OPEN NDR PLATFORM
Corelight combines the best in open-source technologies, fusing Suricata alerts with Zeek network data, then adding Smart PCAP for complete threat investigation.
CORELIGHT TRUST CENTER
Trust informs everything we do
The Corelight Trust Center is a centralized resource for security, privacy, compliance, resiliency, and trusted AI information.
Corelight’s Trust & Compliance self-service portal hosts compliance artifacts, facilitates documentation requests, and provides high-level details on Corelight’s controls.
SECURITY
Corelight's dedicated security team and intentionally designed products and services help keep your data safe.
PRIVACY
Corelight is committed to protecting the privacy of our customers' data and helping our customers comply with global data protection laws and regulations.
COMPLIANCE
Select Corelight products are independently audited and certified to meet industry-leading compliance standards.
RESILIENCY
Ensure business resilience with enterprise-grade infrastructure and services run and operated by Corelight.
RESPONSIBLE AI
AI-Powered SOC
Corelight is empowering our customers to unlock their SOC potential through AI-powered solutions.
Security
Corelight continually evaluates and benchmarks its security strategy and framework. Cultivating a security-first culture is key to protecting the integrity of our products and services and safeguarding customer data. Corelight’s security program provides a trusted foundation for our customers to operate their businesses securely. Key features include:
- A dedicated Security team that manages Corelight's security program, including team members that facilitate and support independent audits and assessments performed by third parties.
- Executive-level visibility as the security program is led by Corelight's Chief Information Security Officer with the involvement of cross-functional stakeholders to enable a comprehensive approach to security management.
- Annual completion of mandatory security and privacy training by all Corelight personnel.
- Descriptions of the physical, technical and organizational measures implemented by Corelight for specific offerings can be found here.
- View a real-time feed of Corelight's continuously monitored controls via Corelight's Trust & Compliance self-service portal.
Privacy
Corelight knows that our customers value privacy and care about how their data is used and shared. Corelight’s privacy framework is designed to meet Corelight’s obligations under applicable global privacy and data protection laws. Corelight’s policies and data processing agreement also enable our customers to operate their businesses in a compliant manner. Here we’ve centralized resources regarding Corelight’s privacy and data protection practices:
Where Corelight acts as a controller
- Corelight's Privacy Notice applies to personal data collected through Corelight's websites, feedback, surveys, the sales cycle, and both online and offline sales and marketing activities.
- The Applicants and Team Members Privacy Notice (UK and EU) applies to Team Members and Applicants based in the UK or EU.
- Corelight's California Job Applicant Privacy Notice applies to Corelight job applicants and candidates who are residents of California.
Where Corelight acts as a processor
- Corelight offers a Data Processing Addendum ("DPA") that sets out the contractual framework under which Corelight processes personal data. Corelight's DPA includes key GDPR-related assurances and incorporates the Standard Contractual Clauses.
- Corelight's Data Transfer Impact Assessment Guide assists customers in conducting data transfer impact assessments ("DTIAs").
- Corelight performs assesses the privacy practices of our subprocessors, who are required to enter into appropriate security, confidentiality and privacy contract terms based on the risks presented by the assessment, including data processing terms as required by applicable law. A list of Corelight's current subprocessors can be found here.
Compliance
Corelight's offerings are independently audited and certified to meet industry-leading compliance standards.
To view certifications and request audit reports, please visit Corelight's Trust & Compliance self-service portal.
Resiliency
Corelight has adopted policies and processes to ensure the reliability and availability of its products and operations:
- Corelight's cloud product offering - Corelight Investigator - operates reliably at scale and offers global hosting options. Corelight publishes a SLA for Corelight Investigator here.
- Corelight provides best-in-class support for all of its products as described here.
- Corelight's Business Continuity Planning ("BCP") statement can be found here.