Corelight Sensor

Additional Info

CompanyCorelight
Websitehttp://www.corelight.com
Company size (employees)50 to 99

Overview

Corelight delivers the most powerful network visibility solutions for information security professionals, helping them understand network traffic and defend their organizations more effectively. Corelight solutions are built on the Zeek framework (formerly known as “Bro”), the powerful and widely-used open source network analysis framework that generates actionable, real-time data for thousands of security teams worldwide. Zeek data has become the ‘gold standard’ for incident response, threat hunting, and forensics in large enterprises and government agencies worldwide. Corelight makes a family of network sensors — both physical and virtual, at every scale — that take the pain out of deploying open-source Zeek by adding integrations and capabilities large organizations need.

Corelight Sensors extract more than 400 data elements from network traffic in real-time, using a format that was chosen by incident responders, for incident responders. The Corelight Sensor is zero-maintenance and fine-tuned for enterprise performance at scale. Corelight extends Zeek’s powerful functionality with new capabilities and a suite of enterprise features such as higher throughput (up to 25 Gbps), an elegant web GUI, log filtering and forking, sensor health monitoring, and streaming data export to Splunk, Elastic, Kafka, Syslog, S3, and more.

Use cases include:
**Incident response enablement – Zeek’s network logs provide a comprehensive, easily searchable record of all activity on the wire, allowing IR professionals to resolve more incidents, faster, when compared to the status quo alternative of trying to resolve security alerts via a patchwork of disconnected, low level network logs like Netflow or DNS server records.

**Threat hunting enablement – Zeek’s network logs can illuminate east-west network traffic that was previously dark, giving threat hunters the hunting surface (data) to look for evidence of malicious activity such as lateral movement or c2 beaconing.

**Threat and anomaly detection – Port scanning detection

** Investigating unauthorized SMB file access

How we are different

-- Corelight should be any organization’s first move in cybersecurity because
a) it’s comprehensive: Zeek extracts hundreds of security-relevant pieces of data that are essential to security teams
b) it’s non intrusive and the easiest and fastest solution that can be deployed and
c) it’s comprehensive in the breadth and depth of data captured from email, web traffic, DNS queries, DHCP, SSL and dozens of other data types from layers 3 to 7.


-- Powerful network visibility built on the open-source Bro Network Security Monitor (recently renamed Zeek) - initially developed in 1995 at Lawrence Berkeley National Laboratory (LBNL), and supported by the US Department of Energy (DOE), the National Science Foundation (NSF), and the International Computer Science Institute (ICSI) - means that the underlying Corelight technology is battle-tested and has been proven to work on networks of every size and industry vertical for more than 20 years.


-- No other solution is available that can effectively capture the right data - there are solutions that can capture NetFlow (not enough data), and those that capture PCAP (too much data over a short period of time) but only Corelight offers the ability to access the data that will help empower the rest of the security stack to better identify and eliminate threats on the network.