Sophos Gains NDR with Braintrace Acquisition, Microsoft Buys CloudKnox

On the heels of buying Capsule8, Sophos’ latest acquisition is Braintrace, a provider of network detection and response (NDR) technology.

Braintrace’s proprietary NDR will further enhance Sophos’ Adaptive Cybersecurity Ecosystem (ACE). Braintrace’s NDR provides visibility into network traffic patterns, including encrypted traffic. It does so without the need for man-in-the-middle (MitM) decryption.

Braintrace launched in 2016 and is privately held. Sophos isn’t saying how much it’s paying for Braintrace.

Joe Levy is Sophos’ CTO.

Sophos’ Joe Levy

“First and foremost, Sophos’ acquisition of Braintrace will mean better security outcomes for our customers,” he said. “With Braintrace’s NDR innovations, we’ll produce new, powerful insights to strengthen all of our services and products within the Sophos ACE, which we launched in April and partners are already leveraging.”

The Sophos ACE underpins all of the company’s products and services, Levy said. Braintrace’s NDR technology will also fold in and interoperate, providing even more intelligence that will help preempt and defend against attacks.

“We’re also building a solution to collect third-party event data, including firewalls and other sources from other vendors,” he said. “Sophos partners will benefit from these advancements.”

Sophos partners will be able to engage new prospects and upsell existing customers with even better detection and response capabilities.

Cybersecurity Market Advantage

As part of the acquisition, Braintrace’s developers, data scientists and security analysts have joined Sophos’ global managed threat response (MTR) and rapid response teams. Sophos’ MTR and rapid response services business has expanded rapidly.

“The best cybersecurity market advantage a vendor can have against their competition is a superior competitive advantage [over] our collective adversaries,” Levy said. “With attackers constantly devising new means of initial access and defense evasion, the ability to detect these activities earlier … is crucial for minimizing the damage of breaches and ransomware attacks. With Braintrace’s NDR technology, defenders at organizations of all sizes can more quickly discover and disrupt active adversaries.”

Partners can help their customers advance their security solutions to include NDR, he said.

Braintrace works with partners, and they will benefit in the same way as Sophos partners, Levy said.

Bret Laughlin is Braintrace’s CEO and co-founder.

Braintrace’s Bret Laughlin

“NDR is critical to successful threat hunting,” he said. “Braintrace’s competitive differentiation is its unique NDR technology that our MDR analysts leveraged for finding, interrupting and remediating cyberattacks. We built Braintrace’s NDR technology from the ground up for detection. And now, with Sophos, it will fit into a complete system to provide cross-product detection and response across a multi-vendor ecosystem.”

Sophos plans to introduce Braintrace’s NDR technology in the first half of 2022.

Microsoft Acquires CloudKnox Security

Also on Thursday, Microsoft announced it has acquired CloudKnox Security, a provider of cloud infrastructure entitlement management (CIEM).

CloudKnox offers complete visibility into privileged access. It helps organizations right-size permissions and consistently enforce least-privilege principles to reduce risk. In addition, it employs continuous analytics to help prevent security breaches and ensure compliance.

Joy Chik is corporate vice president of Microsoft Identity. She said CloudKnox strengthens her company’s approach to cloud security.

Microsoft’s Joy Chik

“The acquisition of CloudKnox further enables Microsoft Azure Active Directory customers with granular visibility, continuous monitoring and automated remediation for hybrid and multicloud permissions,” she said. “We are committed to providing our customers with unified privileged access management, identity governance and entitlement management.”

Microsoft didn’t say how much it’s paying for CloudKnox.

Focus and Execution

“Our acquisition of CloudKnox, like our recent acquisition announcements on RiskIQ and ReFirm Labs, shows our focus and execution in acquiring, integrating and expanding the strongest defenses for our customers – from chip to cloud – backed by more than 3,500 defenders at Microsoft and the more than 8 trillion security signals we process every day,” Chik said.

Microsoft is in a unique position to help empower and defend the future of hybrid work and multicloud environments, she said.

A Microsoft spokesperson said over the coming weeks, Microsoft will be engaging with all partners and working on developing a strategy and model with them.

Balaji Parimi is CloudKnox’s founder and CEO.

“We saw opportunities to provide even greater value and seamless experience across hybrid and multiclouds with deeper integrations within the Microsoft ecosystem,” he said. “By joining Microsoft, we can unlock new synergies and make it easier for our mutual customers to protect their multicloud and hybrid environments and strengthen their security posture.”