network detection response
Corelight Investigator accelerates threat hunting
This morning we announced Corelight Investigator, an open NDR platform that enables security teams with next-level evidence. Here is how it works.
This summer, we launched Investigator, Corelight’s SaaS-based network detection and response (NDR) solution that fuses rich network evidence with machine learning and other security analytics to unlock powerful threat hunting capabilities and accelerate analyst workflows. Today, we are pleased to share that the Investigator platform is engaged in attestation for GDPR to support customer threat hunting and incident response operations across Europe.
Since launch, we’ve received positive feedback on the platform from security operators around the globe. Three especially strong areas of customer enthusiasm and excitement we’ve observed so far:
- Ease of alert investigation and transparency - we’ve made Corelight’s network evidence one-click accessible from every alert generated by the platform so analysts can easily investigate and validate detections. Customers also report that they enjoy the transparency of alert logic in Investigator, including the feature-specific scoring view presented for all Corelight machine-learning-based detections to help analysts validate and contextualize these alerts.
- Lightning-fast query response - Investigator’s SaaS backend and industry-leading log storage and query engine deliver rapid results to analyst searches across millions of records. Analysts have told us that Investigator has given them results in mere seconds to queries that previously took several minute “coffee break” wait times.
- Comprehensive security dashboarding - Investigator ships with dozens of pre-built security dashboards that aggregate threat alerts by type, summarize key protocol and network activity, and highlight potential indicators of risk, such as the presence of expiring and self-signed certificates. Customers tell us these dashboards make network security monitoring easier and create numerous launch points for potential threat investigations.
With today’s announcement, we’re excited to bring these benefits and the power of Investigator to the broader European market. Corelight customers and prospects can contact sales directly for pricing information or reach out to their preferred Corelight reseller in Europe.
Organizations interested in becoming Corelight channel partners can learn more and apply here. More information about Investigator can be found on the Corelight website.
By Sara Shuman, Senior Product Marketing Manager