Corelight launched Corelight Investigator, a SaaS-based solution that provides SOC teams with open-source-driven network evidence. Corelight Investigator provides advanced capabilities for turning network and cloud activity into evidence in a quick and intuitive platform, it is simple to deploy and use. Corelight converts network and cloud activity into evidence, allowing data-first defenders to stay ahead of evolving attacks. Its NDR platform gives unparalleled visibility into the network and access to new analytics.

Brian Dye, CEO of Corelight commented, “We believe that evidence is at the heart of cybersecurity for any organization. We have the privilege of working with defenders of critical infrastructure that can afford data lake architectures and in-house analytics teams to execute their evidence-driven cyber strategy. Corelight Investigator brings the design patterns of those elite defenders to the broader enterprise by combining advanced analytics and threat hunting capability with the power of Zeek, the industry de-facto standard for network evidence.”

Corelight Investigator provides complete network visibility, both on-premises and in the cloud, with evidence that spans months and years rather than days and weeks. Customers can use machine learning, behavioral analysis, threat intelligence, and signatures mapped to the MITRE ATT&CK framework to provide comprehensive coverage of network-centric threats.

This evidence leads to specialized detections and enables the threat hunting required for advanced, persistent, and personalized attacks. Furthermore, it allows for the custom enrichment of network evidence, such as asset information, vulnerabilities, or per-asset context, and connects threat hunting and incident response via custom alerts, queries, and dashboards.

Corelight Investigator provides users with access to detailed, interconnected Zeek logs, including DNS responses, file hashes, and SSL. It also gives you access to Corelight Labs, which is constantly developing new analytics for evolving threats and vulnerabilities by leveraging cross-customer visibility at the speed of SaaS, for both investigating alerts and enabling threat hunting.

John Grady, senior analyst with ESG stated, “As attacks continue to evolve and grow in sophistication, security teams need NDR solutions that provide not only timely and accurate detections, but the supporting context to respond quickly and effectively. Corelight meets these requirements by bringing rich network evidence from its decades-long open-source Zeek heritage, combined with novel analytics from an array of inferences, making it a powerful contender in the space.”

Read more articles:

Insider Threat?