CONTACT US
forrester wave report 2023

Forrester rates Corelight a strong performer

GET THE REPORT

ad-nav-crowdstrike

Corelight now powers CrowdStrike solutions and services

READ MORE

ad-images-nav_0013_IDS

Alerts, meet evidence.

LEARN MORE ABOUT OUR IDS SOLUTION

ad-images-nav_white-paper

5 Ways Corelight Data Helps Investigators Win

READ WHITE PAPER

glossary-icon

10 Considerations for Implementing an XDR Strategy

READ NOW

ad-images-nav_0006_Blog

Don't trust. Verify with evidence

READ BLOG

ad-nav-NDR-for-dummies

NDR for Dummies

GET THE WHITE PAPER

video

The Power of Open-Source Tools for Network Detection and Response

WATCH THE WEBCAST

ad-nav-ESG

The Evolving Role of NDR

DOWNLOAD THE REPORT

ad-images-nav_0006_Blog

Detecting 5 Current APTs without heavy lifting

READ BLOG

g2-medal-best-support-ndr-winter-2024

Network Detection and Response

SUPPORT OVERVIEW

 

Compare to stand alone Zeek

Corelight makes Zeek easier (to deploy), faster (throughput on our platform) and even more powerful (yes, with added enhancements made by Corelight).

Minutes not months to full-scale Zeek deployment. Powerful C2 detections and encrypted insights that go well beyond JA3. Up to ten times the peak analysis throughput per sensor. Enterprise support from the people who wrote Zeek.

compare-data-55d73d6

 

Features & Benefits
Corelight
zeek_horizontal_rgb-24234cd
SENSORS
Physical Sensors
DIY hardware purchase/build
DIY hardware purchase/build
Virtual Sensors for VMware & Hyper-V
Cloud Sensors for AWS, Azure, GCP
Binary Sensors for containers & Linux environments
DIY manual configuration
DIY manual configuration
ENCRYPTED INSIGHTS
Corelight Encrypted Traffic Collection
JA3 / JA3S
HASSH
C2 DETECTIONS & INSIGHTS
HTTP C2
DNS tunneling
ICMP tunneling
Domain generation algorithms
Meterpreter
SURICATA
Natively integrated
PACKET CAPTURE
Smart PCAP
PERFORMANCE
100+ Gbps per 1U sensor
3-4 Gbps max per sensor cluster
3-4 Gbps max per sensor cluster
Optimized file extraction (10,000+ files/minute)
Performance monitoring
< 1% packet loss rate
Variable, risk of > 50% loss
Variable, risk of > 50% loss
MANAGEMENT
Deployed in <15 minutes
Deployment takes weeks to months
Deployment takes weeks to months
Web management interface
Command line only
Command line only
Automatic software updates
Manual
Manual
Fleet management for up to 250 sensors
Comprehensive sensor health monitoring
RESTful API support
1-click package installation
Manual
Manual
DATA EXPORT
Export integration with SIEMs
Manual integration
Manual integration
Kafka, syslog, Amazon Kinesis, Apache Avro, SFTP
Writes to files on disk
Writes to files on disk
Default log streaming
Manual
Manual
Log stream forking to multiple destinations
DATA CONTROL
Log data reduction mode (30-50% reduction)
Filter by log type and contents
Manual
Manual
Filter by file type
Traffic shunting for large & long running flows
SECURITY & SUPPORT
Jailed processes
FIPS 140-2
Automatic security updates
Disk encryption
Manual
Manual
24/7 enterprise support from Zeek experts
ZEEK FUNCTIONALITY
Logging
File extraction
Package manager
Zeek Intel Framework
Zeek Input Framework
Zeek NetControl Framework
Zeek Notice Framework
Zeek PCAP Ingestion

Have questions?

Talk with one of our experts today.

CONTACT US