Sophos acquires Braintrace to strengthen its adaptive cybersecurity ecosystem

Sophos has acquired Braintrace further enhancing Sophos’ adaptive cybersecurity ecosystem with Braintrace’s network detection and response (NDR) technology. Without the requirement for man-in-the-middle decryption, Braintrace’s NDR enables comprehensive visibility into network traffic patterns, including encrypted communication. Braintrace, based in Salt Lake City, Utah, was founded in 2016 and is a privately held company.

Braintrace’s developers, data scientists, and security analysts have joined Sophos’ global Managed Threat Response (MTR) and Rapid Response teams as part of the acquisition.

Through integration into the Adaptive Cybersecurity Ecosystem, which underpins all Sophos products and services, Braintrace’s NDR technology will help Sophos’ MTR and Rapid Response analysts, as well as Extended Detection and Response (XDR) customers. Third Party event data from firewalls, proxies, VPNs, and other sources will be collected and forwarded using Braintrace’s technology. Threat identification, threat hunting, and responding to suspicious activity will all benefit from these additional layers of visibility and event ingestion.

“We’re particularly excited that Braintrace built this technology specifically to provide better security outcomes to their Managed Detection and Response (MDR) customers. It’s hard to beat the effectiveness of solutions built by teams of skilled practitioners and developers to solve real world cybersecurity problems,” said Joe Levy, chief technology officer, Sophos.

Read: A quarter of firms in MEA face dire cybersecurity skills gap

Sophos will deploy Braintrace’s NDR technology as a virtual machine, fed from traditional observability points such as a Switched Port Analyzer (SPAN) port or a network Test Access Point (TAP) to inspect both north-south traffic at boundaries or east-west traffic within networks. These deployments help discover threats inside any type of network, including those that remain encrypted, serving as a complement to the decryption capabilities of Sophos Firewall. The technology’s packet and flow engine feed a variety of machine learning models trained to detect suspicious or malicious network patterns, such as connections to Command and Control (C2) servers, lateral movement and communications with suspicious domains. Since Braintrace built its NDR technology specifically for predictive, passive monitoring, its engine also provides intelligent network packet capture that IT security administrators and threat hunters can use as supporting evidence during investigations. The novel NDR analysis and prediction technique is patent pending.

“With our own NDR technology, the team responds faster and more accurately because of the real-time, automated visibility and threat verification they have into encrypted traffic. We built Braintrace’s NDR technology from the ground up for detection and now, with Sophos, it will fit into a complete system to provide cross-product detection and response across a multi-vendor ecosystem,” said Bret Laughlin, CEO and co-founder of Braintrace.

According to Sophos survey – Cybersecurity: The Human Challenge, in the Middle East and Africa, 11 per cent of IT managers said they feel significantly behind when it comes to understanding cyberthreats. It also stated that the security managers spent 44 per cent of their time focused on threat prevention while spending only 27 per cent of the time on response.