Case Studies
Faster response times. Powerful threat hunting capabilities.
Zeek® is used by thousands of organizations around the world to extract meaningful data from network traffic in real time. Here are a few examples of real world implementations.
Global financial firm mitigates multi-platform identity attack in under two hours
The firm’s security team uncovered a sophisticated attack targeting their employees and business partners via suspicious emails and automated security alerts from Google Workspace.
Government Agency
The agency builds the foundation for a new SOC to gain the upper hand in national security.
IT firm deploys Corelight to gain east-west visibility and accelerate incident response
The Ednon team required an NDR platform that excelled at monitoring east-west flows, could reliably scale to large traffic volumes, and that seamlessly integrated with their existing SIEM.
Federal agency
The challenges of real-time DNS transaction data meant analysts spent 20 minutes manually aggregating data for every event. They deployed a Corelight Sensor with Splunk to monitor east-west traffic to get direct access to the right data.
- Gained full visibility into their DNS data
- Reduced average response time by 80%
Major manufacturer takes Zeek to the next level
After years of working with Zeek, the manufacturer wanted to migrate to a much higher throughput connection while minimizing packet loss. Corelight was the answer, delivering a true enterprise-grade, high-performance Zeek solution that was far easier to manage.
Education First resolves incidents up to 20x faster
Education First is a global firm with 40,000 employees. After deploying Corelight Sensors, their security team saw incredible impact. Their average incident response time dropped from hours to minutes thanks to Corelight’s network logs that allowed them to make lightning-fast sense of their traffic.
Global law firm unlocks threat hunting capabilities
The law firm wanted a threat hunting solution based on network traffic analysis to provide real-time, comprehensive insight into traffic spanning multiple data centers and satellite offices around the world that collectively saw throughput speeds of up to 6 Gbps.
Top-tier research university builds custom detection scripts
A top research university's network footprint spans multiple campuses, with average utilization exceeding 35 Gbps. They wanted to build more custom detection scripts, but their netflow records and server and firewall logs did not offer rich enough data to accomplish this. Corelight's Zeek logs did.
How Corelight cured an energy company's SOC of a serious SMB headache
A Security Engineer at one of the world's largest energy companies found Corelight through his prior experience running Zeek, an open-source network security monitoring framework. The Security Engineer worked on an agile security engineering team within the organization's Security Operations Center (SOC) and managed network forensics across multiple regional offices.
Energy company fills critical gap
A major energy company needed greater visibility into their internal networks, as well as DNS and DHCP traffic. To resolve this significant gap in coverage, they turned to Corelight's exceptional, easily correlated security data, which they used for other unplanned use cases including incident response.
IT infrastructure firm moves faster
A leading global services and software company had been using Zeek for a decade, but they needed a commercial solution to cover their large operation from all kinds of threats. Upgrading to Corelight was easy, as they only had to make minor changes to their existing workflows.
Education organization achieves more rapid attack response
Grand Canyon Education trades black box NDR for Corelight's open source platform to get transparent and actionable detection logic for swift, confident response decisions.
Major mortgage lender deploys Corelight to unlock hybrid and multi-cloud visibility
TA major mortgage lender with a complex hybrid, multi-cloud environment deployed Corelight to close significant visibility gaps in AWS and on-prem data centers, unlocking comprehensive network evidence their SOC analysts never had before
Major U.S. university uncovers hidden malware during live training
A major U.S. university's security team, facing visibility gaps from unmanaged devices , uncovered an URSNIF trojan and suspicious ICMP tunneling invisible to their existing tools during a live Corelight training session.
National CERT disrupts coordinated zero-day attack on European critical infrastructure
A national CERT leveraged Corelight's deep network visibility to detect a stealthy, multi-wave zero-day attack targeting 22 energy companies, stopping the campaign before it could impact the nation's critical power supply.
Carrefour, a top ten global retailer, uses Corelight to expand visibility & detect attacks at the earliest stages
Global retailer Carrefour deployed Corelight's Open NDR Platform to gain visibility into lateral movement and ransomware, allowing their SOC to create high-fidelity detections integrated with their SIEM and shift from a reactive to a proactive threat hunting posture.
Publicly-held energy company selects Corelight for better internal visibility & enhanced threat analysis
A leading energy company selected Corelight to close a long-standing monitoring gap, gaining rich, easily correlated data for internal DNS and DHCP traffic that their existing tools failed to provide.