Sophos Acquires Braintrace and Plans to Implement Next-Generation Detection and Response (NDR) Technology
Sophos Acquires Braintrace and Plans to Implement Next-Generation Detection and Response (NDR) Technology
Sophos, a global leader in next-generation cybersecurity, today announced the acquisition of Braintrace, adding Braintrace's proprietary Network Detection and Response (NDR) technology to Sophos' Adaptive Cybersecurity Ecosystem.
Braintrace's NDR enables deep visibility into network traffic patterns, including encrypted traffic, without requiring MitM decryption. Braintrace, headquartered in Salt Lake City, Utah, was founded in 2016 and is privately held.
Braintrace's developers, data scientists, and security analysts have joined Sophos' global Managed Threat Response (MTR) and Rapid Response teams as part of the acquisition. Sophos' MTR and Rapid Response service businesses have grown rapidly, establishing Sophos as one of the world's largest and fastest-growing MDR providers, with over 5,000 active customers.
Braintrace's NDR technology will be integrated into the Adaptive Cybersecurity Ecosystem, which underpins all Sophos products and services, to support Sophos' MTR and Rapid Response analysts and Extended Detection and Response (XDR) customers.
Braintrace's technology will also be used to collect and forward event data from third-party firewalls, proxies, virtual private networks (VPNs), and other sources.
These additional layers of visibility and event ingestion will improve threat detection, threat hunting, and response to suspicious activity significantly.
“You cannot protect what you do not know is there, and businesses of all sizes frequently underestimate their on-premises and cloud assets and attack surfaces. Attackers take advantage of this, frequently targeting weakly protected assets as a point of entry. Defenders benefit from a 'air traffic control system' that monitors all network activity, identifies unknown and unprotected assets, and reliably exposes evasive malware, according to Joe Levy, chief technology officer, Sophos.
Sophos will deploy Braintrace's NDR technology as a virtual machine
Sophos will deploy Braintrace's NDR technology as a virtual machine that will be fed by traditional observability points such as a Switched Port Analyzer (SPAN) port or a network Test Access Point (TAP) in order to inspect both north-south traffic at network boundaries and east-west traffic within networks.
These deployments assist in detecting threats inside any type of network, including those that remain encrypted, complementing Sophos Firewall's decryption capabilities.
The packet and flow engines in the technology feed a variety of machine learning models trained to detect suspicious or malicious network patterns, such as connections to Command and Control (C2) servers, lateral movement, and communications with suspicious domains.
Because Braintrace developed its NDR technology specifically for predictive, passive monitoring, its engine also provides intelligent network packet capture that IT security administrators and threat hunters can use to bolster their investigations. The novel technique for analyzing and forecasting NDRs is patent-pending.
According to Gartner, "in contrast to traditional approaches, in which malicious behavior is defined in advance via prebuilt signatures and detection engines inspect traffic for matches, NDR takes a different approach." Rather than inspecting traffic only against a list of known malicious payloads or behaviors, NDR also looks for unknown patterns in network traffic, calculating the probability that the anomaly is malicious.”
Additionally, Gartner notes:
“Many NDR products use machine learning algorithms to detect anomalous traffic that is frequently missed by other detection techniques. Optional automated response capabilities assist incident responders by offloading some of their workload. The threat hunting functionality equips incident responders with critical tools.”
“NDR is critical to threat hunting success. Braintrace's competitive advantage is its proprietary NDR technology, which our MDR analysts used to identify, interrupt, and remediate cyberattacks,” said Bret Laughlin, Braintrace's CEO and co-founder.
NDR technology from Braintrace is critical for defending against cyberattacks today and in the future. Sophos research demonstrates how adversaries change tactics aggressively and frequently in order to avoid detection and carry out their attacks.
Braintrace's technology assists in identifying malicious C2 traffic generated by malware such as ColbaltStrike, BazaLoader, and TrickBot, as well as zero-day exploits that may be used to launch ransomware and other attacks. This visibility enables threat hunters and analysts to anticipate any ransomware attack, including the recent REvil and DarkSide attacks.
In the first half of 2022, Sophos plans to introduce Braintrace's NDR technology for MTR and XDR.