Read the Gartner® Competitive Landscape: Network Detection and Response Report
Read the Gartner® Competitive Landscape: Network Detection and Response Report
START HERE
WHY CORELIGHT
SOLUTIONS
CORELIGHT LABS
Close your ransomware case with Open NDR
SERVICES
ALLIANCES
USE CASES
Find hidden attackers with Open NDR
Corelight announces cloud enrichment for AWS, GCP, and Azure
Corelight's partner program
10 Considerations for Implementing an XDR Strategy
March 11, 2019 by Brian Dye
Last week’s RSA announcements included a pair of new entrants in to the SIEM space, Google Chronicle’s Backstory and Microsoft’s Azure Sentinel. While the entry of larger players in to the SIEM space is an eyebrow-raiser on its own, in conjunction with the existing competitive fray it is pretty amazing. The good news is that this level of competitive intensity is a very good thing for customers and defenders. That said, it is worth looking at the main angles of innovation that are playing out across all the form factors (on-prem, MSSP, and SaaS) … and the elephant in the room that goes with them:
What’s missing in this discussion? The DATA ITSELF. As any data scientist will tell you, the best tools in the world are accelerated (or limited!) by the data. Furthermore, getting the data “right” is the most time consuming part of many data-intensive projects … and the SOC is one big data analysis project. In talking to customers, I’ve seen three key trends that underscore how important the data is to the success of defenders using any of these technologies:
All three of these often result in teams looking for an alternative to the “by-product data” they have today. What does that mean? Most of the logs in the SOC were never meant for large scale security analytics … they are operational or alerting logs from a protection or detection technology. This search for better data often leads defenders and data scientists to Corelight (based on the Zeek (fka Bro) open source project), because it has:
In the end, the increased competition in the SIEM space - including next-generation SIEM - is a great thing for people and organizations charged with defending networks and information, and we at Corelight are happy to partner with all of them. No matter which technology you are using today (or considering tomorrow) for your SOC to remediate critical security-related outcomes, come check out Corelight. Getting the right data from the start accelerates almost everything in your IR process, from tools to people. That’s why we believe Corelight is your next best move in security. Put succinctly in the the words of one of our customers, “If I didn’t have this data I wouldn’t sleep well at night. I like to sleep well at night.”
Tagged With: Zeek, Bro, Industry, Partnership, data, extensibility, SIEM, SOC, MSSP, Splunk, Product, RSA, Kafka Streams, Azure Sentinel, Elastic, Brian Dye, Chronicle Backstory, data science, Exabeam, Humio, Security Operations Center, infosec, PANW, SAAS