Corelight Virtual Sensor enables more pervasive network monitoring; Core Collection includes detections for bitcoin mining and port scanning, as well as efficient hostname annotation
San Francisco, Calif. — Sept. 6, 2018 — Corelight, providers of the most powerful network visibility solution for cybersecurity, today launched a new addition to its growing product suite, the Corelight Virtual Sensor. This new sensor allows organizations to flexibly monitor traffic at speeds up to 2 Gbps and is scalable across four reference configurations for VMware
In addition, the company introduced software version 1.15 featuring the Core Collection, a curated set of Bro packages certified for performance and stability that come preloaded on all sensors and can be easily enabled via Corelight’s management console.
“Today’s launch demonstrates the speed at which our team is committed to delivering new configurations of the powerful Corelight Sensor to enterprise customers with diverse network needs,” said Brian Dye, chief product officer for Corelight. “Our product portfolio, which launched a year ago with just one appliance — the Corelight AP 1000 — has now grown to include multiple form factors that can serve enterprises large and small.”
Simple to deploy and integrate with existing analysis tools, the Corelight Virtual Sensor transforms network traffic into high-fidelity data for incident response, intrusion detection, digital forensics and more. Just like Corelight’s line of hardware appliances, the Corelight Virtual Sensor parses dozens of network protocols and generates rich, actionable data streams designed for security professionals by security professionals.
“With the introduction of the Core Collection, we are also extending and deepening our support for Bro packages to augment detection capabilities and improve operational efficiencies,” added Dye.
The Core Collection, now available for all Corelight Sensors, includes 10 Bro packages that offer detection, data enrichment, and operational insight such as:
Cryptocurrency mining detection: generates alerts when cryptocurrency mining traffic using ‘getwork’, ‘getblocktemplate’, or ‘Stratum’ mining protocols is detected over TCP or HTTP.
Port Scanning Detection: identifies machines that are actively port scanning, providing early visibility into potential attacks.
Automatic hostname annotation: derives hostnames from monitored network traffic, automatically adding that information to connection log entries and greatly simplifying the most common first step in incident response investigations: “what hostname does this IP address represent?”
Built by the creators of the Bro Network Security Monitor (aka “Bro”), Corelight Sensors make Bro easy to deploy and enterprise-grade. Corelight extends Bro’s powerful functionality with new capabilities and a suite of enterprise features such as higher throughput (up to 25 Gbps), an elegant web GUI, log filtering and forking, sensor health monitoring, and streaming data export to Splunk, Elastic, Kafka, Syslog, S3, and more.
Availability The Corelight Virtual Sensor is available now for customers running VMware ESXi 6.5 and above, with support for additional virtual platforms planned for future releases. Current Corelight customers will receive software version 1.15 automatically if auto-update is enabled, or they can download it from the support portal for offline deployments.
About Corelight Corelight delivers the most powerful network visibility solutions for information security professionals, helping them understand network traffic and defend their organizations more effectively. Corelight solutions are built on a foundation of Bro, the powerful and widely-used open source network analysis framework that generates actionable, real-time data for thousands of security teams worldwide. Bro data has become the ‘gold standard’ for incident response, threat hunting, and forensics in large enterprises and government agencies worldwide. Corelight makes a family of network sensors — both physical and virtual, at every scale — that take the pain out of deploying open-source Bro by adding integrations and capabilities large organizations need. The Bro project was initially developed at Lawrence Berkeley National Laboratory (LBNL), and has been supported by the US Department of Energy (DOE), the National Science Foundation (NSF), and the International Computer Science Institute (ICSI).Corelight is based in San Francisco, Calif. For more information, visit https://www.corelight.com or follow @corelight_inc.