CONTACT US
forrester wave report 2023

Close your ransomware case with Open NDR

SEE HOW

Download our free guide to find hidden attackers.

Find hidden attackers with Open NDR

SEE HOW

cloud-network

Corelight announces cloud enrichment for AWS, GCP, and Azure

READ MORE

corelight partner programe guide

Corelight's partner program

VIEW PROGRAM

glossary-icon

10 Considerations for Implementing an XDR Strategy

READ NOW

ad-images-nav_0006_Blog

Don't trust. Verify with evidence

READ BLOG

video

The Power of Open-Source Tools for Network Detection and Response

WATCH THE WEBCAST

ad-nav-ESG

The Evolving Role of NDR

DOWNLOAD THE REPORT

ad-images-nav_0006_Blog

Detecting 5 Current APTs without heavy lifting

READ BLOG

g2-medal-best-support-spring-2024

Network Detection and Response

SUPPORT OVERVIEW

 

Corelight Announces Integration for Microsoft Defender for IoT as a Data Source for the Platform

San Francisco, Calif., — Nov. 2, 2021 — Corelight, provider of the industry’s leading open network detection and response (NDR) platform, today announced product compatibility with Microsoft Defender for IoT. Corelight is the first Microsoft NDR partner to take advantage of Defender for IoT’s cross-industry integration capabilities. Corelight customers can send data from deployed sensors to Microsoft 365 Defender, and in turn to Defender for IoT to apply its behavioral analytics and machine learning techniques to discover and classify devices and to protect, detect, and respond to IoT attacks.

“The number of unmanaged systems on the Internet is soaring, and this ever-expanding risk surface is already a target. Unfortunately, most defenders lack the information they need about IoT and OT systems in their environment,” said Greg Bell, co-founder and chief strategy officer for Corelight. “Our integration combines best-in-class network evidence from Corelight, with the advanced vulnerability management, threat intelligence and detection and response capabilities of Microsoft Defender for IoT. The result is more efficient incident response, and deeper insight into IoT footprint, behavior, and risk.” 

Corelight’s open NDR solution provides full network coverage of on-premise, cloud, and hybrid environments to help security operations teams using Defender for IoT detect and respond to the most challenging attacks. As an open platform, Defender for IoT can use network signal from Corelight sensors for asset discovery, inventory, risk assessment, detection, and mitigation.

“Corelight is leveraging our open platform to share data to further enrich Microsoft Defender for IoT,” said Nir Giller, Microsoft Defender for IoT group manager. “Customers who have deployed Corelight can secure their entire IoT and OT environments with Microsoft 365 Defender and Defender for IoT within minutes while adding more detections based on encrypted traffic analysis and complementing Microsoft’s MITRE ATT&CK coverage.”

Additional benefits from Corelight’s solution include:

  • Network detection and response (NDR) coverage for every device on the network: Understand and manage risk across the entire IoT and OT landscape including high-value assets, managed and unmanaged endpoints, IoT devices, and cloud environments.
  • Single platform for NDR: Corelight provides everything security operations teams need for detection and response, built on open standards including Zeek® for telemetry, Suricata for alerts, and Smart PCAP for packets.
  • Faster answers for analysts and hunters: Rich, structured network data from 35+ protocols, 400+ data fields captured in real time provides additional context for alerts, accelerating incident response and dramatically expanding threat hunting capabilities.
  • Integration with existing SOC toolsets: Correlate rich network telemetry with threat intelligence feeds for sending to multiple destinations simultaneously, including Microsoft Sentinel, Splunk, and other analytic tools.
  • Deeper insights: Unique insights to hunt for attackers without compute-intensive practices that compromise privacy, find command-and-control (C2) activity with more than 50 unique insights that cover both known C2 toolkits and MITRE ATT&CK C2 techniques, and more. 

Today’s news was announced on the opening day of Microsoft Ignite 2021 virtual conference. In addition to this news, Corelight CSO Bernard Brantley will be speaking on the Tackling the biggest cybersecurity challenges in 2022 panel session at 11:30 a.m. Pacific Time today.

Availability

Corelight integration will be available with public preview of Microsoft Defender for IoT scheduled for November 30. More information on today’s news can be found on the Corelight blog.

About Corelight

Corelight provides security teams with network evidence so they can protect the world’s most critical organizations and companies. Corelight’s global customers include Fortune 500 companies, major government agencies, and large research universities. Based in San Francisco, Corelight is an open-core security company founded by the creators of Zeek, the widely-used network security technology. For more information, www.corelight.com

 

Recent Posts