Alert fatigue and lack of visibility still plague security teams worldwide. Coupled with the constantly changing cyberthreats and a challenging talent landscape, defenders need new and innovative products and services that can help them solve more complex incidents in less time.
For many defenders, however, the complexity and cost of traditional security solutions act as barriers to adoption. Sophos has acquired SOC.OS, a cloud-based security alert investigation and triage automation solution firm to consolidate and prioritize high volumes of security alerts from multiple products and platforms. The deal will allow Sophos’ security operations teams to quickly understand and respond to the most urgent cases flagged.
According to Dave Mareels, chief executive officer and co-founder, SOC.OS, “ By joining forces with Sophos, we can address these challenges together, head on. The sum is greater than our parts, and by combining our capabilities, we’re positioned to offer truly unique, cost effective and highly accessible products and services to those who need it most, on a global scale.”
Sophos, a channel-oriented company with operations in Kenya and across the world and SOC.OS will combine efforts to protect all kinds of organizations from cybercrime through their next generation solutions and services. Since ransomware attacks don’t respect any boundaries, Kenya is not an exception. Ransomware continues to be one of the biggest cybersecurity concerns and these attacks are evolving all the time. According to the recently published Sophos 2022 Threat Report, the evolution of ransomware attacks has become more service-based and targeted, attackers are turning to additional extortion methods, such as stealing data and threatening to publish or sell this data to aggressive calling employees, putting pressure on their victims to pay.
Sophos researchers predict that in one year, a greater proportion of ransomware attacks will be based on ransomware-as-a-service (RaaS) offerings, with specialist ransomware developers focused on creating and then leasing their malicious code and infrastructure to third-party affiliates. Some of the most high-profile ransomware attacks of 2021 involved RaaS, such as the attack on Colonial Pipeline in the US. Ransomware operators can then turn to other cybercriminal services to buy access to hacked victims or use malware delivery platforms to find and target potential victims. These platforms also deliver commodity malware, adware or spam, threats that are less dangerous and disruptive.
With SOC.OS, Sophos plans to advance its Managed Threat Response (MTR) and Extended Detection and Response (XDR) solutions for organizations of all sizes. SOC.OS will also help Sophos expand its Adaptive Cybersecurity Ecosystem, which underpins all of Sophos’ security solutions. This will include providing alerts and events from third-party endpoint, server, firewall, Identity and Access Management (IAM), cloud workload, email, and mobile security products.
With the innovative technology from SOC.OS, Sophos will seamlessly integrate Sophos’ MTR and XDR solutions within their current set of security and IT solutions. Sophos MTR is one of the largest Managed Detection and Response (MDR) operations in the world, delivering superior security outcomes through an MTR service with more than 8,000 customers.
“SOC.OS will also provide our Adaptive Cybersecurity Ecosystem with a broader set of third-party telemetry, so security analysts have better visibility into important events and alerts. SOC.OS has an impressive list of integrations that will benefit Sophos customers as we continue to expand and develop industry-leading XDR and MDR capabilities. We’re very excited to bring the team and technology from SOC.OS onboard,” according to Joe Levy, chief technology and product officer, Sophos.
SOC.OS launched in 2020 and is a spinout of BAE Systems Digital Intelligence. The company is privately held and based in Milton Keynes, U.K.