Case Studies
Faster response times. Powerful threat hunting capabilities.
Zeek® is used by thousands of organizations around the world to extract meaningful data from network traffic in real time. Here are a few examples of real world implementations.
Federal agency
The challenges of real-time DNS transaction data meant analysts spent 20 minutes manually aggregating data for every event. They deployed a Corelight Sensor with Splunk to monitor east-west traffic to get direct access to the right data.
- Gained full visibility into their DNS data
- Reduced average response time by 80%
Major manufacturer takes Zeek to the next level
After years of working with Zeek, the manufacturer wanted to migrate to a much higher throughput connection while minimizing packet loss. Corelight was the answer, delivering a true enterprise-grade, high-performance Zeek solution that was far easier to manage.
Education First resolves incidents up to 20x faster
Education First is a global firm with 40,000 employees. After deploying Corelight Sensors, their security team saw incredible impact. Their average incident response time dropped from hours to minutes thanks to Corelight’s network logs that allowed them to make lightning-fast sense of their traffic.
Global law firm unlocks threat hunting capabilities
The law firm wanted a threat hunting solution based on network traffic analysis to provide real-time, comprehensive insight into traffic spanning multiple data centers and satellite offices around the world that collectively saw throughput speeds of up to 6 Gbps.
Top-tier research university builds custom detection scripts
A top research university's network footprint spans multiple campuses, with average utilization exceeding 35 Gbps. They wanted to build more custom detection scripts, but their netflow records and server and firewall logs did not offer rich enough data to accomplish this. Corelight's Zeek logs did.
How Corelight cured an energy company's SOC of a serious SMB headache
A Security Engineer at one of the world's largest energy companies found Corelight through his prior experience running Zeek, an open-source network security monitoring framework. The Security Engineer worked on an agile security engineering team within the organization's Security Operations Center (SOC) and managed network forensics across multiple regional offices.
Energy company fills critical gap
A major energy company needed greater visibility into their internal networks, as well as DNS and DHCP traffic. To resolve this significant gap in coverage, they turned to Corelight's exceptional, easily correlated security data, which they used for other unplanned use cases including incident response.
IT infrastructure firm moves faster
A leading global services and software company had been using Zeek for a decade, but they needed a commercial solution to cover their large operation from all kinds of threats. Upgrading to Corelight was easy, as they only had to make minor changes to their existing workflows.