Bitdefender Buys Network Security Analytics Startup RedSocks


Bitdefender has moved beyond its endpoint security roots with the acquisition of emerging network behavior, traffic analytics and threat intelligence vendor RedSocks Security.

The Bucharest, Romania-based company said its purchase of The Hague, Netherlands-based RedSocks is the first technology-related acquisition Bitdefender has made in its 17-year history, according to Chief Strategy Officer Rares Stefan. RedSocks is the first of what Stefan expects to be a series of technology-related deals made by Bitdefender to broaden its portfolio of capabilities.

"It's a very important moment in Bitdefender's strategy," Stefan told CRN.

RedSocks stood out to Bitdefender thanks to its emphasis on research and development, Stefan said, as well as its expertise from a personnel standpoint across open-source, threat intelligence, and artificial intelligence and machine learning. Bitdefender examined 20 potential acquisition targets across network security analytics as well as other complementary technologies before pulling the trigger on RedSocks.

Sponsored post

Network security analytics – or the ability to reduce white noise and zoom in on what's happening from a technology perspective – is one of the hottest areas in all of cybersecurity today, Stefan said. But up until now, Stefan said the process has been hindered by too many false positives and insufficient automation.

RedSocks' approach to analytics is based on the premise that most network traffic today is encrypted, Stefan said, meaning that it won't be possible to look at the payload inside the traffic. Instead, Stefan said the company has built mathematical models that allow for the identification of particular behaviors without examining the content of the network traffic itself.

The company was founded in 2012, employs 37 people, and has raised $6.5 million in two rounds of outside funding, according to LinkedIn and CrunchBase. Terms of the deal, which closed on Oct. 11, weren't disclosed, and all of RedSocks' employees were offered positions with Bitdefender, according to the company.

As Bitdefender has matured over the past half-decade, Stefan said it has reached a point where it's confident in the knowledge it has amassed in the endpoint protection and endpoint detection and response (EDR) spaces and is now ready to strengthen other areas of its security posture.

Specifically, Stefan said a lot of the data generated from its EDR tool is actionable threat intelligence that can now be applied to network traffic. Endpoint protection and EDR only address device an organization has a presence on, Stefan said, while network security analytics can provide a holistic view of all the traffic an organization is seeing, which is very important as industrial IoT becomes more prevalent.

By marrying endpoint data, passive network traffic analytics and cloud threat intelligence together, Stefan said Bitdefender will now have the ability to eliminate white noise and zero in on what's most important to security operators. The two firm's platforms will be fully integrated within a year, Stefan said, and the RedSocks appliance will be able to leverage Bitdefender's threat intelligence by Dec. 31.

From a channel perspective, Bitdefender has already started the integration of RedSocks' roughly 100 solution providers into the Bitdefender Partner Advantage Network, according to Joe Sykora, vice president of worldwide channel development. The structure and requirements of the two partner programs is similar, Sykora said, and should offer the channel opportunity for additional margins.

Very little overlap exists between the existing Bitdefender and RedSocks partners since the later tended to be either enterprise-level or consulting firms, Sykora said. RedSocks partners will be quickly tied into Bitdefender's existing channel account managers and sales engineers, said Sykora, who hopes to have the partners trained to cross-sell by the end of this quarter.

It's encouraging that Bitdefender is looking at acquisitions that will fill in gaps in their line card, according to Douglas Grosfield, president and CEO of Kitchener, Ontario-based Five Nines IT Solutions. Specifically, Grosfield said the industry must be taking preventative approach and look toward analytics to block threat vectors.

"All of the security vendors need to be thinking along these lines."

Reliable and proper endpoint protection is mere table stakes today, Grosfield said, and is no longer enough for vendors to compete and win in the cybersecurity space. Instead, vendors must be willing to put more skin in the game and broaden their solution set with technologies such as intrusion prevention, anomaly detection and artificial intelligence.

"The landscape is so broad these days and rapidly evolving," Grosfield told CRN.