Sophos Buys Braintrace to Boost Its Adaptive Cybersecurity Ecosystem

Listen to the audio version of this news story

Global cybersecurity solutions provider Sophos has acquired Braintrace, which will add Braintrace’s patented Network Detection and Response (NDR) technology to Sophos’ Adaptive Cybersecurity Ecosystem. Without the requirement for Man-in-the-Middle (MitM) decryption, Braintrace’s NDR technology enables comprehensive insight into network traffic patterns, including encrypted data.

Based in Salt Lake City, Utah, Braintrace was founded in 2016 and is a privately held company. The company’s engineers, data scientists, and security analysts have joined Sophos’ worldwide Managed Threat Response (MTR) and Rapid Response teams as part of the acquisition.

Through integration into the Adaptive Cybersecurity Ecosystem, which underlies all Sophos products and services, Braintrace’s NDR technology will help Sophos’ MTR and Rapid Response analysts, as well as Extended Detection and Response (XDR) clients. With over 5,000 active clients, Sophos’ MTR and Rapid Response services business has grown quickly, making it one of the world’s largest and fastest-growing MDR suppliers.

The Braintrace technology will also be used to gather and forward third-party event data from firewalls, proxies, VPNs, and other sources. Threat identification, threat hunting, and reaction to suspicious behavior would all benefit from these extra levels of visibility and event intake.

In the first half of 2022, Sophos aims to release Braintrace’s NDR technology for MTR and XDR.

Virtual Machine

“You can’t protect what you don’t know is there, and businesses of all sizes often miscalculate their assets and attack surface, both on-premises and in the cloud,” said Joe Levy, Chief Technology Officer (CTO) at Sophos. “Attackers take advantage of this, often going after weakly protected assets as a means of initial access. Defenders benefit from an ‘air traffic control system’ that sees all network activity, reveals unknown and unprotected assets, and exposes evasive malware more reliably than Intrusion Protection Systems (IPS). We’re particularly excited that Braintrace built this technology specifically to provide better security outcomes to their Managed Detection and Response (MDR) customers. It’s hard to beat the effectiveness of solutions built by teams of skilled practitioners and developers to solve real world cybersecurity problems.”

Photo Joe Levy, CTO at Sophos
“We’re particularly excited that Braintrace built this technology specifically to provide better security outcomes to their Managed Detection and Response (MDR) customers, said Joe Levy, CTO at Sophos.

Sophos will use Braintrace’s NDR technology as a virtual machine, feeding it data from standard observability points like a Switched Port Analyzer (SPAN) port or a network Test Access Point (TAP), to analyze both north-south and east-west traffic at network boundaries and within networks. These installations aid in the detection of threats within any network, even those that are still encrypted, and provide as a supplement to Sophos Firewall’s decryption capabilities.The packet and flow engine of the technology feeds a range of machine learning models that are taught to detect suspect or harmful network patterns including links to Command and Control (C2) servers, lateral movement, and interactions with questionable domains.

Because Braintrace’s NDR technology was designed particularly for passive, predictive monitoring, its engine also offers intelligent network packet capture, which IT security administrators and threat hunters may utilize as evidence during investigations. A patent application has been filed for the innovative NDR analysis and prediction approach.

“NDR is critical to successful threat hunting. Braintrace’s competitive differentiation is its unique NDR technology that our MDR analysts leveraged for finding, interrupting and remediating cyberattacks,” said Bret Laughlin, CEO and co-founder of Braintrace. “With our own NDR technology, the team responds faster and more accurately because of the real-time, automated visibility and threat verification they have into encrypted traffic. We built Braintrace’s NDR technology from the ground up for detection and now, with Sophos, it will fit into a complete system to provide cross-product detection and response across a multi-vendor ecosystem.”