Deal Further Automates Sophos’ Adaptive Cybersecurity Platform, Which Underpins All of Sophos’ Product Solutions, Services, Threat Intelligence, and Data Lake

OXFORD, U.K. — 八月 3, 2021 —

Sophos, a global leader in next-generation cybersecurity, today announced that it has acquired Refactr, which develops and markets a versatile DevSecOps automation platform that bridges the gap between DevOps and cybersecurity. Based in Bellevue, Washington, Refactr launched in 2017 and is privately held.

As DevOps and security teams continue to adopt “IT-as-Code” approaches to managing their environments, Refactr’s ability to automate any of these processes enables teams to scale. For example, with Refactr’s platform, DevOps teams can augment existing continuous integration, continuous delivery and continuous deployment (CI/CD) workflows, and cybersecurity teams can leverage the platform’s visual drag and drop builder. Refactr has leading customers in both the private and government/public sectors, including the Center for Internet Security and the U.S. Air Force’s Platform One.  

Sophos is optimizing Refactr’s DevSecOps automation platform to add Security Orchestration Automation and Response (SOAR) capabilities to its Managed Threat Response (MTR) and Extended Detection and Response (XDR) solutions. The SOAR capabilities will also help automate Sophos’ Adaptive Cybersecurity Ecosystem, which underpins all of Sophos’ product solutions, services, threat intelligence, and data lake.

According to Gartner®, "the security technology market, in general, is in a state of overload, with pressure on budgets, staff shortages and too many point solutions. Customers often cite problems with an overload of events or alerts, complexity and duplication of tools. As a general practice, automation promises to solve many of these problems and, in cybersecurity, SOAR is the primary vehicle for this functionality.”1 Gartner further notes that “proposed use cases for SOAR include everything from the automation of rote SOC tasks to the streamlining of niche and complex workflows. With appropriate preparation, the commitment of the right skills and resources, and careful use-case-centric planning, SOAR can deliver on the promises of reduced event overload, increased detection accuracy, team scalability, reduced time to detection and overall better security operations.”2

Sophos’ Active Adversary Playbook 2021 has identified clear correlations among the top five tools used by adversaries that IT administrators and security professionals use in their everyday tasks. The report also revealed that 37 attack groups used more than 400 different tools between them. The median attacker dwell time before detection was 11 days, providing attackers with up to 264 hours for malicious activity, from lateral movement, reconnaissance, credential dumping, data exfiltration, and more. Early detection and response through automation can help minimize these statistics and improve security against attackers who are constantly looking for new ways to gain entry and a foothold.

“First-generation SOAR solutions have moved our industry forward in significant ways, but we’re now witnessing an evolution where more and more businesses are becoming software companies, and our security solutions need to evolve in parallel. As we’ve seen in recent supply-chain incidents, attackers are increasingly targeting software development pipelines, and defenders need the ability to shift further left of attackers. The industry needs SOAR to mature into more capable and generalizable DevSecOps solutions, and Sophos’ acquisition of Refactr will help us lead the way,” said Joe Levy, chief technology officer, Sophos. "With Refactr, Sophos will fast track the integration of such advanced SOAR capabilities into our Adaptive Cybersecurity Ecosystem, the basis for our XDR product and MTR service. We will provide a full spectrum of automated playbooks for our customers and partners, from drag-and-drop to fully programmable, along with broad integrations with third-party solutions through our technology alliances program to work with today’s diverse IT environments.”

Sophos will continue to develop and offer Refactr’s platform to their existing and growing base of partners and organizations that want to build customized IT and security automations for themselves and for their customers. Refactr’s Community Edition will continue to be available as well.

“We created the Refactr platform so that every organization can deliver effective DevSecOps through holistic security-first automation. Our platform was purpose-built to be versatile, interoperable and easy to use. Cybersecurity teams can now collaborate with DevOps to easily build complicated IT automation and security integrations through DevSecOps pipelines,” said Michael Fraser, CEO and co-founder, Refactr. “Our mission is to enable DevSecOps to become the modern approach to automation, where cybersecurity use cases like SOAR, XDR, compliance, cloud security, and Identity and Access Management (IAM) become building blocks for DevSecOps solutions. We are already seeing success in providing organizations our emerging technology, including the Center for Internet Security and the U.S. Air Force. We are proud of what we accomplished at Refactr, and excited for the next part of our journey with Sophos to help create a more secure world through DevSecOps.”

Refactr’s entire team of team of developers and engineers have joined Sophos. In addition to the continued offering of the Refactr platform, Sophos plans to begin offering SOAR options by early 2022.

1 Gartner, Market Guide for Security Orchestration, Automation and Response Solutions, September 21, 2020, Claudio Neiva, Craig Lawson, Toby Bussa, Gorka Sadowski

2 Gartner, SOAR: Assessing Readiness Through Use-Case Analysis, March 10, 2020, Eric Ahlm, Augusto Barros, Michael Clark 
GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved.

关于 Sophos

Sophos 是全球领先的网络安全公司,凭借其人工智能驱动的平台和专家主导的服务,保护着全球 60 万家组织的安全。Sophos 根据各组织在不同安全成熟度的各式各样的需求提供支持,并与其共同成长,携手应对日益严峻的网络攻击。其解决方案结合机器学习、自动化、实时威胁情报以及来自 Sophos X-Ops 的前线真人专家的专业知识,提供 24/7 全天候高级威胁监控、侦测与响应服务。
Sophos 提供行业领先的托管式侦测与响应 (MDR) 服务,同时配备一整套全面的网络安全技术组合,包括端点、网络、电子邮件和云安全、扩展式侦测与响应 (XDR)、身份辨识威胁侦测与响应 (ITDR),以及下一代 SIEM。结合专家咨询服务,这些能力帮助组织主动降低风险,并更迅速地响应,提供力求在不断变化的威胁面前保持领先所需的可见性和可扩展性。
Sophos 通过全球合作伙伴生态系统进入市场,包括托管式服务提供商 (MSPs)、托管式安全服务提供商 (MSSPs)、经销商、分销商、市场集成商以及网络风险合作伙伴,为组织提供灵活的选择,使其能够在保护业务安全的同时建立值得信赖的合作关系。  Sophos 总部位于英国牛津。如欲了解更多信息,请访问 www.sophos.cn。