CONTACT US
forrester wave report 2023

Close your ransomware case with Open NDR

SEE HOW

Download our free guide to find hidden attackers.

Find hidden attackers with Open NDR

SEE HOW

cloud-network

Corelight announces cloud enrichment for AWS, GCP, and Azure

READ MORE

corelight partner programe guide

Corelight's partner program

VIEW PROGRAM

glossary-icon

10 Considerations for Implementing an XDR Strategy

READ NOW

ad-images-nav_0006_Blog

Don't trust. Verify with evidence

READ BLOG

video

The Power of Open-Source Tools for Network Detection and Response

WATCH THE WEBCAST

ad-nav-ESG

The Evolving Role of NDR

DOWNLOAD THE REPORT

ad-images-nav_0006_Blog

Detecting 5 Current APTs without heavy lifting

READ BLOG

g2-medal-best-support-spring-2024

Network Detection and Response

SUPPORT OVERVIEW

 

Corelight Introduces Smart PCAP to Give Security Teams Immediate Access to the Right Network Evidence

With new capabilities security teams can save up to 50% on cost with 10x longer retention versus full packet capture

San Francisco, Calif., and Las Vegas, Nev., — Aug. 3, 2021 — (Black Hat Booth #1671) Corelight, provider of the industry’s leading open network detection and response (NDR) platform, today launched Smart PCAP for its Corelight AP 3000 Sensor. With Smart PCAP, defenders can capture just the packets needed for investigations and retrieve them with a single click from their SIEM. 

“One of the questions we are most often asked is how to know whether you are gaining access to the right data for effective investigations, and many organizations default to full packet capture in order to make sure they have ‘everything,’” said Sarah Banks, senior director of product management for Corelight. “The problem with this approach is that in most circumstances, very little of the full packet is used. Ultimately, full capture significantly limits the analyst lookback window due to storage costs and generally does not integrate well into SIEM investigative workflows. 

“With Smart PCAP, we are dramatically boosting that lookback window to aid investigations by giving analysts the ability to choose the packet evidence they collect and make it retrievable via the SIEM,” Banks continued.

Smart PCAP is a new licensed feature that offers a cost-effective alternative to full packet capture, delivering weeks to months of packet visibility interlinked with Corelight logs, extracted files, and security insights for fast pivots and investigation. Unlike other solutions that offer selective PCAP capabilities, Corelight Smart PCAP is encryption-aware, tracks protocol activity across ports, and directly integrates with the security gold standard for network evidence, Zeek. With Corelight, analysts can configure and selectively capture packets based on: 

  • Protocols
  • Detections
  • Anomalous traffic activity 
  • And more...

Corelight began offering Suricata integration with Zeek in its Corelight AP 3000 Sensor in June 2020, and today the company also announced it is extending Suricata-based threat detection to Corelight Virtual Sensors and also to AWS, GCP, and Azure environments via the Corelight Cloud Sensor. This unique integration of Corelight’s licensed Suricata feature fuses the resulting alerts with Corelight’s log evidence to simplify investigations and data export to SIEM.

“When we announced our integration with Suricata last year, we promised to deliver this design pattern in a commercial offering, not simply as a pair of great but separate open source technologies, but as a more deeply integrated system that works better together than the sum of the parts,” said Banks. “Today we take the next step to deliver on this promise with Suricata-based support for both virtual and cloud environments. This integration opens a new architectural door for security analysts by enabling a single data source for unlocking advanced analysis capabilities regardless of form factor.”

Availability

Corelight Smart PCAP support for the AP 3000 Sensor and Suricata-based support for Corelight Virtual Sensors and cloud environments is now available in software version 22. More information on today’s news can be found in the products section on the Corelight website.

About Corelight

Corelight provides security teams with network evidence so they can protect the world’s most critical organizations and companies. Corelight’s global customers include Fortune 500 companies, major government agencies, and large research universities. The company has received investment support from Accel, General Catalyst, Insight Partners and Osage University Partners. Based in San Francisco, Corelight is an open-core security company founded by the creators of Zeek, the widely-used network security technology. For more information, www.corelight.com



Recent Posts