December 8, 2022 by John Gamble
Today, as a part of our v27 software release, we are launching enhanced IDS rules management functionality, extending analyst visibility around hosts, devices, users, and more, and upgrading the Corelight Software Sensor to give customers more NDR deployment flexibility.
A core component of Corelight’s open NDR platform is our IDS functionality that delivers a unique combination of signature-based detections using Suricata and Corelight-developed behavioral and ML detections, all interlinked with the comprehensive network evidence analysts need to efficiently validate, triage, and tune them.
We’ve seen strong 75% YoY ARR growth in our IDS add-on subscription business, helping customers around the globe replace their stand-alone IDS solution with Corelight’s open NDR platform. At Corelight, our threat detection philosophy is “use the right tool for the job” and our customers appreciate the flexibility and detection-in-depth benefits that come from access to signatures, behavioral models, and machine learning in our platform.
With our v27 software release, we continue to improve upon our NDR platform’s integrated Suricata IDS functionality by allowing customers to:
Automatically ingest and update IDS rulesets (e.g., ET PRO) via Fleet Manager
Disable, enable, or remove specific IDS rules directly via Fleet Manager
I am proud to introduce Corelight’s latest security analytics collection, the Corelight Entity Collection, which identifies apps and subnets and summarizes activity for hosts, devices, names, services, certs, users, and domains to help customers track assets and speed investigations via immediate asset context. With Corelight’s comprehensive network visibility and Entity Collection insights, customers can get fast answers to queries such as:
What hosts are offering SSH on my network?
What usernames have been used to login over the past week from an IP address?
Beyond an organization’s CMDB lies an ever-changing inventory of unknown, unmanaged entities traversing the network. Corelight’s Entity Collection improves visibility around those entities while accelerating incident response and threat-hunting workflows.
Corelight gives customers numerous NDR deployment options via a range of sensor form factors that can cover everything from corporate data centers to cloud workloads to satellite offices. The Corelight Software Sensor deploys as a flexible solution that runs on Linux-based hardware, VMware images and more. It allows customers to leverage existing investments and get visibility where they cannot install vendor appliances, providing uniform network evidence across hybrid, cloud, and distributed environments.
The Corelight v27 software release adds Corelight Fleet Manager support and new log and file exporters to the Corelight Software Sensor so customers can deploy Corelight’s full NDR capabilities in more places.
The network security landscape is changing quickly with the rise of NDR platforms and emergence of XDR and Corelight’s open NDR platform can help organizations keep up and evolve their cybersecurity defenses by:
Consolidating security tools (e.g. IDS)
Complementing security tools (e.g. CMDB asset visibility gaps)
Powering security tools (e.g. NDR integration with SIEM & XDR)
With Corelight you can extend powerful visibility, detection, investigation, & response capabilities across cloud and hybrid network attack surfaces with an NDR solution that integrates with and complements your adjacent security investments.
By John Gamble, Sr. Director of Product Marketing, Corelight