Report a security vulnerability
June 5, 2018 by Kylie Heintz
New models cover any site from branch offices to the largest data centers; company also releases software to improve manageability and threat intelligence capabilities
San Francisco, Calif. — June 5, 2018 — Corelight, providers of the most powerful network visibility solution for cybersecurity, today added two new products – the Corelight AP 200 Sensor and Corelight AP 3000 Sensor – to its portfolio. In addition, the company also rolled out several new features in its latest software release, including support for threat intel feeds and a new web app for sensor configuration and management.
Built by the creators of the Bro Network Security Monitor (aka “Bro”), Corelight Sensors make Bro simple to deploy and extend its functionality with higher performance capabilities and a suite of enterprise features such as log filtering and forking, sensor health monitoring, and streaming data export to Splunk, Elastic, Kafka, Syslog, S3, and more. Corelight’s new sensor models help round out the company’s product offerings, enabling new deployment scenarios including branch offices, large data centers, and monitoring of high-speed links.
“Since launching the first Corelight AP 1000 Sensor in 2016, we have remained committed to making sure that every new feature and model stays true to the original intent of Bro – to provide the right amount of actionable data at the right time, with the security, performance, and manageability that enterprises need,” said Brian Dye, Chief Product Officer for Corelight. “Simply put, there is no one-size-fits-all approach to network data. Our new sensor models make it possible for enterprises of all size to harness the power of Bro.”
The new Corelight AP 200 Sensor is a 1U half-depth rack mountable appliance that can monitor up to 2 Gbps of traffic, making it an ideal solution for enterprises with smaller satellite offices, branch locations or high-value enclaves that want real-time actionable insight into network data for faster incident response.
The Corelight AP 3000 Sensor builds on the power and performance of the company’s flagship Corelight AP 1000 Sensor, and can handle up to 25 Gbps to reliably scale Bro in demanding environments such as high-speed networks or Science DMZs, transforming network traffic into high-fidelity data for analytics engines. The AP 3000 also offers shunting, a technique which optimizes analysis of certain kinds of network traffic (for example large-scale data transfers, often called ‘elephant flows’) to further improve Sensor performance. This ensures that organizations with these traffic patterns can allocate Sensor resources to the network flows that are most relevant to them.
In addition, Corelight also unveiled new features as part of its latest software release (1.14), starting with a modern web-based user interface that dramatically streamlines sensor configuration, management, monitoring, and more. Version 1.14 also includes support for the Bro Intelligence Framework, making it possible for customers to import and match against the threat intel feeds of their choice. Many threat intelligence companies already export in the Bro Intelligence Framework format – examples include the Anomali Threat Intelligence Platform and the ThreatConnect intel feed – and customers can easily adapt other intelligence feeds to the Bro format as well.
“You can’t defend against what you are not aware of. Good threat intel plays a critical role in providing a full picture of what could be lurking on your network,” said Dye. “We want to give our customers the ability to integrate the feeds that they have come to rely on. This was a popular feature in Bro and we are pleased to now offer it to all Corelight customers.”
Corelight AP 200 and AP 3000 Sensors are available now through Corelight sales representatives or trusted Corelight resellers. Current Corelight customers will receive software version 1.14 automatically if they are connected to Corelight support in “phone home” mode, or they can download it manually from the online support portal.
Corelight delivers the most powerful network visibility solutions for information security professionals, helping them understand network traffic and defend their organizations more effectively. Corelight solutions are built on the Zeek framework (formerly known as “Bro”), the powerful and widely-used open source network analysis framework that generates actionable, real-time data for thousands of security teams worldwide. Zeek data has become the ‘gold standard’ for incident response, threat hunting, and forensics in large enterprises and government agencies worldwide. Corelight makes a family of network sensors — both physical and virtual, at every scale — that take the pain out of deploying Zeek by adding integrations and capabilities large organizations need. The Zeek project was initially developed at Lawrence Berkeley National Laboratory (LBNL), and has been supported by the US Department of Energy (DOE), the National Science Foundation (NSF), and the International Computer Science Institute (ICSI). Corelight is based in San Francisco, Calif. For more information, visit Corelight.com or follow @corelight_inc.