Defenders have chosen high ground from the Acropolis to the edge of space in order to see further and repel assaults. Corelight gives an organization a birds-eye perspective of the network, allowing it to outwit and outlive the security breaches. Corelight collects, analyzes, and links the data that is critical to the defenders. Corelight provides cybersecurity network traffic analysis tools. It assists security experts in deciphering network traffic and detecting and preventing intrusions. Bro, a widely used open-source framework that gives real-time analysis of network traffic, was employed to create this solution.

There’s a better approach to dealing with issues than combing through mountains of PCAP files or trying to put together data from thin NetFlow records. It’s Zeek by Corelight on the other end of the line. When a security alert is triggered or a problem is found to be examined, Zeek assists in locating the issue more quickly. It works in conjunction with signature-based technologies to help an organization swiftly track complicated events across different flows and protocols, pinpointing and resolving security problems. Suricata and Zeek both allow for tailoring solutions to specific needs. This customization is quick and has a significant security impact, as seen by the Corelight community’s ability to reply to Curveball in less than a day.

The company’s Smart PCAP is a highly efficient approach to packet capture that links logs, extracted files, and security insights with the packets that are needed, providing admins with only what’s necessary for investigations. Instead of a hodgepodge of random sources that don’t capture what the client need, Corelight feeds SIEM with rich, security-centric logs that accelerate incident response and threat hunting workflows. Export Corelight’s logs to Splunk, Elastic, Humio, or just about any SIEM in minutes. Its plug and play sensors make deploying Zeek and Suricata fast and straightforward, no matter where the company need them. Each is preloaded with packages and detections that maximize ability to discover abnormalities and stop attackers.

Smart PCAP packet capture method ties logs, extracted files, and security insights to the packets an organization requires, providing only the information needed for investigations. This can help an organization save a lot of money on storage while also increasing retention times by a factor of ten. It also makes working with packets faster and simpler. By converting most traffic into rich Zeek logs and collecting only the packets an organization needs, Corelight’s Smart PCAP drastically lowers TCO. Their plug-and-play sensors make deploying Zeek and Suricata simple and quick, regardless of where they’re needed. Each comes equipped with packages and detections to help an organization find anomalies and stop intruders faster. With over 50 distinct insights and detections, the Corelight C2 Collection aids in the detection of command and control activities. This collection contains both known C2 toolkits and MITRE ATT & CK C2 approaches to identify fresh assaults, and it has been battle-tested by some of the world’s most sophisticated enterprises. 

Corelight, which recently announced the launch of the industry’s first open network detection and response (NDR) technology, has secured $75 million in a Series D round headed by Energy Impact Partners. “Public listing time frames are always hard to forecast, and we view the private markets as attractive in the short term, so we expect to remain private for the next couple of years and will look at market conditions then to decide our next step,” says Brian Dye, CEO of Corelight. Corelight intends to leverage its recent investment to accelerate its worldwide market presence and develop new data and cloud-based products, according to the company. Aside from go-to-market growth, “we are investing to ensure that the insight we provide both continues to lead the industry and can be readily used by customers of all types,” Dye adds. 

Microsoft Defender for IoT compatibility was just disclosed by Corelight. Corelight is the first Microsoft NDR partner to use the cross-industry integration features of Defender for IoT. Customers may transfer data from installed sensors to Microsoft 365 Defender, which will use behavioral analytics and machine learning techniques to locate and categorize devices, as well as defend, detect, and respond to IoT threats.

Corelight seeks to deliver cutting-edge content that enables comprehensive, thorough monitoring of business network activity for threat hunting, analysis, and response with such a robust behavioral system.