Sophos acquires Refactr to automate enterprise  code security

Get a free Techzine subscription!

This acquisition opens a new chapter in enterprise code security with the unique CI/CD pipeline, which allows for close collaboration between cybersecurity teams and developers.

Sophos Group PLC, a provider of cybersecurity, recently made waves when it acquired the startup Refactr.Inc.

This Seattle-based company aims to help enterprise software platforms identify and correct vulnerabilities within their codes. The financial details of the acquisition are yet to be disclosed to the public.  However, Sophos has followed this step by purchasing another startup named Braintrace Inc. just two weeks ago.

Enhancing DevSecOps – The goal for Refactr

Refactr is aimed towards the DevSecOps segment of cybersecurity, used for productions that assist developers in writing secure code and reducing cyberattack risks.

This involves an initial phase of producing code and a second deployment phase where software tools, called CI/CD pipeline, check the code for bugs and configures the software infrastructure. This step requires minimal input from developers.

The CI/CD pipeline is essential for enterprise cybersecurity, scanning new software for vulnerabilities, identifying any possible security lapses, and other cybersecurity tasks.

The biggest obstacle is that CI/CD pipelines are the domain of developers, but preventing breaches is the cybersecurity team’s responsibility. This can lead to miscommunication and configuration mismatches in the tools used.

Benefits of early adoption

Refactr has made things easier by developing a platform where developers and cybersecurity teams can collaborate for CI/CD pipeline development. The cybersecurity team can define actions for breach prevention and transfer the information to developers who can customize it as per their requirements.

This Refactr acquisition will allow Sophos to tap into the market for development tools and address the clientele of enterprise developers looking for more secure ways to write code. An indicator of this market’s potential growth is the large amounts of funding and capital that code security startups have managed to secure, with Snyk Ltd., raising $200 million initially and closing off with an additional $300 million six months later.