Corelight

Official partner of Cyberseer

What is Corelight?

Corelight enhances security monitoring by providing rich, network-based protocol-comprehensive log data that helps support enterprise wide investigations, threat hunting and Incidents utilising actionable security insights.

Why should you use Corelight?

Corelight is utilised by Cyberseer to compliment centralised logging solutions. The rich series of network data captured by Corelight helps support swift triage and identification of potential threats as they traverse the network.

The benefits of Corelight

Corelight’s network data makes your SOC more efficient and powerful.

Deployed out-of-band
Corelight Sensors typically operate by accepting a copy of network traffic from a packet broker, Tap or SPAN port. Regardless of deployment option, they’re not intercepting primary network traffic, yet still inspecting a complete copy.
Stealthy
Since Corelight Sensors are out-of-band, attackers have no way of knowing they’re present and therefore can’t evade them. An intruder only has to make one mistake to blow their cover.
Comprehensive
Typical deployments are made at logical choke points in the network topology. With a single Corelight deployment, Cyberseer gain a comprehensive view of the organisations network end to end.

Lightweight and more efficient
Zeek logs are a fraction of total network traffic (typically 0.5% to 1%, sometimes as little as 0.1%), making the time window available for retrospective analysis massively larger (because you can store 100 to 1,000 times as much data in the same storage system you’re already using, compared to PCAP).
Providers of structured, relevant data
Because Corelight Sensors produce automatically correlated and structured logs out of one appliance (or a fleet if you have multiple sensors), all logs are easily ingested into your log management solution removing the organisational and logistical hassles of setting up additional logging systems.