• Friday, March 29, 2024
businessday logo

BusinessDay

Sophos to expand cyber threat detection with acquisition of Braintrace

Cyberthreat in Nigeria declined by 10% in 2023 — Kaspersky

Sophos, backed by private equity firm Thoma Bravo said it has acquired Braintrace, a cybersecurity startup to strengthen and expand its response to growing threats on corporations’ networks.

The deal which is undisclosed will see Sophos utilising Braintrace technology to collect and forward third-party event data from firewalls, proxies, virtual private networks (VPNs), and other sources to improve threat detection, hunting, and response.

Founded in 2016, Braintrace created a network detection and response (NDR) solution that enables organisations to easily inspect network traffic to identify and filter out suspicious activity. The technology uses remote network packet capture (RNCAP) technology, which provides visibility into network traffic patterns, including encrypted traffic, without the need for man-in-the-middle decryption.

“You can’t protect what you don’t know is there, and businesses of all sizes often miscalculate their assets and attach surfaces, both on-premises and in the cloud,” said Joe Levy, chief technology officer, Sophos. Attackers take advantage of this, often going after weakly protected assets as a means of initial access. Defenders benefit from an ‘air traffic control system’ that sees all network activity, reveals unknown and unprotected assets, and exposes evasive malware more reliably than intrusion protection systems (IPS).”

Read also: Cyber risks: Identity protection gets a boost with launch of YouID App

For him, it is hard to beat the effectiveness of Braintrace solutions built by teams of skilled practitioners and developers to solve real-world cybersecurity problems.

The acquisition will see Braintrace’s developers, data scientists, and security analysts join Sophos’s global Manager Threat Response (MTR) and Rapid Response teams. Sophos’ MTR and Rapid Response services business has more than 5,000 active customers and it keeps expanding.

The MTR and Rapid Response analysts, and Extended Detection and Response (XDR) plan to utilise Braintrace NDR technology to support customers through integration into the adaptive cybersecurity ecosystem, which underpins all Sophos products and services. The additional layers of visibility and event ingestion are expected to significantly improve threat detection, hunting, and response to suspicious activity.

Sophos will deploy Brantrace’s NDR technology as a virtual machine, fed from traditional observability points such as Switched Port Analyzer (SPAN) port or network Test Access Point (TAP) to inspect both north-south traffic at boundaries or east traffic within networks.

“NDR is critical to successful threat hunting. Braintrace’s competitive differentiation is its unique NDR technology that our MDR analysts leveraged for finding, interrupting, and remediating cyberattacks,” said Bret Laughlin, CEO and co-founder of Braintrace. “With our own NDR technology, the team responds faster and more accurately because of the real-time, automated visibility and threat verification they have into encrypted traffic. We built Braintrace’s NDR technology from the ground up for detection and now, with Sophos, it will fit into a complete system to provide cross-product detection and response across a multi-vendor ecosystem.”

Braintrace’s NDR technology is a key component for defending against cyberattacks today and in the future. Sophos research demonstrates how adversaries aggressively and constantly change tactics to evade detection and execute their attacks. Braintrace’s technology helps uncover malicious C2 traffic from malware, such as ColbaltStrike, BazaLoader, and TrickBot, as well as zero-days, that could lead to ransomware and other attacks. This visibility allows threat hunters and analysts to pre-empt any potential ransomware attack, including recent strikes by REvil and DarkSide.

Sophos plans to introduce Braintrace’s NDR technology for MTR and XDR in the first half of 2022.