Mar
02
2020
--

Thoma Bravo completes $3.9B Sophos acquisition

Thoma Bravo announced today that it has closed its hefty $3.9 billion acquisition of security firm Sophos, marking yet another private equity deal in the books.

The deal was originally announced in October. Stockholders voted to approve the deal in December.

They were paid $7.40 USD per share for their trouble, according to the company, and it indicated that as part of the closing, the stock had ceased trading on the London Stock Exchange. It also pointed out that investors who got in at the IPO price in June 2015 made a 168% premium on that investment.

Sophos hopes its new owner can help the company continue to modernize the platform. “With Thoma Bravo as a partner, we believe we can accelerate our progress and get to the future even faster, with dramatic benefits for our customers, our partners and our company as a whole,” Sophos CEO Kris Hagerman said in a statement. Whether it will enjoy those benefits or not, time will tell.

As for the buyer, it sees a company with a strong set of channel partners that it can access to generate more revenue moving forward under the Thoma Bravo umbrella. Sophos currently partners with 53,000 resellers and managed service providers, and counts more than 420,000 companies as customers. The platform currently helps protect 100 million users, according to the company. The buyer believes it can help build on these numbers.

The company was founded way back in 1985, and raised over $500 million before going public in 2015, according to PitchBook data. Products include Managed Threat Response, XG Firewall and Intercept X Endpoint.

Oct
10
2019
--

Flaw in Cyberoam firewalls exposed corporate networks to hackers

Sophos said it is fixing a vulnerability in its Cyberoam firewall appliances, which a security researcher says can allow an attacker to gain access to a company’s internal network without needing a password.

The vulnerability allows an attacker to remotely gain “root” permissions on a vulnerable device, giving them the highest level of access, by sending malicious commands across the internet. The attack takes advantage of the web-based operating system that sits on top of the Cyberoam firewall.

Once a vulnerable device is accessed, an attacker can jump onto a company’s network, according to the researcher who shared their findings exclusively with TechCrunch.

Cyberoam devices are typically used in large enterprises, sitting on the edge of a network and acting as a gateway to allow employees in while keeping hackers out. These devices filter out bad traffic, and prevent denial-of-service attacks and other network-based attacks. They also include virtual private networking (VPN), allowing remote employees to log on to their company’s network when they are not in the office.

It’s a similar vulnerability to recently disclosed flaws in corporate VPN providers, notably Palo Alto Networks, Pulse Secure and Fortinet, which allowed attackers to gain access to a corporate network without needing a user’s password. Many large tech companies, including Twitter and Uber, were affected by the vulnerable technology, prompting Homeland Security to issue an advisory to warn of the risks.

Sophos, which bought Cyberoam in 2014, issued a short advisory this week, noting that the company rolled out fixes on September 30.

The researcher, who asked to remain anonymous, said an attacker would only need an IP address of a vulnerable device. Getting vulnerable devices was easy, they said, by using search engines like Shodan, which lists around 96,000 devices accessible to the internet. Other search engines put the figure far higher.

A Sophos spokesperson disputed the number of devices affected, but would not provide a clearer figure.

“Sophos issued an automatic hotfix to all supported versions in September, and we know that 99% of devices have already been automatically patched,” said the spokesperson. “There are a small amount of devices that have not as of yet been patched because the customer has turned off auto-update and/or are not internet-facing devices.”

Customers still affected can update their devices manually, the spokesperson said. Sophos said the fix will be included in the next update of its CyberoamOS operating system, but the spokesperson did not say when that software would be released.

The researcher said they expect to release the proof-of-concept code in the coming months.

Jun
25
2015
--

Security Firm Sophos Raises $125M In UK IPO, Valuing It At $1.6B

sophos As malicious hacks, data breaches and other forms of cyber crime continue to persist in our networked, Internet-connected world, Sophos, a maker of antivirus software, firewall hardware and other security products for networks, individual users and servers, is going public on the London Stock Exchange.
Trading now as Sophos Group plc and using the “SOPH” ticker, the company… Read More

Powered by WordPress | Theme: Aeros 2.0 by TheBuckmaker.com