Press releases

Zeek is Now a Component of Microsoft Windows

World’s leading open source network security monitoring platform now deployed on more than one billion global endpoints 

San Francisco, Calif. — Oct. 12, 2022 — Corelight, the leader in open network detection and response (NDR), today announced the integration of Zeek®, the world’s most popular open source network security monitoring platform, as a component of  Microsoft Windows and Defender for Endpoint. The integration will help security teams respond to the most challenging attacks by providing “richer signals for advanced threat hunting, complete and accurate discovery of IoT devices, and more powerful detection and response capabilities.” 

Originally created by Corelight co-founder and chief scientist Dr. Vern Paxson while at Lawrence Berkeley National Laboratory (Berkeley Lab), Zeek transforms network traffic into compact and high-fidelity logs, file content, and behavioral analytics to accelerate security operations. Vital funding for Zeek came initially from the National Science Foundation and the US Department of Energy’s Office of Science.  

As adoption increased, Corelight was founded to provide a financial model and corporate sponsor for the project. This week in Austin, Texas, Corelight hosts the annual ZeekWeek user conference, where the community will gather and where Microsoft speakers will describe the new integration.  

“Microsoft is strongly committed to supporting open source projects and ecosystems,” said Rob Lefferts, corporate vice president for Microsoft. “We’re proud to be working with Zeek and are thrilled to bring this level of network intelligence and monitoring to our customers.” 

“This is an amazing development for Zeek and its community of contributors and users,” said Paxson. “I never imagined that the tool I developed for network monitoring would find broader application in defending endpoints - but that’s part of the creative magic of open source development. We are grateful for Microsoft’s contributions and support, and we are excited that the project’s impact, and that of the community of contributors, will increase so dramatically.” 

About Corelight

Corelight transforms network and cloud activity into evidence that security teams use to proactively hunt for threats, accelerate response to incidents, gain complete network visibility and create powerful analytics. Corelight’s global customers include Fortune 500 companies, major government agencies, and large research universities. Based in San Francisco, Corelight is an open-core security company founded by the creators of Zeek®, the widely-used network security technology. For more information, visit https://corelight.com or follow @corelight_inc.

About Zeek

Zeek is the world’s most popular network security monitoring platform, providing compact, high-fidelity transaction logs, file content, and behavioral analytics - all fully customizable for analysts. Adopted in environments of all types and sizes, Zeek helps organizations understand how their networks are being used, supporting security, performance, audit, and capacity workflows. As an open source technology, Zeek is licensed under the permissive BSD-license and is headquartered at the International Computer Science Institute (ICSI) in Berkeley, CA. ICSI is a 501(c)(3) nonprofit organization.

 

Media and Analyst Contact:

Kylie Heintz
Senior Director of Corporate Communications
kylie@corelight.com
+1 408-505-1078

Follow us on Twitter: @corelight_inc