Corelight

Corelight delivers powerful network visibility solutions for information security professionals, helping them understand network traffic and defend their organizations more effectively. Corelight solutions are built on Zeek, the powerful and widely-used open source network analysis framework that generates actionable, real-time data for thousands of security teams worldwide. Zeek data has become the ‘gold standard’ for incident response, threat hunting, and forensics in large enterprises and government agencies worldwide.

Corelight makes a family of network sensors that take the pain out of deploying open-source Zeek by adding integrations and capabilities large organizations need. The Zeek project was initially developed at Lawrence Berkeley National Laboratory (LBNL) and has been supported by the US Department of Energy (DOE), the National Science Foundation (NSF), and the International Computer Science Institute (ICSI).

Corelight provides capabilities around threat hunting, threat detection, data enrichment and network operations.  The following is a partial list of what Corelight can do for your agency:

  • Locate PCAP files needed for investigation
  • Fingerprint encryption connections
  • Access malware attack scope
  • Verify containment and remediation
  • Detect hidden C2 server communications
  • Detect lateral movement
  • Enhance traffic monitoring with local context
  • Identify vulnerable software
  • Flag Cyrillic keyboard usage
  • Create inventories of connected devices
  • Monitor risky SSL certificates