Cybersecurity firm Sophos announced its acquisition of Refactr, a firm that develops and markets development, security, and operations (DevSecOps) automation platform that bridges the gap between development and operations (DevOps) and cybersecurity.

Sophos is optimizing Refactr’s DevSecOps automation platform to add Security Orchestration Automation and Response (SOAR) capabilities to its Managed Threat Response (MTR) and Extended Detection and Response (XDR) solutions. The SOAR capabilities will also help automate Sophos’ Adaptive Cybersecurity Ecosystem, which underpins all of Sophos’ product solutions, services, threat intelligence, and data lake.

Based in Bellevue, Washington, Refactr launched in 2017 and is privately held and has customers in both the private and government/public sectors, including the Center for Internet Security and the US Air Force’s Platform One.

Keep ransomware at bay with Sophos Managed Threat Response

Education sector, hardest hit by ransomware in 2020 — Sophos

“We created the Refactr platform so that every organization can deliver effective DevSecOps through holistic security-first automation,” said Michael Fraser, CEO and co-founder, Refactr. “Our platform was purpose-built to be versatile, interoperable and easy to use. Cybersecurity teams can now collaborate with DevOps to easily build complicated IT automation and security integrations through DevSecOps pipelines,”

IT-as-Code

As DevOps and security teams continue to adopt “IT-as-Code” approaches to managing their environments, Refactr’s ability to automate any of these processes enables teams to scale. With Refactr’s platform, DevOps teams can augment existing continuous integration, continuous delivery and continuous deployment (CI/CD) workflows, and cybersecurity teams can leverage the platform’s visual drag and drop builder.

“The industry needs SOAR to mature into more capable and generalizable DevSecOps solutions, and Sophos’ acquisition of Refactr will help us lead the way,” said Joe Levy, CTO, Sophos. “With Refactr, Sophos will fast track the integration of such advanced SOAR capabilities into our Adaptive Cybersecurity Ecosystem, the basis for our XDR product and MTR service. We will provide a full spectrum of automated playbooks for our customers and partners, from drag-and-drop to fully programmable, along with broad integrations with third-party solutions through our technology alliances program to work with today’s diverse IT environments.”

Refactr’s entire team of developers and engineers have joined Sophos. In addition to the continued offering of the Refactr platform, Sophos plans to begin offering SOAR options by early 2022.

“Our mission is to enable DevSecOps to become the modern approach to automation, where cybersecurity use cases like SOAR, XDR, compliance, cloud security, and Identity and Access Management (IAM) become building blocks for DevSecOps solutions,” Fraser said.