Corelight Boosts Network Detection with CrowdStrike, Aims to Tackle Alert Fatigue

San Francisco, CA – November 8, 2023 – As cyberattacks grow in sophistication and volume, security operations centers (SOCs) are increasingly overwhelmed by alerts, leading to alert fatigue and potentially missed threats. Network detection and response (NDR) vendor Corelight is responding with a series of enhancements, most notably integration with CrowdStrike’s Falcon Adversary Intelligence, and a continued focus on reducing false positives. The company is also leveraging its unique heritage rooted in the open-source network security tool Zeek (formerly Bro) to deliver advanced threat detection capabilities.

Corelight’s latest advancements come at a critical time. According to Verizon’s 2023 Data Breach Investigations Report, attackers are shrinking their breakout times – the period between initial compromise and data exfiltration – demanding faster and more accurate threat detection. “The landscape is getting incredibly noisy,” said one cybersecurity analyst. “Security teams are drowning in alerts, and it's becoming increasingly difficult to identify the signals that truly matter.”

Bridging the Intelligence Gap

The integration with CrowdStrike's Falcon Intelligence offers Corelight users access to a continually updated stream of threat indicators, including threat actor profiles, malware analysis, and indicators of compromise (IOCs). This integration allows Corelight’s NDR platform to correlate network activity with known threat actor tactics, techniques, and procedures (TTPs), improving the accuracy of threat detection and reducing false positives.

“This isn’t just about adding another threat feed,” explained a Corelight spokesperson. “It’s about enriching our network data with contextual intelligence that helps security teams understand the ‘who’ and ‘why’ behind attacks. This allows them to prioritize investigations and respond more effectively.”

Taming the Alert Storm

Beyond the CrowdStrike integration, Corelight is doubling down on its ability to reduce alert fatigue. The company’s platform utilizes machine learning and behavioral analysis to identify anomalous network activity and filter out benign traffic. By minimizing the number of false positives, Corelight aims to free up security analysts to focus on genuine threats.

“One of the biggest challenges facing SOCs today is alert overload,” said a security consultant specializing in NDR deployments. “Analysts are spending too much time chasing down false leads, and that leaves them less time to investigate real threats. Solutions that can reduce noise and prioritize alerts are critical.”

The Power of Open Source

Corelight’s foundation in the open-source Zeek project remains a key differentiator. Zeek provides deep packet inspection and network traffic analysis, generating rich metadata that feeds into Corelight’s NDR platform. This open-source heritage allows Corelight to adapt quickly to emerging threats and customize its platform for specific use cases.

“Zeek is a powerful engine for network security,” stated a network security architect. “It provides the visibility and detail that many commercial solutions lack. Corelight has done a great job of building a commercial platform on top of Zeek and making it accessible to a wider audience.”

The company's commitment to open-source also fosters a vibrant community of developers and security researchers who contribute to the ongoing improvement of its platform. This collaborative approach allows Corelight to stay ahead of the curve and address emerging threats more effectively.

Addressing Evolving Threats

The combination of real-time threat intelligence, machine learning, and open-source roots positions Corelight as a key player in the NDR market. Analysts highlight the growing importance of NDR solutions in detecting modern threats, particularly those that bypass traditional security controls.

“Attackers are becoming increasingly sophisticated,” said a threat intelligence analyst. “They're using techniques like living-off-the-land and lateral movement to evade detection. NDR solutions that can monitor network traffic and identify anomalous behavior are essential for detecting these types of attacks.”

The company is also expanding its cloud-native capabilities, enabling customers to deploy its NDR platform in public, private, and hybrid cloud environments. This flexibility allows organizations to protect their entire network, regardless of where their assets are located.

Looking Ahead

Corelight’s latest advancements demonstrate the company’s commitment to providing security teams with the tools they need to detect and respond to modern threats. By leveraging real-time threat intelligence, machine learning, and open-source technologies, Corelight is helping organizations reduce alert fatigue, improve threat detection accuracy, and strengthen their overall security posture. As the threat landscape continues to evolve, companies like Corelight will be critical in helping organizations stay one step ahead of attackers and protect their valuable assets.