New Guided Triage in Corelight Investigator reduces time to triage by up to 50% by simplifying correlated data into plain language summaries
SAN FRANCISCO, CA – Nov. 12, 2024 - Corelight, the fastest growing provider of network detection and response (NDR) solutions, today unveiled Guided Triage - a new set of capabilities in its SaaS solution, Corelight Investigator. Guided Triage utilizes artificial intelligence (AI) to deliver fast, expert-level data insights in plain language, which expedites triage, reduces SIEM ingest requirements and associated costs, and bridges analyst skill gaps.
According to a 2023 report by Enterprise Strategy Group (ESG), 62% of security operations center (SOC) teams are seeking cost-effective solutions due to the escalating expenses related to storing and managing large volumes of log data within SIEM systems. In addition, the increasing complexity and volume of cyber threats are pushing SOC teams to leverage AI to ensure that security analysts at all levels can better understand both the severity and priority of alerts using plain language for faster decision-making. Corelight applies industry-first large language models (LLMs) to summarize network activity and attack payloads, and innovative packet capture and single-screen triage technology to both reduce costs, and significantly accelerate incident response.
“The volume of data that SOC analysts have historically needed to wade through and manually correlate can make it difficult to quickly determine which alerts are the most important to remediate. In some cases, that data requires review by the most experienced analysts to determine the complete context of an attack and better inform incident response,” said Vijit Nair, vice president of product, Corelight. “By creating one interface with all the necessary context along with plain language summaries and easy access to raw data, we are aiming to reduce analyst fatigue, speed incident response, and empower all levels of the SOC team.”
Corelight Investigator with Guided Triage is the ideal tool for junior analysts looking to speed discovery and correlation activities with simplified AI-driven summaries. It enables them to rapidly enhance both their incident response skills and knowledge. Similarly, the new capability gives senior analysts the ability to easily assess pre-correlated context and quickly pivot into the raw data for deeper investigation through a single screen triage.
“Corelight’s Guided Triage is a fantastic force multiplier, surfacing correlated information quickly and concisely to help analysts make faster decisions with more confidence,” said Sheldon Carmichael, information security architect, Sally Beauty. “This is information that analysts would normally have to pivot to collect from different sources and manually correlate, which takes significant time and knowledge. The more information available with fewer pivots or clicks, the faster analysts of all skill levels can move to resolution.”
Guided Triage also delivers:
Guided Triage’s availability comes on the heels of Corelight’s inclusion in Fortune's prestigious annual Cyber 60 list and achieving $150 million in Series E funding in April 2024.
For more information on the new Guided Triage in Corelight Investigator visit https://corelight.com/blog/guided-triage.
About Corelight
Corelight transforms network and cloud activity into evidence that security teams use to proactively hunt for threats, accelerate response to incidents, gain complete network visibility and create powerful analytics. Corelight's global customers include Fortune 500 companies, major government agencies, and large universities. Based in San Francisco, Corelight is an open-core security company founded by the creators of Zeek®, the widely-used network security technology. For more information, visit https://corelight.com or follow @corelight_inc. Corelight is continuing to invest in hiring diverse talent across all levels of the business around the globe. More information on job openings can be found on the Corelight careers page.