About Us

Sophos Acquires Braintrace to enhance Adaptive Cybersecurity Ecosystem with Braintrace’s Network Detection and Response (NDR) Technology

Sophos, a worldwide leader in next-generation cybersecurity, announced the acquisition of Braintrace, which will add Braintrace’s unique Network Detection and Response (NDR) technology to Sophos’ Adaptive Cybersecurity Ecosystem. Eliminating the need for Man-in-the-Middle (MitM) decryption, Braintrace’s NDR enables comprehensive visibility into network traffic patterns, including encrypted communication. 

Braintrace’s developers, data scientists, and security analysts have joined Sophos’ global Managed Threat Response (MTR) and Rapid Response teams as part of the acquisition. With over 5,000 active clients, Sophos’ MTR and Rapid Response services market has grown quickly, making it one of the world’s largest and rapidly-growing MDR suppliers.

Through integration into the Adaptive Cybersecurity Ecosystem, which supports all Sophos products and services, Braintrace’s NDR technology will help Sophos’ MTR and Rapid Response analysts, as well as Extended Detection and Response (XDR) clients. The Braintrace technology will also be used to capture and forward third-party event data from firewalls, proxies, VPNs, and other sources. Threat identification, threat hunting, and responding to suspicious activity all will benefit from these added layers of visibility and event ingestion.

“You can’t protect what you don’t know is there, and businesses of all sizes often miscalculate their assets and attack surface, both on-premises and in the cloud. Attackers take advantage of this, often going after weakly protected assets as a means of initial access. Defenders benefit from an ‘air traffic control system’ that sees all network activity, reveals unknown and unprotected assets, and exposes evasive malware more reliably than Intrusion Protection Systems (IPS). We’re particularly excited that Braintrace built this technology specifically to provide better security outcomes to their Managed Detection and Response (MDR) customers. It’s hard to beat the effectiveness of solutions built by teams of skilled practitioners and developers to solve real world cybersecurity problems,” said Joe Levy, chief technology officer, Sophos

“NDR is critical to successful threat hunting. Braintrace’s competitive differentiation is its unique NDR technology that our MDR analysts leveraged for finding, interrupting and remediating cyberattacks. With our own NDR technology, the team responds faster and more accurately because of the real-time, automated visibility and threat verification they have into encrypted traffic. We built Braintrace’s NDR technology from the ground up for detection and now, with Sophos, it will fit into a complete system to provide cross-product detection and response across a multi-vendor ecosystem,” said Bret Laughlin, CEO and co-founder of Braintrace.

NDR technology from Braintrace is a critical component in protecting against cyberattacks today and in the future. According to Sophos research, hackers shift strategies frequently to avoid detection and carry out their operations. Braintrace’s technology detects malicious C2 traffic from malware like ColbaltStrike, BazaLoader, and TrickBot, as well as zero-day exploits, which could lead to ransomware and other attacks. This visibility allows threat hunters and analysts to anticipate any prospective ransomware attack, such as REvil and DarkSide’s recent attacks.

In the first half of 2022, Sophos plans to release Braintrace’s NDR technology for MTR and XDR.

Distributed Denial of Service (DDoS) – Everything You Need to Know

A Distributed Denial of Service (DDoS) is a cyber-attack in which the attackers seek to make an online service unavailable by overwhelming it with traffic from multiple sources. DDoS attacks account for a significant portion of security threats and latest attacks have been larger and more complex than ever before. Research firms are expecting the DDoS attack prevention market to grow 20% every year.

The Basic steps in DDoS are-

1) Detection – The DDoS attack detection involves identification of deviations in traffic flow from a normal to high traffic based on parameters like IP address, bandwidth, etc. The wide-global distribution of attacking sources makes it extremely hard for organizations to recognize real client traffic from attack traffic spread across many points of origin. DDoS detection is the key to quickly stop or mitigate attack and to do these two factors- 1) Speed of detection and 2) Accuracy of detection, play an important role.

2) Decision – Traffic is rerouted away from its target organization using DNS (Domain Name System) or other techniques and a decision must be taken whether to filter it or discard it completely. Discarding traffic completely affects an organization’s customers.

3) Analysis and Adaption – Analytics helps to gather and analyze information about the attack specific patterns such as repeating IP address range, certain processes misused. Security analytics techniques can provide a detailed comprehensive overview of attack traffic and instant understanding of attack. This information can be used to create new robust system and adapt to enhance future attack prevention.

Risk involved in DDoS attack for an Enterprise

DDoS attacks on an organization’s online service or website are time-consuming and expensive. Maximum organizations don’t have experience and technical experts to prevent DDoS attack. These attacks take down an enterprise firm in few minutes and the recovery process take several hours or weeks. An Organization’s network infrastructure comprises of a number of servers, computers and other IT assets. These may include web servers, FTP servers, email servers, ERP or CRM platforms. In a DDoS attack they are targeted resulting in downtime of organization’s business. The negative impact of such downtime can be felt by firm are expensive, it can affect website’s ranking on search engines and they may lose client’s trust, which results in revenue loss. All businesses irrespective of size and industry are vulnerable to DDoS attacks. The organizations having business records, financial data and customer information are more targeted.

DDoS Cloud based Risk Mitigation Services

DDoS mitigation services is a set of techniques or tools for defending or mitigating the effect of distributed denial-of-service (DDoS) attack on Internet-connected networks by protecting the target at various levels of network. DDoS mitigation service can be deployed as a device on an organization’s premises or in their data centers, as a cloud service or hybrid of both. In this, they filter the traffic by accessing data repository stored in the Cloud, so regular customers are not affected. These services are customizable, reliable and can be Scaled up-down as per client’s need.

Big data and ML Integrated Solutions

DDoS attacks are becoming more frequent, Sophisticated and more effective with increasing speed of internet. The pool of potential attacks is now greater than ever considering the increasing availability of attacking tools and botnets. Humans are simply not enough to deter and block DDoS attacks and companies that rely on manual DDoS security and mitigation services are not completely protected against today’s and future threats. Big data Analytics systems can store and process huge data making it possible to have complete logs of raw data like IP address, which can be analyzed with the help of machine learning algorithms to prepare solutions that can help enterprises stay one step ahead of the DDoS attackers. This sector is still in initial phase of growth, but with time they will play a huge role in DDoS attack Prevention.

The main reason behind not buying a Distributed Denial of Service Protection Solution is the cost incurred in buying a service or dedicated team. The key to understanding the extent of the effect of DDoS attacks is to realize the importance or cost of network traffic being blocked or the downtime that will cost a business in terms of trust, reputation and money.