Corelight Announces New Platform to Deliver Open-Source Network Proofs Integrated with Machine Learning and Behavioral Analytics
Corelight Investigator simplifies and accelerates threat hunting and investigation with intelligent alert aggregation, built-in queries, and scalable search
SAN FRANCISCO, May 25, 2022 /PRNewswire/ — Corelight, the leader in open network detection and response (NDR), today announced Corelight Investigator, a SaaS-based solution that extends the power of open source network evidence to SOC teams across the whole world. Investigator offers advanced features to turn network and cloud activity into evidence in a fast and intuitive platform that’s easy to deploy and use.
Based on insights gained from knowledgeable advocates in the open-source Zeek community, Corelight Investigator not only provides advanced analytics and open access to the best evidence in the network, but also the ability to enrich custom evidence unique to each environment. With Corelight Investigator, security teams can quickly accelerate threat hunting and investigations by mapping threat activity across the MITER ATT&CK® and reduce alert volume with intelligent alert scoring.
“We believe that evidence is at the heart of cybersecurity for any organization,” said Brian Dye, CEO of Corelight. “We are privileged to work with critical infrastructure advocates who can afford data lake architectures and in-house analytics teams to execute their evidence-based cyber strategy. Corelight Investigator brings the design patterns of these advocates security to the entire enterprise by combining analysis and threat hunting capabilities with the power of Zeek, the de facto industry standard for network evidence.”
Complete network visibility with next-level analytics
Corelight Investigator provides complete network visibility, both on-premises and in the cloud, with evidence that spans months and years, not days and weeks. Customers can leverage machine learning, behavioral analysis, threat intelligence and signatures, mapped to the MITER ATT&CK framework, to enable broad coverage of network-centric threats.
This evidence leads to specialized detections and enables the threat hunting necessary for advanced, persistent and personalized attacks. Additionally, it supports custom enrichment of network evidence – such as asset information, vulnerabilities or context per asset – and connects threat hunting and incident response through alerts, queries and personalized dashboards.
“Unlike competing ‘closed’ solutions, Corelight Investigator brings a new level of openness to the SaaS NDR market that allows customers to fully understand the logic behind machine learning-based detections, and freely integrates these alerts with their existing tools. for the widest coverage”, mentioned Clint SableSenior Vice President of Products for Corelight.
Powered by open source and new research
“In addition to the advanced analytics provided by Corelight Labs, another benefit of Corelight Investigator is its ability to harness the analytical power of open source Zeek and meerkat communities. This provides broad threat coverage, including zero-day rapid response capabilities, said Vern Paxson, co-founder and chief scientist of Corelight. “The open source nature of Zeek helps us illuminate Why a detection has occurred, along with rich information about its surrounding context.”
Corelight Investigator customers can access richly detailed and interconnected Zeek logs, including access to DNS responses, file hashes, SSL as well as logs created by Corelight Laboratories – which continuously creates new analytics for evolving threats and vulnerabilities using cross-client visibility with the speed of SaaS – both to investigate those alerts and enable threat hunting.
“As attacks continue to evolve and become more sophisticated, security teams need NDR solutions that not only provide fast and accurate detections, but also the supporting context to respond quickly and effectively,” said John Grady, senior analyst at ESG. “Corelight meets these requirements by bringing rich network evidence from its decades-old open-source Zeek heritage, combined with new analytics from a range of inferences, making it a strong contender in the space. .”
University of Missouri boosts network visibility with Corelight Investigator
For many organizations, it is not possible to staff an entire security or development team dedicated to analyzing massive volumes of network traffic. This is the case for the research team and the support services of University of Missouri who needed a solution that could provide complete network visibility without the management overhead and other adjustments often required with competing solutions.
“We are a large university and we need to have full network visibility,” said Aaron Scantlinsecurity analyst at University of Missouri. “It was simple to set up, which means the rest of my time is spent on advanced analytics and other work.”
Additionally, Corelight Investigator quickly identifies threats on the network so the team can take immediate action and provides access to raw data for further investigation.
“Corelight Investigator ingests events so we can interrogate them at a glance,” Scantlin said. “It improves our security posture by providing instant access to events we need to act on.”
Price and availability
Corelight Investigator joins the Corelight Sensor product portfolio and will be generally available in June. Corelight customers and prospects can contact sales directly for pricing information. More information about Corelight Investigator can be found on Corelight website.
Corelight provides security teams with network evidence so they can protect the world’s most critical organizations and businesses. Corelight’s global customers include Fortune 500 companies, major government agencies and leading research universities. Situated at San FranciscoCorelight is an open-core security company founded by the creators of Zeek®, the widely used network security technology. For more information, www.corelight.com.