Sophos has acquired SOC.OS, a provider of security alert investigation and triage services with an extensive list of third-party integration partners.
The deal is intended to help the vendor’s Managed Threat Response (MTR) service and extended detection and response solution, which debuted just short of a year ago, collect data from a broader range of sources and act on it more effectively. It was announced a day after Sophos rolled out updates to its firewall.
“Sophos MTR is one of the fastest-growing new offerings in the company’s history. We now stand as one of the largest Managed Detection and Response (MDR) operations in the world, delivering superior security outcomes through an MTR service with more than 8,000 customers. The top enhancement request from these customers is ‘better integrations with existing security environments,’ and with the innovative technology from SOC.OS, we will be able to do just that—seamlessly integrate Sophos’ MTR and XDR solutions within their current set of security and IT solutions,” said Joe Levy, chief technology and product officer at Sophos, in a media statement.
“SOC.OS will also provide our Adaptive Cybersecurity Ecosystem with a broader set of third-party telemetry, so security analysts have better visibility into important events and alerts,” Levy continued. “SOC.OS has an impressive list of integrations that will benefit Sophos customers as we continue to expand and develop industry-leading XDR and MDR capabilities. We’re very excited to bring the team and technology from SOC.OS onboard.”
Launched in 2020, SOC.OS is a U.K.-based spinout of BAE Systems Digital Intelligence. Its core offering consolidates alerts from multiple security solutions and automatically prioritizes the most urgent ones for immediate attention. The system is compatible with a variety of endpoint, server, firewall, identity and access management, cloud workload, email, and mobile security products from BlackBerry, Cisco Meraki, Fortinet, Malwarebytes, Microsoft, Palo Alto Networks, SentinelOne, SonicWall, and Trend Micro, among others.
“Alert fatigue and lack of visibility still plague security teams worldwide. Considering this, against the backdrop of constantly changing cyberthreats and a challenging talent landscape, defenders need new and innovative products and services that can help them solve more complex incidents in less time,” said SOC.OS CEO and co-founder Dave Mareels in prepared remarks. “For many defenders, however, the complexity and cost of traditional security solutions act as barriers to adoption. By joining forces with Sophos, we can address these challenges together, head on. The sum is greater than our parts, and by combining our capabilities, we’re positioned to offer truly unique, cost effective and highly accessible products and services to those who need it most, on a global scale.”
The Adaptive Cybersecurity Ecosystem, which also arrived last spring, is a cross-vendor architecture designed to help Sophos and other security vendors identify and remediate attacks more effectively by sharing threat information with one another.
The updates to Sophos Firewall announced yesterday add new SD-WAN and VPN capabilities to the product. The SD-WAN enhancements allow users to accelerate IPsec VPN traffic, orchestrate multisite SD-WAN environments via the Sophos Central management plane, and make automated traffic routing decisions across multiple WAN link gateways based on their performance. The system can both monitor and log performance data now as well.
The VPN upgrades deliver up to a 5x performance improvement, according to Sophos, simplify VPN administration, and make integration with Amazon Web Services virtual private clouds easier.
“Today’s globally distributed networks coupled with the explosion of cloud-based applications are forcing many organizations to re-think their traditional WAN architectures,” said Raja Patel, senior vice president of products at Sophos, in a press statement. “A key pillar of our Secure Access Service Edge (SASE) strategy, the new SD-WAN and VPN capabilities integrated in Sophos Firewall enable organizations not only to embrace these necessary changes, but to also adopt flexible wide area network connections and improve resiliency and cloud application performance.”
Sophos introduced its latest generation of firewalls, which are equipped with an extra processor designed to accelerate inspection of encrypted traffic, a year ago.
In addition to firewalls, Sophos’s portfolio of security hardware includes wireless access points, SD-RED remote Ethernet devices, and a new set of switches that shipped earlier this year.