Newsroom

Corelight Unveils Real-Time Data Enrichment for CrowdStrike Falcon® Next-Gen SIEM

Written by Corelight | May 7, 2024 12:00:00 PM

Corelight’s industry-leading Open NDR solution delivers pre-correlated detections and out-of-the-box workflows to accelerate security operations

San Francisco, Calif. — May 7, 2024 — Corelight, the leader in open network detection and response (NDR), today unveiled an out-of-the-box connector to ingest real-time and enriched network data into CrowdStrike Falcon® Next-Gen SIEM. This native integration unifies Corelight third-party detections and data with CrowdStrike’s security and threat intelligence data to drive AI-powered SOC transformation and help customers disrupt future attacks.

“Security operations teams need the best evidence to find and disrupt attacks,” said Brian Dye, CEO of Corelight. “The combination of Corelight’s network insight and CrowdStrike’s Next-Gen SIEM allows defenders to minimize attacker dwell time and close out cases faster.”

Native integration between the two platforms, combined with Corelight’s open approach to detections and evidence, delivers true ground truth for next-gen SIEM workflows. By leveraging open source technology such as Zeek and Suricata, organizations can tap into over two decades of insights from elite defenders and achieve 95% faster average response time. Falcon Next-Gen SIEM delivers more capabilities and up to 150x faster search performance than legacy SIEMs and solutions positioned as SIEM alternatives, at an 80% lower total cost of ownership.

The new integration leverages CrowdStrike platform data, threat intelligence, AI and workflow automation in Falcon Next-Gen SIEM, helping security teams orchestrate defenses, enable risk-based alert triage to prioritize exploits against known vulnerable hosts, and reduce asset inventory gaps through the identification of unmanaged endpoints on the network. Together, this enables customers to:

  • Find and investigate evasive threats with AI-powered detections and full contextual insights from Corelight directly within the Falcon platform;
  • Accelerate deployment with over 20 native dashboards, 25 correlation rules, and 60 queries designed specifically for Corelight third-party data;
  • Unify SOC data and consolidate legacy network security solutions to improve operational efficiency

“Today’s SOC needs to operate faster than the adversary. Next-Gen SIEM will deliver the speed security analysts need to rapidly detect, investigate and respond to attacks,” said Daniel Bernard, chief business officer, CrowdStrike. “Our integration with Corelight expands the ecosystem of third-party sources supporting Falcon Next-Gen SIEM, adding valuable context to the rich telemetry of the Falcon platform.”

This integration is the latest development in long-standing collaboration between Corelight and CrowdStrike. Crowdstrike’s Falcon Fund is an investor in Corelight, and has previously partnered with the company to deploy Corelight NDR technology in customer engagements when delivering Incident Response, Compromise Assessment, and Network Security Monitoring services.

The Corelight product integration is available today from the Corelight partner listing on the CrowdStrike Marketplace.

Learn more about why Corelight is the data of choice for next-gen SIEM.

About Corelight
Corelight transforms network and cloud activity into evidence that security teams use to proactively hunt for threats, accelerate response to incidents, gain complete network visibility and create powerful analytics. Corelight’s global customers include Fortune 500 companies, major government agencies, and large universities. Based in San Francisco, Corelight is an open-core security company founded by the creators of Zeek®, the widely-used network security technology. For more information, visit https://corelight.com or follow @corelight_inc.

Media and Analyst Contact:
Isabelle Barrett
W2 Communications
corelight@w2comm.com
802-777-9267