Sophos revealed this week that it has acquired Refactr, a provider of an automation platform that makes it easier to add static and dynamic security scanning and application testing to the DevOps pipeline.

Sophos will extend the Refactr DevSecOps automation platform to add security orchestration automation and response (SOAR) capabilities, said Joe Levy, chief technology officer at Sophos. Levy said the goal is to make it easier for DevOps and cybersecurity teams to collaborate when these integrations are implemented in early 2022. The Refactr platform is a standalone product.

Since Sophos rebuilt its core platform to create a scalable security framework called the Adaptive Cybersecurity Ecosystem, it has acquired a series of cybersecurity companies. The platform is built on a modern microservices-based architecture that simplifies integration of acquisitions, Levy noted, adding that overall, these acquisitions have enabled Sophos to collect a broader range of data that can be used to train artificial intelligence (AI) models and to continually better automate DevSecOps processes.

Recent Sophos acquisitions include Capsule8, a secure container platform provider, and BrainTrace, a managed security provider, and Sophos also acquired Rook Security, another managed security provider, in 2019.

Overall, Sophos is making the case for a security platform that both DevOps and cybersecurity teams can navigate. In addition to integration with continuous delivery and continuous deployment ( CI/CD ) workflows through application programming interfaces (APIs), the Refactr platform can be accessed through visual tools that can be used to create startup tests using drag-and-drop tools.