CONTACT US
forrester wave report 2023

Close your ransomware case with Open NDR

SEE HOW

Download our free guide to find hidden attackers.

Find hidden attackers with Open NDR

SEE HOW

cloud-network

Corelight announces cloud enrichment for AWS, GCP, and Azure

READ MORE

corelight partner programe guide

Corelight's partner program

VIEW PROGRAM

glossary-icon

10 Considerations for Implementing an XDR Strategy

READ NOW

ad-images-nav_0006_Blog

Don't trust. Verify with evidence

READ BLOG

video

The Power of Open-Source Tools for Network Detection and Response

WATCH THE WEBCAST

ad-nav-ESG

The Evolving Role of NDR

DOWNLOAD THE REPORT

ad-images-nav_0006_Blog

Detecting 5 Current APTs without heavy lifting

READ BLOG

g2-medal-best-support-spring-2024

Network Detection and Response

SUPPORT OVERVIEW

 

Replace IDS and extend entity visibility

Today, as a part of our v27 software release, we are launching enhanced IDS rules management functionality, extending analyst visibility around hosts, devices, users, and more, and upgrading the Corelight Software Sensor to give customers more NDR deployment flexibility.

Replacing IDS with NDR  

A core component of Corelight’s open NDR platform is our IDS functionality that delivers a unique combination of signature-based detections using Suricata and Corelight-developed behavioral and ML detections, all interlinked with the comprehensive network evidence analysts need to efficiently validate, triage, and tune them. 

We’ve seen strong 75% YoY ARR growth in our IDS add-on subscription business, helping customers around the globe replace their stand-alone IDS solution with Corelight’s open NDR platform. At Corelight, our threat detection philosophy is “use the right tool for the job” and our customers appreciate the flexibility and detection-in-depth benefits that come from access to signatures, behavioral models, and machine learning in our platform. 

With our v27 software release, we continue to improve upon our NDR platform’s integrated Suricata IDS functionality by allowing customers to: 

  • Automatically ingest and update IDS rulesets (e.g., ET PRO) via Fleet Manager

  • Disable, enable, or remove specific IDS rules directly via Fleet Manager

Closing asset visibility gaps on the network 

I am proud to introduce Corelight’s latest security analytics collection, the Corelight Entity Collection, which identifies apps and subnets and summarizes activity for hosts, devices, names, services, certs, users, and domains to help customers track assets and speed investigations via immediate asset context. With Corelight’s comprehensive network visibility and Entity Collection insights, customers can get fast answers to queries such as:

  • What hosts are offering SSH on my network? 

  • What usernames have been used to login over the past week from an IP address?  

  • And more..

Beyond an organization’s CMDB lies an ever-changing inventory of unknown, unmanaged entities traversing the network. Corelight’s Entity Collection improves visibility around those entities while accelerating incident response and threat-hunting workflows.

Corelight Software Sensor

Corelight gives customers numerous NDR deployment options via a range of sensor form factors that can cover everything from corporate data centers to cloud workloads to satellite offices. The Corelight Software Sensor deploys as a flexible solution that runs on Linux-based hardware, VMware images and more. It allows customers to leverage existing investments and get visibility where they cannot install vendor appliances, providing uniform network evidence across hybrid, cloud, and distributed environments.

The Corelight v27 software release adds Corelight Fleet Manager support and new log and file exporters to the Corelight Software Sensor so customers can deploy Corelight’s full NDR capabilities in more places.

Concluding thoughts

The network security landscape is changing quickly with the rise of NDR platforms and emergence of XDR and Corelight’s open NDR platform can help organizations keep up and evolve their cybersecurity defenses by: 

  1. Consolidating security tools (e.g. IDS)

  2. Complementing security tools (e.g. CMDB asset visibility gaps)

  3. Powering security tools  (e.g. NDR integration with SIEM & XDR)

With Corelight you can extend powerful visibility, detection, investigation, & response capabilities across cloud and hybrid network attack surfaces with an NDR solution that integrates with and complements your adjacent security investments. 

By John Gamble, Sr. Director of Product Marketing, Corelight

 

Recent Posts