forrester wave report 2023

Close your ransomware case with Open NDR



Corelight now powers CrowdStrike solutions and services



Alerts, meet evidence.



5 Ways Corelight Data Helps Investigators Win



10 Considerations for Implementing an XDR Strategy



Don't trust. Verify with evidence



The Power of Open-Source Tools for Network Detection and Response



The Evolving Role of NDR



Detecting 5 Current APTs without heavy lifting



Network Detection and Response



Corelight Reports Strong Growth in 2017 Listed as a Vendor to Watch

SAN FRANCISCO, Calif. — Jan. 22, 2018 — Corelight, provider of the most powerful network visibility solution for cybersecurity, today announced record growth in 2017 and that it now has 10 of the Fortune 200 as customers. The growth is attributed to increasing demand for its enterprise solution built on battle-hardened open source software.

“We see attacks growing more sophisticated, and their consequences more severe. Corelight aims to level the playing field, by helping incident responders and threat hunters defend their organizations much more effectively,” said Greg Bell, CEO of Corelight.

This January Corelight has been listed as a Vendor to Watch in Gartner’s 2018 Magic Quadrant for Intrusion Detection and Prevention Systems.1 As Gartner stated in the report, “Startups in recent years have taken advantage of a historical problem with IDPS: event fatigue. New startups are using IDS engine technology, like Snort / Suricata / Bro IDS, and are feeding this telemetry into advanced analytics and machine learning engines, which has proven effective in reducing event fatigue. This is a disruptor in this market, and Gartner expects this trend to continue.”

“With Corelight, the ability to track lateral movement in your network skyrockets,” said Ken Hanson, Sr. Security Engineer at Education First, a global education services company with more than 40,000 employees. “It’s like Google, but for your network traffic. Our average time to resolve security incidents has dropped from three hours to under 10 minutes with Corelight.”

2017 Corelight highlights include:

  • Announcing $9.2 million funding in a Series A growth round led by Accel Partners, with participation from Osage University Partners and Riverbed Technology Co-founder Dr. Steve McCanne
  • Growing the team from five to 30 employees, including VP of Engineering Eddie Tsiao, VP of Sales Steve Mallard, CMO Alan Saldich, VP of Customer Success Dr. Steve Smoot and VP of Finance Russ Keefe
  • Signing on dozens of new customers including 10 of the Fortune 200 (7 are Fortune 50) along with a host of government agencies and research universities
  • Shipping the Corelight Sensor, the company’s first product that is like a “flight data recorder” for the network because users can easily go back in time to quickly understand sophisticated cyber attacks more effectively than ever before
  • Adding a continual stream of new sensor features and functionality in 2017, including custom scripting, advanced log filtering, high performance file extraction and integration with Splunk, Amazon S3 and Kafka
  • A paper “Detecting Credential Spear Phishing Attacks in Enterprise Settings” co-authored by Corelight co-founder and Chief Scientist Vern Paxson winning Facebook’s Internet Defense Prize at the USENIX Security Symposium
  • Moving from its origins at ICSI in Berkeley to a new headquarters in San Francisco

“2017 was a fantastic year for our company. Headcount doubled twice, and we saw gratifying market acceptance of our product in all kinds of organizations, including some of the world’s largest enterprises,” said Greg Bell. “As we enter 2018, our entire team is excited to broaden our product offerings and tackle bigger opportunities,” saidVern Paxson.

1 Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

About Corelight
Corelight delivers the most powerful network visibility solutions for information security professionals, helping them understand network traffic and defend their organizations more effectively. Corelight solutions are built on the Zeek framework (formerly known as “Bro”), the powerful and widely-used open source network analysis framework that generates actionable, real-time data for thousands of security teams worldwide. Zeek data has become the ‘gold standard’ for incident response, threat hunting, and forensics in large enterprises and government agencies worldwide. Corelight makes a family of network sensors — both physical and virtual, at every scale — that take the pain out of deploying Zeek by adding integrations and capabilities large organizations need. The Zeek project was initially developed at Lawrence Berkeley National Laboratory (LBNL), and has been supported by the US Department of Energy (DOE), the National Science Foundation (NSF), and the International Computer Science Institute (ICSI). Corelight is based in San Francisco, Calif. For more information, visit or follow @corelight_inc.

About Accel Partners
Accel is a leading early and growth-stage venture capital firm, powering a global community of entrepreneurs. Accel backs entrepreneurs who have what it takes to build a world-class, category-defining business. Founded in 1983, Accel brings more than three decades of experience building and supporting hundreds of companies. Accel’s vision for entrepreneurship and business enables it to identify and invest in the companies that will be responsible for the growth of next-generation industries. Accel-backed companies include Atlassian, Braintree, Cloudera, DJI, Dropbox, Dropcam, Etsy, Facebook, Flipkart, Lookout Security, MoPub, Qualtrics, Slack, Spotify, Supercell, Vox Media and others.

About Osage University Partners
Osage University Partners is a venture capital firm focused on investing in startups that are commercializing pioneering university technologies. Osage partners with top research universities to invest in their most innovative startups, and Osage shares its investment profit with its partner institutions. The firm invests in software, hardware and life science companies at all stages of company development. Osage has partnered with 90 universities, including 36 of the top 50 U.S. institutions by research expenditures, and has invested in over 70 of their spinouts. Osage University Partners is part of a family of investment funds within Osage Partners, which is based in Philadelphia, PA and manages in excess of $500 million.

About Dr. Steve McCanne
Dr. Steve McCanne was the founder and CTO at Riverbed Technology, and prior to that the CTO of Inktomi (acquired by Yahoo). He has a PhD in Computer Science from UC Berkeley, worked as a Staff Scientist at LBNL and was an Assistant Professor of Computer Science at UC Berkeley. In the 1990s, he worked at LBNL where he shared an office with Dr. Vern Paxson, a co-founder of Corelight. While a researcher at UC Berkeley and LBNL, he co-developed, along with Van Jacobson and Craig Leres, the widely used tools tcpdump and PCAP which are still instrumental for network visibility today. At around the same time, Paxson was developing Bro, the foundational technology behind Corelight.

Recent Posts