New data aggregation capability delivers needed storage cost savings and accelerates threat hunting and forensic investigations
SAN FRANCISCO, Feb. 18, 2025 /PRNewswire/ - Corelight, the fastest growing provider of network detection and response (NDR) solutions, today announced a new capability to summarize network logs while retaining critical security insights. By introducing data aggregation for all Corelight sensors, customers have the ability to condense the volume of network data sent to security information and event management (SIEM) systems, accelerate threat hunting, and strengthen their overall security coverage.
Security operations center (SOC) teams are inundated with data, often spending a third of their workday (32%) investigating incidents that are not a real threat.1 Managing this sheer volume of logs also places a heavy financial burden on organizations due to high storage processing and analysis costs.
“Corelight is committed to providing the most concise and actionable data for analysts without sacrificing the quality,” said Vijit Nair, vice president of product, Corelight. “This new aggregation capability condenses and prioritizes data before it reaches the SIEM, ensuring that only what is actionable and relevant is stored and ingested. This drastically decreases the amount of data sent to the SIEM, driving a more cost-effective approach to storing the data an organization needs.”
Because of the storage costs involved, most customers don’t have the ability to send an unlimited amount of data to their SIEM. Forrester recently reported that reducing SIEM ingestion costs is one of the top inquiries analysts receive from clients.2 Reducing the volume of data to review improves threat detection accuracy for security analysts, resulting in faster investigation times and more efficient resource allocation.
With this new offering, Corelight’s Open NDR platform becomes the only NDR solution to provide data aggregation capabilities without impacting time intervals, granularity or sacrificing log integrity to reduce SIEM costs.
Key features of the capability include:
Customers now have the ability to reduce data volumes between 40% and 80% across the six most common log types – conn, dns, http, ssl, files and weird. Data aggregation can also reduce the time it takes to run a query by as much as 70%, which can boost detection accuracy. Additionally, by reducing data volume, customers can extend retention periods by up to 500%, enabling deeper forensic analysis and retroactive threat hunting for newly discovered indicators over a much longer timeframe.
To learn more about Corelight’s data aggregation capabilities, please visit: https://corelight.com/blog/reduce-network-log-volume-with-data-aggregation.
About Corelight
Corelight transforms network and cloud activity into evidence that security teams use to proactively hunt for threats, accelerate response to incidents, gain complete network visibility and create powerful analytics. Corelight's global customers include Fortune 500 companies, major government agencies, and large universities. Based in San Francisco, Corelight is an open-core security company founded by the creators of Zeek®, the widely-used network security technology. For more information, visit https://corelight.com or follow @corelight_inc.
1 IBM: Global Security Operations Center Study Results
2 Forrester: If You’re Not Using Data Pipeline Management For Security And IT, You Need To