, which is crucial for minimizing the damage of breaches and ransomware attacks,” said Harish Chib, vice president, Middle East and Africa, Sophos.
Sophos will deploy Braintrace’s NDR technology as a virtual machine, fed from traditional observability points such as a Switched Port Analyzer (SPAN) port or a network Test Access Point (TAP) to inspect both north-south traffic at boundaries or east-west traffic within networks. These deployments help discover threats inside any type of network, including those that remain encrypted, serving as a complement to the decryption capabilities of Sophos Firewall. The technology’s packet and flow engines feed a variety of machine learning models trained to detect suspicious or malicious network patterns, such as connections to Command and Control (C2) servers, lateral movement and communications with suspicious domains.
Since Braintrace built its NDR technology specifically for predictive, passive monitoring, its engine also provides intelligent network packet capture that IT security administrators and threat hunters can use as supporting evidence during investigations. The novel NDR analysis and prediction technique is patent pending.
“NDR is critical to successful threat hunting. Braintrace’s competitive differentiation is its unique NDR technology that our MDR analysts leveraged for finding, interrupting and remediating cyberattacks,” said Bret Laughlin, CEO and co-founder of Braintrace. “With our own NDR technology, the team responds faster and more accurately because of the real-time, automated visibility and threat verification they have into encrypted traffic. We built Braintrace’s NDR technology from the ground up for detection and now, with Sophos, it will fit into a complete system to provide cross-product detection and response across a multi-vendor ecosystem.”
Sophos plans to introduce Braintrace’s NDR technology for MTR and XDR in the first half of 2022. Sophos’ MTR and Rapid Response services business has expanded rapidly, establishing Sophos as one of the largest and fastest-growing MDR providers in the world, with more than 5,000 active customers. Braintrace’s NDR technology will support Sophos’ MTR and Rapid Response analysts and Extended Detection and Response (XDR) customers through integration into the Adaptive Cybersecurity Ecosystem, which underpins all Sophos products and services.