Company leverages SentinelOne’s rich endpoint and vulnerability management telemetry data within Corelight Sensor to find and disrupt attacks
SAN FRANCISCO, CA – Oct. 15, 2024 - Corelight, the fastest growing provider of network detection and response (NDR) solutions, today announced a partnership with SentinelOne™, (NYSE: S), a global leader in AI-powered security, to provide real-time enrichment of Corelight logs. Combining endpoint and vulnerability data at the point of observation in the network sensor will greatly reduce a security team’s mean time to detect (MTTD) and mean time to recovery (MTTR). This native integration drives AI-powered SOC transformation and helps customers disrupt future attacks.
According to interviews conducted for the Mandiant Global Perspectives on Threat Intelligence report, 84% of respondents said that they are concerned they may be missing out on threats or incidents because of the number of alerts and data they are faced with. The need for analysts to manually integrate data sources and sort through alerts that may not be indicative of malicious activity leads to increased response time, analyst fatigue and staff turnover. By correlating data from Corelight and SentinelOne at the sensor level, Corelight can simplify and streamline alert triage and provide better context for threats that are traversing or hiding in the network.
“Security teams can become overwhelmed with information across the security stack and as a result can miss the most critical alerts to action immediately,” said Todd Wingler, Corelight vice president global alliances and channels. “By combining the insights from both Corelight Open NDR and the SentinelOne Singularity Platform, we’re empowering SOC teams to accelerate investigations, reduce false positives, and focus on the most critical indicators of compromise. This means they can finally gain control over the increasing volume of alerts and confidently reduce dwell time for a more secure posture.”
By enriching Corelight logs with relevant endpoint data from SentinelOne Singularity™ Endpoint, SOC analysts have a comprehensive and holistic view of network activity across all connected devices, including unsecured, unsupported, and previously unmanaged endpoints, where EDR cannot be installed. Moreover, by correlating Corelight alerts with endpoint vulnerabilities identified by SentinelOne Singularity Vulnerability Management, mutual customers can more effectively detect and prioritize threats based on current risks to the environment. Pre-correlating data directly in the sensor enhances alerts with additional context that can help accelerate investigations, streamline incident response and reduce the distraction of alerts that can be deprioritized.
“For effective enterprise security, comprehensive visibility across the network and each connected device is paramount,” said Melissa K. Smith, vice president of Technology Partnerships & Strategic Initiatives, SentinelOne. “As the fastest growing endpoint company and a top choice of customers around the world, SentinelOne sets the standard for endpoint protection. By integrating our AI-powered Singularity Platform with Corelight’s industry-leading network intelligence, SOC teams get deeper insights into existing and novel threats with broader detection coverage and faster investigations.”
Learn More about how Corelight and SentinelOne together provide a comprehensive view of enterprise security.
Corelight provides security teams with network evidence so they can protect the world’s most critical organizations and companies. Corelight’s global customers include Fortune 500 companies, major government agencies, and large research universities. Based in San Francisco, Corelight is an open-core security company founded by the creators of Zeek, the widely-used network security technology. For more information, www.corelight.com.
