Sophos has purchased MSSP US-based startup Braintrace to get visibility into suspicious network traffic patterns, including encrypted traffic, without the need for man-in-the-middle decryption.
The UK-based platform security vendor said d Braintrace’s technology will serve as the launchpad to collect and forward third-party event data from firewalls, proxies, VPNs and other sources.
These added layers of visibility and event ingestion will significantly improve threat detection, threat hunting and response to suspicious activity, Sophos said.
“You can’t protect what you don’t know is there, and businesses of all sizes often miscalculate their assets and attack surface, both on-premises and in the cloud,” Sophos CTO Joe Levy said in a statement.
“Defenders benefit from an ‘air traffic control system’ that sees all network activity, reveals unknown and unprotected assets, and exposes evasive malware more reliably than intrusion protection systems.”
Terms of the deal were not disclosed, and Sophos executives weren’t immediately available for additional comment. Network detection and response (NDR) company Braintrace was founded in 2016, employs 41 people and has raised $10 million of outside funding, according to LinkedIn and Crunchbase.
“Braintrace’s competitive differentiation is its unique NDR technology that our MDR [managed detection and response] analysts leveraged for finding, interrupting and remediating cyberattacks,” Braintrace CEO Bret Laughlin said.
“With our own NDR technology, the team responds faster and more accurately because of the real-time, automated visibility and threat verification they have into encrypted traffic.”
Sophos said it will deploy Braintrace’s NDR technology to inspect both north-south traffic at network boundaries as well as east-west traffic within networks.
These deployments should help discover threats inside any type of network, including those that remain encrypted, complementing the decryption capabilities of Sophos Firewall, according to the company.
Braintrace’s technology feeds a variety of machine learning models trained to detect suspicious or malicious network patterns, such as connections to Command and Control servers, lateral movement and communications with suspicious domains. The technology was built for passive monitoring, meaning that IT security administrators and threat hunters can use it as evidence during investigations.
As part of the acquisition, Braintrace’s developers, data scientists and security analysts have joined Sophos’ global Managed Threat Response (MTR) and Rapid Response teams, according to the company. Sophos said it plans to introduce Braintrace’s technology for MTR and Extended Detection and Response (XDR) in the first half of 2022.
“We’re particularly excited that Braintrace built this technology specifically to provide better security outcomes to their Managed Detection and Response customers,” Levy wrote in a blog post. “It’s hard to beat the effectiveness of solutions built by teams of skilled practitioners and developers to solve real-world cybersecurity problems.”
The Braintrace deal comes just two weeks after Sophos bought Capsule8 to expand detection and response capabilities for underprotected and underserved server and cloud environments running Linux systems. Linux is the dominant operating system for high-scale on-premises and cloud workloads used for production infrastructure and storing critical business data.
All told, Sophos has made 15 acquisitions since its founding 36 years ago, according to Crunchbase. The publicly traded company was bought by private equity giant Thoma Bravo for $3.9 billion in March 2020.