Zeek is used by thousands of organizations around the world to extract meaningful data from network traffic in real time. Here are a few examples of real world implementations.
The challenges of real-time DNS transaction data meant analysts spent 20 minutes manually aggregating data for every event. They deployed a Corelight Sensor with Splunk to monitor east-west traffic to get direct access to the right data.
After years of working with Zeek, the manufacturer wanted to migrate to a much higher throughput connection while minimizing packet loss. Corelight was the answer, delivering a true enterprise-grade, high-performance Zeek solution that was far easier to manage.
Education First is a global firm with 40,000 employees. After deploying Corelight Sensors, their security team saw incredible impact. Their average incident response time dropped from hours to minutes thanks to Corelight’s network logs that allowed them to make lightning-fast sense of their traffic.
The law firm wanted a threat hunting solution based on network traffic analysis to provide real-time, comprehensive insight into traffic spanning multiple data centers and satellite offices around the world that collectively saw throughput speeds of up to 6 Gbps.
A top research university's network footprint spans multiple campuses, with average utilization exceeding 35 Gbps. They wanted to build more custom detection scripts, but their netflow records and server and firewall logs did not offer rich enough data to accomplish this. Corelight's Zeek logs did.
A Security Engineer at one of the world's largest energy companies found Corelight through his prior experience running Zeek, an open-source network security monitoring framework. The Security Engineer worked on an agile security engineering team within the organization's Security Operations Center (SOC) and managed network forensics across multiple regional offices.