Sophos, a global leader in next-generation cybersecurity solutions, has acquired SOC.OS, an innovator of a cloud-based security alert investigation and triage automation solution. The solution consolidates and prioritizes high volumes of security alerts from multiple products and platforms across an organization’s estate, allowing security operations teams to quickly understand and respond to the most urgent cases flagged.
SOC.OS, launched in 2020, is a spinout of BAE Systems Digital Intelligence. The company is privately held and based in Milton Keynes, UK.
Sophos is a channel-oriented company and has been present in Kenya for more than 15 years through Mart Networks as their distributor. Sophos follows its mission in Kenya to protect all kinds of organizations from cybercrime through its next generation solutions and services. Over the years digital transformation in Kenya has also led to increase in cybercrimes and Sophos has played a major role in securing most regional organizations that have underwent various technological transitions.
Since ransomware attacks don’t respect any boundaries, Kenya is not an exception. Ransomware continues to be one of the biggest cybersecurity concerns and these attacks are evolving all the time. According to the recently published Sophos 2022 Threat Report, the evolution of ransomware attacks has become more service-based and targeted, attackers are turning to additional extortion methods, such as stealing data and threatening to publish or sell this data to aggressive calling employees, putting pressure on their victims to pay.
Sophos researchers predict that in one year, a greater proportion of ransomware attacks will be based on ransomware-as-a-service (RaaS) offerings, with specialist ransomware developers focused on creating and then leasing their malicious code and infrastructure to third-party affiliates. Some of the most high-profile ransomware attacks of 2021 involved RaaS, such as the attack on Colonial Pipeline in the US. Ransomware operators can then turn to other cybercriminal services to buy access to hacked victims or use malware delivery platforms to find and target potential victims. These platforms also deliver commodity malware, adware or spam, threats that are less dangerous and disruptive.
With SOC.OS, Sophos plans to advance its Managed Threat Response (MTR) and Extended Detection and Response (XDR) solutions for organizations of all sizes. SOC.OS will also help Sophos expand its Adaptive Cybersecurity Ecosystem, which underpins all of Sophos’ security solutions. This will include providing alerts and events from third-party endpoint, server, firewall, Identity and Access Management (IAM), cloud workload, email, and mobile security products.
According to the Gartner Market Guide for Extended Detection and Response, Nov. 8, 2021, “To make XDR a long-term investment, (organizations need to) evaluate breadth and depth of ecosystem integration. The easier the XDR can integrate into your existing environment, the better an investment it will be.”
“Sophos MTR is one of the fastest-growing new offerings in the company’s history. We now stand as one of the largest Managed Detection and Response (MDR) operations in the world, delivering superior security outcomes through an MTR service with more than 8,000 customers. The top enhancement request from these customers is ‘better integrations with existing security environments,’ and with the innovative technology from SOC.OS, we will be able to do just that – seamlessly integrate Sophos’ MTR and XDR solutions within their current set of security and IT solutions,” said Joe Levy, chief technology and product officer, Sophos. “SOC.OS will also provide our Adaptive Cybersecurity Ecosystem with a broader set of third-party telemetry, so security analysts have better visibility into important events and alerts. SOC.OS has an impressive list of integrations that will benefit Sophos customers as we continue to expand and develop industry-leading XDR and MDR capabilities. We’re very excited to bring the team and technology from SOC.OS onboard.”
With cyberattacks, such as ransomware, becoming increasingly prevalent and complex, security operations teams are under constant pressure to monitor every aspect of their organization. Between 24/7 threat activity, high volumes of security alerts and false positives, and understaffing, organizations need XDR or MTR, plus a solution from SOC.OS that automatically clusters and triages alerts.
“Alert fatigue and lack of visibility still plague security teams worldwide. Considering this, against the backdrop of constantly changing cyberthreats and a challenging talent landscape, defenders need new and innovative products and services that can help them solve more complex incidents in less time,” said Dave Mareels, the CEO and co-founder, SOC.OS. “For many defenders, however, the complexity and cost of traditional security solutions act as barriers to adoption. By joining forces with Sophos, we can address these challenges together, head on. The sum is greater than our parts, and by combining our capabilities, we’re positioned to offer truly unique, cost effective and highly accessible products and services to those who need it most, on a global scale.”
SOC.OS develops a lightweight security alert investigation and triage automation solution that centralizes, enriches and correlates high volumes of alerts from across an organization’s estate into manageable, prioritized clusters. This allows security operations teams to quickly spot the signal in the noise and more efficiently respond to the most urgent alerts and cases.
Sophos is a worldwide leader in next-generation cybersecurity, protecting more than 500,000 organizations and millions of consumers in more than 150 countries from today’s most advanced cyberthreats. Powered by threat intelligence, AI and machine learning from SophosLabs and Sophos AI, Sophos delivers a broad portfolio of advanced products and services to secure users, networks and endpoints against ransomware, malware, exploits, phishing and the wide range of other cyberattacks. Sophos provides a single integrated cloud-based management console, Sophos Central – the centerpiece of an adaptive cybersecurity ecosystem that features a centralized data lake that leverages a rich set of open APIs available to customers, partners, developers, and other cybersecurity vendors. Sophos sells its products and services through reseller partners and managed service providers (MSPs) worldwide. Sophos is headquartered in Oxford, UK.