Sophos, today announced that it has acquired Braintrace, further enhancing Sophos’ Adaptive Cybersecurity Ecosystem with Braintrace’s proprietary Network Detection and Response (NDR) technology.
Braintrace’s NDR provides deep visibility into network traffic patterns, including encrypted traffic, without the need for Man-in-the-Middle (MitM) decryption. Located in Salt Lake City, Utah, Braintrace launched in 2016 and is privately held.
As part of the acquisition, Braintrace’s developers, data scientists and security analysts have joined Sophos’ global Managed Threat Response (MTR) and Rapid Response teams. Sophos’ MTR and Rapid Response services business has expanded rapidly, establishing Sophos as one of the largest and fastest-growing MDR providers in the world, with more than 5,000 active customers.
Braintrace’s NDR technology will support Sophos’ MTR and Rapid Response analysts and Extended Detection and Response (XDR) customers through integration into the Adaptive Cybersecurity Ecosystem, which underpins all Sophos products and services.
The Braintrace technology will also serve as the launchpad to collect and forward third-party event data from firewalls, proxies, virtual private networks (VPNs), and other sources. These additional layers of visibility and event ingestion will significantly improve threat detection, threat hunting and response to suspicious activity.
Joe Levy, chief technology officer, Sophos said “We’re particularly excited that Braintrace built this technology specifically to provide better security outcomes to their Managed Detection and Response (MDR) customers. It’s hard to beat the effectiveness of solutions built by teams of skilled practitioners and developers to solve real world cyber security problems.”
Sophos will deploy Braintrace’s NDR technology as a virtual machine, fed from traditional observability points such as a Switched Port Analyzer (SPAN) port or a network Test Access Point (TAP) to inspect both north-south traffic at boundaries or east-west traffic within networks. These deployments help discover threats inside any type of network, including those that remain encrypted, serving as a complement to the decryption capabilities of Sophos Firewall.
Bret Laughlin, CEO and co-founder of Braintrace said “With our own NDR technology, the team responds faster and more accurately because of the real-time, automated visibility and threat verification they have into encrypted traffic. We built Braintrace’s NDR technology from the ground up for detection and now, with Sophos, it will fit into a complete system to provide cross-product detection and response across a multi-vendor ecosystem.”
Braintrace’s NDR technology is a key component for defending against cyberattacks today and in the future. Sophos research demonstrates how adversaries aggressively and constantly change tactics to evade detection and execute their attacks. Braintrace’s technology helps uncover malicious C2 traffic from malware, such as ColbaltStrike, BazaLoader and TrickBot, as well as zero-days, that could lead to ransomware and other attacks.
This visibility allows threat hunters and analysts to pre-empt any potential ransomware attack, including recent strikes by REvil and DarkSide. Sophos plans to introduce Braintrace’s NDR technology for MTR and XDR in the first half of 2022.
(Image Courtesy: www.channeldrive.in)