Sophos extends its spending spree with Refactr buy

Thoma Bravo-owned Sophos has announced its second takeover in as many weeks with the acquisition of Seattle-based DevSecOps startup Refactr.

Refactr was founded in 2017 and offers an automation platform that helps cybersecurity and DevOps teams to collaboratively operate. The platform, which is used by the non-profit Center for Internet Security and the U.S. Air Force’s Platform One, features a drag-and-drop low-code pipeline builder and DevOps-friendly features that encourage disparate teams to collaborate on the same agile workflow process, according to the company.

“Our mission is to enable DevSecOps to become the modern approach to automation, where cybersecurity use cases like Security Operation, Automation and Response (SOAR), Extended Detection and Response (XDR), compliance, cloud security, and Identity and Access Management (IAM) become building blocks for DevSecOps solutions,” said Michael Fraser, CEO and co-founder of Refactr.

The deal, the terms of which were not disclosed, will see Refactr’s entire team of developers and engineers join Sophos. While Sophos says it will continue to develop and offer Refactr’s DevSecOps automation platform to existing customers, it will also embed its SOAR capabilities to its own managed threat response (MTR) and XDR solutions.

“With Refactr, Sophos will fast track the integration of such advanced SOAR capabilities into our adaptive cybersecurity ecosystem, the basis for our XDR product and MTR service,” said Joe Levy, chief technology officer at Sophos.

Sophos’ acquisition of Refactr lands shortly after it announced plans to buy Braintrace, a cybersecurity startup that provides organizations visibility into suspicious network traffic patterns. Thoma Bravo completed its $3.9 billion takeover of Sophos in 2020 as the company continues to increase its reach in the cybersecurity space. Since then, the private equity firm has acquired security vendor Proofpoint for $12.3 billion and led a $225 million funding round in zero-trust unicorn Illumio.