Sophos buys NDR technology provider Braintrace

Sophos, a leading cybersecurity solutions provider, announced the acquisition of Braintrace, for an undisclosed sum.
Sophos at IT event
The acquisition of Braintrace is aimed at enhancing Sophos’ Adaptive Cybersecurity Ecosystem with Braintrace’s proprietary Network Detection and Response (NDR) technology. Braintrace’s NDR provides visibility into network traffic patterns, including encrypted traffic, without the need for Man-in-the-Middle (MitM) decryption.

Sophos plans to introduce Braintrace’s NDR technology for MTR and XDR in the first half of 2022.

Located in Salt Lake City, Utah, Braintrace launched in 2016 and is privately held.

Braintrace’s developers, data scientists and security analysts have joined Sophos’ Managed Threat Response (MTR) and Rapid Response teams. Sophos’ MTR and Rapid Response services business has established Sophos as one of the largest and fastest-growing MDR providers in the world, with more than 5,000 active customers.

Braintrace’s NDR technology will support Sophos’ MTR and Rapid Response analysts and Extended Detection and Response (XDR) customers through integration into the Adaptive Cybersecurity Ecosystem, which underpins all Sophos products and services.

The Braintrace technology will also serve as the launchpad to collect and forward third-party event data from firewalls, proxies, virtual private networks (VPNs), and other sources. These additional layers of visibility and event ingestion will significantly improve threat detection, threat hunting and response to suspicious activity.

Joe Levy, chief technology officer of Sophos, said: “We’re excited that Braintrace built this technology specifically to provide better security outcomes to their Managed Detection and Response (MDR) customers.”

Sophos will deploy Braintrace’s NDR technology as a virtual machine, fed from traditional observability points such as a Switched Port Analyzer (SPAN) port or a network Test Access Point (TAP) to inspect both north-south traffic at boundaries or east-west traffic within networks.

“Braintrace’s competitive differentiation is its unique NDR technology that our MDR analysts leveraged for finding, interrupting and remediating cyberattacks,” said Bret Laughlin, CEO and co-founder of Braintrace.

Braintrace’s technology helps uncover C2 traffic from malware, such as ColbaltStrike, BazaLoader and TrickBot, as well as zero-days, that could lead to ransomware and other attacks. This visibility allows threat hunters and analysts to pre-empt any potential ransomware attack, including recent strikes by REvil and DarkSide.