Newsroom

Corelight Simplifies Alert Triage with AI-Led Workflows | Corelight

Written by Corelight | Nov 12, 2024 1:00:00 PM

New Guided Triage in Corelight Investigator reduces time to triage by up to 50% by simplifying correlated data into plain language summaries

SAN FRANCISCO, CA – Nov. 12, 2024 - Corelight, the fastest growing provider of network detection and response (NDR) solutions, today unveiled Guided Triage - a new set of capabilities in its SaaS solution, Corelight Investigator. Guided Triage utilizes artificial intelligence (AI) to deliver fast, expert-level data insights in plain language, which expedites triage, reduces SIEM ingest requirements and associated costs, and bridges analyst skill gaps.

According to a 2023 report by Enterprise Strategy Group (ESG), 62% of security operations center (SOC) teams are seeking cost-effective solutions due to the escalating expenses related to storing and managing large volumes of log data within SIEM systems. In addition, the increasing complexity and volume of cyber threats are pushing SOC teams to leverage AI to ensure that security analysts at all levels can better understand both the severity and priority of alerts using plain language for faster decision-making. Corelight applies industry-first large language models (LLMs) to summarize network activity and attack payloads, and innovative packet capture and single-screen triage technology to both reduce costs, and significantly accelerate incident response.

“The volume of data that SOC analysts have historically needed to wade through and manually correlate can make it difficult to quickly determine which alerts are the most important to remediate. In some cases, that data requires review by the most experienced analysts to determine the complete context of an attack and better inform incident response,” said Vijit Nair, vice president of product, Corelight. “By creating one interface with all the necessary context along with plain language summaries and easy access to raw data, we are aiming to reduce analyst fatigue, speed incident response, and empower all levels of the SOC team.”

Corelight Investigator with Guided Triage is the ideal tool for junior analysts looking to speed discovery and correlation activities with simplified AI-driven summaries. It enables them to rapidly enhance both their incident response skills and knowledge. Similarly, the new capability gives senior analysts the ability to easily assess pre-correlated context and quickly pivot into the raw data for deeper investigation through a single screen triage.

“Corelight’s Guided Triage is a fantastic force multiplier, surfacing correlated information quickly and concisely to help analysts make faster decisions with more confidence,” said Sheldon Carmichael, information security architect, Sally Beauty. “This is information that analysts would normally have to pivot to collect from different sources and manually correlate, which takes significant time and knowledge. The more information available with fewer pivots or clicks, the faster analysts of all skill levels can move to resolution.”

Guided Triage also delivers:

  • Full triage history - All alerts appear in the context of the original detection, building knowledge on that threat. Analysts can easily see the true positive (TP) and false positive (FP) history, their teammates who made any decisions, and their notes to help tune and automate their future decision-making.
  • Interactive visual timeline - A unique depiction of all detections on the source and destination machines involved that helps create a cohesive story, ensuring that the analyst doesn’t miss any related alerts in the sequence.
  • Easy access to raw network data - Suricata payloads and PCAP links are easily viewable and accessible through one-click access, eliminating the usage of Log Search and streamlining critical workflows.

Guided Triage’s availability comes on the heels of Corelight’s inclusion in Fortune's prestigious annual Cyber 60 list and achieving $150 million in Series E funding in April 2024.

For more information on the new Guided Triage in Corelight Investigator visit https://corelight.com/blog/guided-triage.

About Corelight
Corelight transforms network and cloud activity into evidence that security teams use to proactively hunt for threats, accelerate response to incidents, gain complete network visibility and create powerful analytics. Corelight's global customers include Fortune 500 companies, major government agencies, and large universities. Based in San Francisco, Corelight is an open-core security company founded by the creators of Zeek®, the widely-used network security technology. For more information, visit https://corelight.com or follow @corelight_inc. Corelight is continuing to invest in hiring diverse talent across all levels of the business around the globe. More information on job openings can be found on the Corelight careers page.