I’m thrilled to announce that Sophos has acquired Braintrace, an innovator in Network Detection and Response (NDR) technology. Braintrace’s NDR provides deep visibility into network traffic patterns, including encrypted traffic, without the need for Man-in-the-Middle (MitM) decryption.
Braintrace’s NDR technology will enhance and extend Sophos’ Managed Threat Response (MTR), Rapid Response, and Extended Detection and Response (XDR) solutions through integration into the Adaptive Cybersecurity Ecosystem, which underpins all Sophos products and services. With the integration of Braintrace, defenders will benefit from an ‘air traffic control system’ that sees all network activity, reveals unknown and unprotected assets, and exposes evasive malware more reliably than Intrusion Protection Systems (IPS).
We’re particularly excited that Braintrace built this technology specifically to provide better security outcomes to their Managed Detection and Response (MDR) customers. It’s hard to beat the effectiveness of solutions built by teams of skilled practitioners and developers to solve real world cybersecurity problems.
The Braintrace technology will also serve as the launchpad to collect and forward third-party event data from firewalls, proxies, virtual private networks (VPNs), and other sources. These additional layers of visibility and event ingestion will significantly improve threat detection, threat hunting and response to suspicious activity.
Sophos will deploy Braintrace’s NDR technology as a virtual machine, fed from traditional observability points such as a Switched Port Analyzer (SPAN) port or a network Test Access Point (TAP) to inspect both north-south traffic at boundaries or east-west traffic within networks. These deployments help discover threats inside any type of network, including those that remain encrypted, serving as a complement to the decryption capabilities of Sophos Firewall. As a virtual machine, Braintrace’s NDR technology can run both on-premises and in the cloud to protect your network.
The technology’s packet and flow engine feeds a variety of machine learning models trained to detect suspicious or malicious network patterns, such as connections to Command and Control (C2) servers, lateral movement and communications with suspicious domains. Since Braintrace built its NDR technology specifically for predictive, passive monitoring, its engine also provides intelligent network packet capture that IT security administrators and threat hunters can use as supporting evidence during investigations. The novel NDR analysis and prediction technique is patent pending.
“We built Braintrace’s NDR technology from the ground up for detection and now, with Sophos, it will fit into a complete system to provide cross-product detection and response across a multi-vendor ecosystem” said Bret Laughlin, CEO and co-founder, Braintrace.
Sophos plans to introduce Braintrace’s NDR technology for MTR and XDR in the first half of 2022. In the meantime, on behalf of Sophos, I would like to extend a warm welcome to all Braintrace customers, partners and employees.
Source: Sophos