When our chief scientist created Bro at Lawrence Berkeley National Laboratory in 1995, he never imagined it would be used worldwide more than 20 years later. For over 20 years the founders of Corelight have been building and improving the open source software, and now they've founded a company.
San Francisco, Calif.—Dec. 12, 2018—Corelight, providers of the most powerful network visibility solution for cybersecurity, and Exabeam, the next-gen SIEM company, today announced a strategic partnership that will combine proven network security monitoring (NSM) with advanced behavior analytics and automated incident response capabilities. The combined solution, which integrates Corelight Sensor data with the Exabeam Security Management Platform, helps joint customers in their efforts to detect, investigate and respond to increasingly advanced threats.
Many sophisticated attacks move laterally through a network, leveraging users and machines in search of high value data. These attackers are often difficult for security teams to detect, as their movements blend in with legitimate user activity and network traffic. The combination of lateral movement and siloed usage of point security products leaves many security teams vulnerable to compromise.
The joint Exabeam and Corelight solution can augment, provide additional context to, and enable rapid analysis of network data. Corelight Sensors provide real-time actionable insight into network traffic across multiple business sites by extracting hundreds of security-relevant pieces of data across dozens of protocols and data types.
Since virtually all attacks must traverse networks, making NSM a fundamental part of cybersecurity defense is an essential step for any organization. Based on open-source Zeek (formerly known as Bro, the powerful and widely-used open source network analysis framework), Corelight Sensors serve as a unifying foundation for security teams that require immediate visibility into the data on their networks.
Exabeam ingests network alerts from Corelight Sensors via syslog and combines them with existing log data, third party tools, and contextual data from identity and authentication tools to establish a baseline of normal behavior for all assets in an organization — including communication patterns, ports and protocols used, and operating activity.
The Exabeam Security Management Platform automatically identifies risky, anomalous device activity that may be indicative of a security incident or compromise. By gathering all related events into Exabeam Smart Timelines, prebuilt timelines that automatically reconstruct the events underlying security incidents, the platform enables analysts to stop spending time combing through raw logs to investigate. The joint solution enables security analysts to easily identify suspicious activity and remediate threats in real-time.
“Data is the lifeblood of the network but deciphering the right data at the right time can be a complex and time-consuming task,” said Brian Dye, chief product officer at Corelight. “Corelight Sensors alleviate this complexity by capturing enterprise-grade data organized into actionable logs that are then enriched and contextualized by the Exabeam Smart Timelines. This powerful combination ensures that our mutual customers can spend less time responding to false security alerts and more time detecting and eradicating malicious activity from their networks before a breach occurs.”
“Cyber threats have become more advanced, making it increasingly challenging for organizations to continually protect their customers,” said Ted Plumis, vice president of worldwide channels at Exabeam. “Corelight and Exabeam deliver a streamlined security solution that provides organizations with more powerful detection capabilities against sophisticated threats like lateral movement and higher fidelity alerts than a single solution could achieve alone.”
Corelight delivers the most powerful network visibility solutions for information security professionals, helping them understand network traffic and defend their organizations more effectively. Corelight solutions are built on the Zeek framework (formerly known as “Bro”), the powerful and widely-used open source network analysis framework that generates actionable, real-time data for thousands of security teams worldwide. Zeek data has become the ‘gold standard’ for incident response, threat hunting, and forensics in large enterprises and government agencies worldwide. Corelight makes a family of network sensors — both physical and virtual, at every scale — that take the pain out of deploying open-source Zeek by adding integrations and capabilities large organizations need. The Zeek project was initially developed at Lawrence Berkeley National Laboratory (LBNL), and has been supported by the US Department of Energy (DOE), the National Science Foundation (NSF), and the International Computer Science Institute (ICSI). Corelight is based in San Francisco, Calif. For more information, visit https://www.corelight.com or follow @corelight_inc.
Exabeam delivers next-generation security management technology that enables organizations to protect their most valuable information. The Exabeam Security Management Platform combines unlimited log data collection, advanced behavioral analytics, and automated incident response, all supported by Exabeam’s patented Smart Timelines technology that uses machine learning to track identity and behavior over time. The company’s recent industry accolades include Forbes Cloud 100, Inc. 500, and SC Awards Europe, among many other distinctions. Exabeam is privately funded by Aspect Ventures, Cisco Investments, Icon Ventures, Lightspeed Venture Partners, Norwest Venture Partners and well-known security investor Shlomo Kramer. For more information, visit https://www.exabeam.com or follow us on Twitter @exabeam.