CONTACT US
CONTACT US

START HERE

Why Open NDR

 

WHY CORELIGHT

Evidence-based security

Detections & analytics

Faster investigation

Complete visibility

    SOLUTIONS

    Cloud security

    Encrypted traffic

    Federal

    Ransomware

    Threat hunting

     

    CORELIGHT LABS

    Recent research

    Mission and team

    Polaris program

      STRATEGIC PARTNERS

      Overview

      Crowdstrike

      Google Cloud

      Microsoft

      Splunk

      Elastic
        forrester wave report 2023

        Close your ransomware case with Open NDR

        SEE HOW

        OVERVIEW

        Open NDR Platform

        Analytics & detections

        MITRE ATT&CK®

         

        PRODUCTS

        Zeek®-based evidence

        IDS

        Smart PCAP

        Investigator

          SENSORS

          Appliances

          Cloud

          Software

          Virtual

          Fleet Manager

          View all products

            SERVICES

            Training

             

            ALLIANCES

            CrowdStrike

            Google Cloud

            Microsoft

            Splunk

            Elastic

            View all

             

            USE CASES

            Case Studies

            View all
              ad-nav-crowdstrike

              Corelight now powers CrowdStrike solutions and services

              READ MORE

              ad-images-nav_0013_IDS

              Alerts, meet evidence.

              LEARN MORE ABOUT OUR IDS SOLUTION

              ad-images-nav_white-paper

              5 Ways Corelight Data Helps Investigators Win

              READ WHITE PAPER

              BLOG

              Read the latest

               

              EVENTS

              Meet with us

               

              RESOURCE CENTER

              Document Library

                GLOSSARY

                IDS False Positive

                NDR vs. XDR vs. EDR

                Digital Forensics & Incident Response (DFIR)

                Intrusion Detection System (IDS)

                NDR (Network Detection & Response)

                Packet Capture (PCAP)

                Signature-Based Detection
                    glossary-icon

                    10 Considerations for Implementing an XDR Strategy

                    READ NOW

                    ad-images-nav_0006_Blog

                    Don't trust. Verify with evidence

                    READ BLOG

                    ABOUT US

                    About Corelight

                    Careers

                    Leadership

                    Investors

                    Newsroom

                    Apex Awards

                      CHANNEL PARTNERS

                      Partner Program

                      Deal registration

                      Partner Academy

                      Become a Partner
                          ad-nav-NDR-for-dummies

                          NDR for Dummies

                          GET THE WHITE PAPER

                          video

                          The Power of Open-Source Tools for Network Detection and Response

                          WATCH THE WEBCAST

                          ad-nav-ESG

                          The Evolving Role of NDR

                          DOWNLOAD THE REPORT

                          SUPPORT SERVICES

                          Open a ticket

                          Account login

                          Technical bulletins

                          Report a security vulnerability

                            WORLD-CLASS SUPPORT

                            Support overview
                                ad-images-nav_0006_Blog

                                Detecting 5 Current APTs without heavy lifting

                                READ BLOG

                                g2-medal-best-support-ndr-winter-2024

                                Network Detection and Response

                                SUPPORT OVERVIEW

                                 

                                ICS/OT COLLECTION

                                Enhanced visibility and security for ICS/OT devices and protocols

                                READ WHITE PAPER

                                 

                                 

                                corelight-collections-ics-reflect-lg

                                 

                                INDUSTRIAL AND OPERATIONAL VISIBILITY

                                Lack of visibility can create security blind spots in any environment—be it a factory floor or an enterprise IT network. Corelight offers a visibility solution for identifying and monitoring the most common Industrial Control System (ICS) and Operational Technology (OT) protocols, equipping security teams to defend against threats across diverse environments.

                                Use the ICS/OT Collection to identify devices and capture evidence related to ICS/OT protocols, yielding greater visibility and faster incident response times. Monitor uncommon network behavior, such as an HVAC system interacting with a server. React more quickly to risks by identifying anomalies in enterprise and operational network traffic in real-time.

                                Corelight Collections are data extension and detection sets included with your Corelight subscription and can be activated depending on your needs.

                                • Identify and log ICS/OT protocols like BACnet, DNP3, Ethercat, Modbus, and more.
                                • Discover activity related to HVAC, security cameras, smart lighting, and access control systems
                                • Based on contributions from the Cybersecurity and Infrastructure Security Agency (CISA)
                                • See also: Entity Collection

                                READ WHITE PAPER GET A DEMO

                                How it works

                                The ICS/OT Collection leverages Zeek®, a powerful network security monitoring framework and foundational component of Corelight’s Open NDR Platform. Using Zeek protocol analyzer plugins, the ICS/OT Collection provides detailed logs for each enabled protocol and identifies new services in the connection log in real-time, providing a detailed view of the network’s communication and behavior.

                                Examples of supported ICS/OT protocols include BACnet, DNP3, Ethercat, Ethernet/IP and CIP, Modbus, PROFINET, S7Comm, TDS, and more.

                                ics-ot-protocols

                                ANALYTICS

                                Corelight Collections

                                Collections are targeted categories of detections, inferences, and data transformation focused on providing deeper visibility into adversary activity. You can expose behaviors in encrypted traffic, identify command and control activity, summarize entity activity, ICS/OT visibility, and more. Detections are viewable through Corelight Investigator, or via a SIEM, XDR, or other analytics platform.

                                corelight-technology-diagram-1

                                 

                                Have questions?

                                Talk with one of our experts today.

                                CONTACT US