Sophos has acquired Braintrace further enhancing Sophos’ Adaptive Cybersecurity Ecosystem with Braintrace’s proprietary Network Detection and Response (NDR) technology. Without the requirement for Man-in-the-Middle (MitM) decryption, Braintrace’s NDR enables comprehensive visibility into network traffic patterns, including encrypted communication. Braintrace, based in Salt Lake City, Utah, was founded in 2016 and is a privately held company. Braintrace’s developers, data scientists, and security analysts have joined Sophos’ global Managed Threat Response (MTR) and Rapid Response teams as part of the acquisition. Through integration into the Adaptive Cybersecurity Ecosystem, which underpins all Sophos products and services, Braintrace’s NDR technology will help Sophos’ MTR and Rapid Response analysts, as well as Extended Detection and Response (XDR) customers. Third Party event data from firewalls, proxies, VPNs, and other sources will be collected and forwarded using Braintrace’s technology. Threat identification, threat hunting, and responding to suspicious activity will all benefit from these additional layers of visibility and event ingestion.
Sophos will deploy Braintrace’s NDR technology as a virtual machine, fed from traditional observability points such as a Switched Port Analyzer (SPAN) port or a network Test Access Point (TAP) to inspect both north-south traffic at boundaries or east-west traffic within networks. These deployments help discover threats inside any type of network, including those that remain encrypted, serving as a complement to the decryption capabilities of Sophos Firewall. The technology’s packet and flow engine feed a variety of machine learning models trained to detect suspicious or malicious network patterns, such as connections to Command and Control (C2) servers, lateral movement and communications with suspicious domains. Since Braintrace built its NDR technology specifically for predictive, passive monitoring, its engine also provides intelligent network packet capture that IT security administrators and threat hunters can use as supporting evidence during investigations. The novel NDR analysis and prediction technique is patent pending.