We love open-source Zeek, just like you. But when it comes to production deployment, usually the incident responders or threat hunters who know Zeek become the sys admins too, and that poses a risk to your company. Read more in Seth's blog post.
When you deploy a Corelight Sensor, you're getting the expertise of Zeek's creators packaged into a high performance appliance. You and your team can spend your time defending your network, not keeping Zeek patched, upgraded, integrated and running.
Since we started developing the first Corelight Sensor in 2016, we thought about security, from the operating system on up. Every Zeek feature we enable in the Sensor gets thorough design consideration from the creators of Zeek, so you can be sure your deployment is as secure as possible.
Zeek was created in 1995 by Corelight's chief scientist, Vern Paxson. Since then Zeek's co-founders and their colleagues have been improving Zeek, culminating in the development of the Corelight Sensor. When you buy one, you're buying decades of person-years of Zeek expertise born from hundreds of real-world production deployments.
Most Zeek users start with open-source. We get it (we built it!). But at some point you may be wondering whether it’s time for an enterprise solution. Here are the key differences.