SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Story image
Corelight unveils software capabilities for IDS subscription
Mon, 12th Dec 2022

Corelight has released improvements to its add-on on intrusion detection (IDS) subscription, allowing customers to replace their legacy IDS products.

The new capabilities will enable teams to consolidate security tools and generate alerts integrated with the evidence needed to validate, triage and remediate threats, boosting threat team efficiency.

Further, Corelight has a unique approach to IDS driven by its open NDR platform and natively integrated Suricata IDS capability.

Its approach drove a 75% year-over-year growth in annual recurring revenue for IDS subscriptions for the company.

“Corelight’s NDR threat detections span machine learning, behavioural models and signatures and we are pleased to see the latter also making significant contributions to our growth as more customers recognise the benefits of switching from standalone IDS to an integrated NDR platform,” says Clint Sand, senior vice president of product at Corelight.

“When you generate alerts with the evidence required to validate and tune them you can reduce noise dramatically and let analysts get to the alerts that actually matter.”

Corelight’s latest software release is positioned to add to the company’s growth trajectory by offering customers new IDS rule management capabilities and improved network visibility around devices, users, apps, and more to assist customers in closing asset visibility gaps and making investigations faster through immediate asset context.

“When an alert fires the real investigative work begins. Analysts need fast, precise answers about what assets were involved or exposed during an incident and Corelight’s new Entity Collection gives them that visibility while also helping them understand asset activity over time,” Sand says.

“This can eliminate the need for additional pivots and asset lookups and can also reveal entities missed by traditional asset inventory management systems.”

Corelight is headquartered in San Francisco and was founded by the creators of Zeek.

The open-core security company works to turn network and cloud activity into evidence that security teams can use to proactively look for threats, speed up their incident response and have full network visibility, as well as create powerful analytics.

The company’s global customers include Fortune 500 companies, government agencies and universities.

Corelight’s latest software release includes two major benefits:

  • Management and data export upgrades to its Software Sensor.
  • The option to deploy Corelight NDR, allowing customers to reduce costs by leveraging their existing hardware investments for on-premise deployments.

Corelight also provides a range of sensor form factors that cover corporate data centres, cloud workloads and more.

The company’s main subscription offering includes new Corelight Entity Collection insights at no additional cost.

However, its Suricata IDS capability, including the new rules management features shipped in the latest release, is available as an add-on subscription.