Sophos Acquires Refactr to Boost Managed Threat Response, EDR

Sophos is buying Refactr, a Bellevue, Washington-based company that develops and markets a DevSecOps automation platform. The platform aims to bridge the gap between DevOps and cybersecurity.

DevOps and security teams across the board are adopting “IT-as-code” approaches to manage their environments. DevSecOps is a modern process methodology typically applied to software development. Refactr says its ability to automate these processes enables teams to scale. 

IT-as-Code

Refactr’s Michael Fraser

“The mission of bridging the gap between DevOps and cybersecurity is to go beyond pure software development, eliminating silos between DevOps and cybersecurity teams and to move security further left through automation as everything becomes IT-as-code,” said Michael Fraser, CEO and co-founder, Refactr. “To bridge this gap, a complete cultural shift is required where DevOps and cybersecurity teams work together on one platform to collaboratively build DevSecOps solutions.

Fraser said to achieve this collaboration, the Refactr platform has features that cater to the user experience that DevOps wants. It builds things programmatically and supports open source tools these teams already use.

“And for cybersecurity teams there are visual features like the drag-and-drop pipeline builder,” Fraser added. This is where “they can build integrations into cybersecurity products they already support.” 

Sophos is optimizing Refactr’s DevSecOps automation platform. The idea is to add Security Orchestration Automation and Response (SOAR) capabilities to its Managed Threat Response (MTR) and Extended Detection and Response (XDR) solutions. The SOAR capabilities will also aid in automating Sophos’ Adaptive Cybersecurity Ecosystem. That’s the root for all of Sophos’ product solutions, services, threat intelligence and data lake.

State of the Security Tech Market

According to Gartner, “the security technology market, in general, is in a state of overload, with pressure on budgets, staff shortages and too many point solutions. Customers often cite problems with an overload of events or alerts, complexity and duplication of tools. As a general practice, automation promises to solve many of these problems and, in cybersecurity, SOAR is the primary vehicle for this functionality.”

Gartner further notes that “proposed use cases for SOAR include everything from the automation of rote SOC tasks to the streamlining of niche and complex workflows. With appropriate preparation, the commitment of the right skills and resources, and careful use-case-centric planning, SOAR can deliver on the promises of reduced event overload, increased detection accuracy, team scalability, reduced time to detection and overall better security operations.”

It is well-known by now that early detection and response through automation can help minimize attacks. It can also drastically improve security against bad actors who are constantly looking for points of entry and launching these attacks. A good thing for the channel? We’d say so.

Good News for the Channel

Joe Levy is Sophos’ chief technology officer.

Sophos’ Joe Levy

“Sophos’ acquisition of Refactr positively impacts the channel in several ways,” Levy told Channel Futures. “While first-generation SOAR solutions have moved our industry forward in significant ways, we’re now witnessing an evolution where businesses are becoming software companies, and security solutions need to evolve in parallel. As we’ve seen in recent supply-chain incidents, attackers are increasingly targeting software development pipelines, and defenders need the ability to shift further left of attackers. The industry needs SOAR to mature into more capable and generalizable DevSecOps solutions, and Sophos’ acquisition of Refactr will help us lead the way.” 

With the acquisition, Levy said, Sophos can fast-track the integration of advanced SOAR capabilities into its Adaptive Cybersecurity Ecosystem. That’s the basis for its MTR service and XDR product. 

“We expect this will significantly increase the adoption of XDR technology, which directly benefits the channel,” said Levy. “We will also provide a full spectrum of automated playbooks for our customers and partners, from drag-and-drop to fully programmable, along with broad integrations with third-party solutions through our technology alliances program to work with today’s diverse IT environments.”

Automation, My Dear Watson

The Refactr acquisition also provides a platform to help partners automate many of their processes, increasing efficiencies and reducing errors. Additionally, it will lay the foundation for partners to offer their own SOC services to their customers directly. This last piece is a longer-term vision. But it’s important for partners to know the potential of SOAR to improve their security offerings. Also, security innovation must evolve as fast as cyberattackers do — an essential business strategy.

Sophos will continue to develop and offer Refactr’s platform to new and existing partner. These are companies that will want customized IT and security automations for themselves and their customers. Again, bringing in the IT-as-code element. Refactr’s Community Edition will continue to be available as well.