Monday, October 21, 2019

The power of Zeek by Corelight

Corelight, emerging leader in network security, organized a very good session during the recent IT Press Tour. We had the privilege to meet the exec team at their HQ in San Francisco and we realize the role of its team in the industry.

First, the technology developed and promoted by Corelight is Zeek, new name of Bro, the de-facto standard for network traffic analysis invented by Vern Paxson in 1995. Corelight as a company was founded in 2013 by Vern Paxson, again, Robin Sommer and Seth Hall at Lawrence Berkeley National Lab. Zeek is used by at least 15 vendors that develops specific features on top of the engine. This is te case for Darktrace and several other famous players. Zeek is a free open source software network traffic collector and almost all developers of it work for Corelight. Zeek can be downloaded on zeek.org.

The company builds its own product line of Zeek-based solutions named sensors from physical appliances to virtual to cloud eventually. In addition of Zeek, Corelight adds features like log files formatting, exports and custom insights and partners with several SIEM vendors like Splunk or Elastic often coupled with Corelight's sensors. Zeek generates different logs and the list is super long, we invite the reader to check the cheatsheet.

Corelight sensors delivered physical appliances exist in 3 !u models: AP3000, AP1001 and AP200 respectively dedicated to 25+, 10 and 2Gbps.


The virtual sensor flavor requires minimum VMware ESXi 6.0 or Hyper-V on Windows Server 2016 supporting up to 2Gbps so aligned to the AP200 for branch offices. The last product iteration is the cloud instances available for AWS with supports of VPC but not yet available on the AWS marketplace.

The company also markets Fleet Manager to control and manage up to 250 sensors deployed across the enterprise from a single management console. It is available as a Linux package.


Beyond the classic alert model based on threat discovery, Corelight promotes a threat hunting approach based on all structured logs products by Zeek, that anticipates potential issues and reduces time to resolution. Then these threats feed an alert system to trigger specific protection and network fixes.

Corelight also raised a Series-C of $50M to reach a total of $84.2M to maintain its leadership and accelerates developments and geo expansion.
Share:
By  /   /  No comments  / 

0 commentaires:

Post a Comment

Subscribe to: Post Comments (Atom)