Corelight enhances security monitoring by providing rich, network-based protocol-comprehensive log data that helps support enterprise wide investigations, threat hunting and Incidents utilising actionable security insights.
Why should you use Corelight?
Corelight is utilised by Cyberseer to compliment centralised logging solutions. The rich series of network data captured by Corelight helps support swift triage and identification of potential threats as they traverse the network.
Corelight’s network data makes your SOC more efficient and powerful.
Deployed out-of-band Corelight Sensors typically operate by accepting a copy of network traffic from a packet broker, Tap or SPAN port. Regardless of deployment option, they’re not intercepting primary network traffic, yet still inspecting a complete copy.
Stealthy Since Corelight Sensors are out-of-band, attackers have no way of knowing they’re present and therefore can’t evade them. An intruder only has to make one mistake to blow their cover.
Comprehensive Typical deployments are made at logical choke points in the network topology. With a single Corelight deployment, Cyberseer gain a comprehensive view of the organisations network end to end.
Lightweight and more efficient Zeek logs are a fraction of total network traffic (typically 0.5% to 1%, sometimes as little as 0.1%), making the time window available for retrospective analysis massively larger (because you can store 100 to 1,000 times as much data in the same storage system you’re already using, compared to PCAP).
Providers of structured, relevant data Because Corelight Sensors produce automatically correlated and structured logs out of one appliance (or a fleet if you have multiple sensors), all logs are easily ingested into your log management solution removing the organisational and logistical hassles of setting up additional logging systems.