Corelight

Corelight Logo

Powerful tool able to improve visibility, detection and response timing for real-time network traffic analysis up to 25 Gbps and for post-analysis related to threat management

Designed by the authors of the open source Zeek (former BRO), Corelight Network Security Monitor and Threat detection, through the creation of log reports related to the most widespread protocols, called BRO logs

Threat analyses requiring hours using Snort, Argus, PCAP, Netflow and Syslog are obtained in minutes

Thanks to the Zeek scripting language (Turing complete), possibility to extend or enrich the various protocols offered by default such as IP, TCP, UDP, ICMP, SMB, SSH, Radius and Tunneling

Corelight sensors integrate with the most widespread analytical data solutions including Splunk, Elastic, Kafka, Syslog, S3 and Exabeam

Appliance HW 2, 10 and 25 Gbps

Virtual Sensor VMware (ESXi 6.5 o superiori), da 250 Mbps a 2 Gbps

Faster response time (20x)

Better threat detection capacity (e.g. lateral movement)

Near zero packet loss

Target clients

  • Government agencies
  • High-end research centers
  • Universities
  • Global 2000 companies >$1bn in revenues

Customer needs

  • Security architecture/engineering
  • Incident response
  • Threat hunting
  • Data analysis and correlation aimed at detecting network threats