The cybercriminals never rest, and at Sophos neither do we. We are constantly on the lookout for exciting and innovative technology to take the fight to the cyber crooks.  This month has been a particularly busy one as Sophos have acquired three separate security vendors to bolster our portfolio of products and services. Let’s take a look at these purchases in more detail.

The first vendor we’ll look at is Capsule8. We are very excited to announce the acquisition of a pioneer and market leader of runtime visibility, detection and response for Linux production servers and containers covering both on-prem and cloud workloads. Driven by the dramatic growth in cloud platforms, Linux has become the dominant operating system for server workloads. Capsule8’s high-performance, low-impact design is ideal for Linux servers, especially those used for high-scale workloads, production infrastructure and storing critical business data.

The Capsule8 technology is being integrated into our Adaptive Cybersecurity Ecosystem (ACE), providing powerful and lightweight Linux server and cloud container security within this open platform. We will also feature Capsule8 technology in our Extended Detection and Response (XDR) solutions, Intercept X server protection products, and Sophos Managed Threat Response (MTR) and Rapid Response services. This will further expand and enhance Sophos’ data lake and deliver continuous, fresh intelligence for advanced threat hunting, security operations and customer protection practices.

Next up we have Braintrace. Their Network Detection and Response (NDR) technology provides deep visibility into network traffic patterns, including encrypted traffic, without the need for Man-in-the-Middle (MitM) decryption. The Braintrace technology will also serve as the launchpad to collect and forward third-party event data from firewalls, proxies, virtual private networks (VPNs), and other sources. These additional layers of visibility and event ingestion will significantly improve threat detection, threat hunting and response to suspicious activity, especially for MTR and XDR customers that do not use Sophos Firewall.

We will deploy Braintrace’s NDR technology as a virtual machine, fed from traditional observability points such as a Switched Port Analyzer (SPAN) port or a network Test Access Point (TAP) to inspect both north-south traffic at boundaries or east-west traffic within networks. These deployments help discover threats inside any type of network, including those that remain encrypted, serving as a complement to the decryption capabilities of Sophos Firewall.

Finally, we have Refractr. Their highly innovative DevSecOps automation platform bridges the gap between DevOps and cybersecurity. Automation not only improves speed, but it also improves consistency, reduces errors, and perhaps most importantly, allows us to better scale the scarce attention of security operations teams everywhere.

The Refactr platform will not only help automate incident response, but effectively anything that has an API. In the months to come, you will see Sophos use this new technology to automate response and recovery playbooks, along with a multitude of IT, security, and DevSecOps processes through playbooks and pipelines that will be created and shared by us, our partners, and our customers. In addition, Refactr will increase the operational efficiency of the MTR team including better scalability and faster response times. The MTR team will utilise Refactr to better automate the handling of incidents, with an emphasis on automating the response to an incident or automating the enrichment of incident data.