forrester wave report 2023

Close your ransomware case with Open NDR



Corelight now powers CrowdStrike solutions and services



Alerts, meet evidence.



5 Ways Corelight Data Helps Investigators Win



10 Considerations for Implementing an XDR Strategy



Don't trust. Verify with evidence



The Power of Open-Source Tools for Network Detection and Response



The Evolving Role of NDR



Detecting 5 Current APTs without heavy lifting



Network Detection and Response



Corelight to Expand AI Usage Across Portfolio, Including Industry Leading GPT-Driven Integrations

San Francisco, Calif. — April 20, 2023 — Corelight the leader in open network detection and response (NDR), today announced a broad expansion in the integration of artificial intelligence (AI) technologies across its portfolio. AI is now used to detect a wider range of sophisticated attacks, to enrich security data with contextual insight, and to provide SOC analysts with new capabilities for understanding and reacting to security alerts.

Corelight now offers a full range of advanced machine learning (ML) models across all form factors, from SaaS, to the network edge, to the datacenter. In addition to Corelight's existing coverage across a wide range of TTPs, organizations can now leverage both supervised and deep learning techniques for identifying and responding to malicious URLs and domains, as well as targeted phishing attacks. These models play a critical role in detection and analytics within Corelight's Open NDR platform. The platform also allows SOC analysts to view and understand ML determinations, providing critical explainability and visibility.

Corelight puts evidence at the heart of security. The company's Open Network Detection and Response (NDR) platform is the fastest-growing in the industry, and the only one powered by open source. Corelight helps protect some of the most sensitive, mission-critical enterprises and government agencies in the world. This, combined with its scalable architecture (1G to 100G) and dedicated support infrastructure are key drivers in Corelight's high NPS scores and world class net retention rate.

"Phishing remains a key pain point for many enterprises that fall victim to advanced attacks, and defenders struggle to find it as it's happening. Our new ML models enable customers to identify malicious domains impersonating legitimate and commonly used sites through a variety of new techniques, providing increased visibility into these dangerous attacks," said Dr. Vern Paxson, Corelight Co-Founder and Chief Scientist.

"AI won't replace you, but an attacker using AI will surely try to defeat you — so defenders need every technique at their disposal," said Brian Dye, Corelight CEO. "Our newest ML analytics continue to expand the breadth of detection coverage at high accuracy, and our AI integration accelerates investigation and response — providing end to end assistance for security analysts. This is made possible because of the quality of evidence born from the Zeek project, which powers the most advanced network defenders globally."

Corelight also announced today an industry leading integration for large language models (LLM) with OpenAI's GPT-4 that enables NDR customers to leverage the power of AI-driven language processing to boost SOC efficacy, while mitigating risks inherent in adopting these technologies. Available on Corelight's SaaS platform (Investigator), GPT language processing is now integrated directly into the SOC analyst's workflow, leveraging powerful capabilities to provide new context surrounding alerts, potential mitigation, and increased explainability that enables users to immediately understand otherwise complex detection patterns and pursue feasible actions.

"By leveraging GPT directly in our analyst experience, we are able to empower all users regardless of their sophistication to immediately recognize and understand complex attack patterns and potential remediations," said Clint Sand, SVP of Product at Corelight. "As with many systems, the output is only as good as what you put in it, so there is plenty of opportunity for innovation. Our customers are telling us that our approach to GPT integration is solving a real problem, and this is only the beginning of what's possible."

Additional machine learning is available in Corelight's SaaS platform, Investigator, now and will be available on Corelight Sensors in May. GPT integration into Investigator will be released in July. Customers interested in a demonstration of the GPT integration are encouraged to stop by the Corelight Booth (#1555) at RSAC 2023 or request a demo at

About Corelight
Corelight transforms network and cloud activity into evidence that security teams use to proactively hunt for threats, accelerate response to incidents, gain complete network visibility and create powerful analytics. Corelight's global customers include Fortune 500 companies, major government agencies, and large universities. Based in San Francisco, Corelight is an open-core security company founded by the creators of Zeek®, the widely-used network security technology. For more information, visit or follow @corelight_inc.

Media and Analyst Contact:
Steve Bosk
W2 Communications

Recent Posts