The Corelight Sensor is used to investigate and prevent ransom-ware, denial of service, unauthorised access, misconfiguration, abuse, exfiltration of data, malware infection, insider threat, port scanning, advanced persistent threat (APT) as well as phishing or other mail-based attacks or incidents.
The funding will be used to accelerate the company’s growth plans to meet the market demand for its products through investments in sales, marketing and engineering.
“We often invest in very widely-used open source projects. But it’s uncommon for them to have much enterprise market traction,” said Eric Wolford of Accel Partners. “And what’s highly unusual for a Series A company like Corelight is to have a shipping product built on battle-hardened open source software and dozens of paying customers including six of the Fortune 100, plus one of the largest private companies in the US. I’ve never seen that before.”
Corelight was founded by Vern Paxson (a professor of computer science at UC Berkeley and chief scientist at Corelight), Robin Sommer (CTO) and Seth Hall (chief evangelist) to deliver network visibility solutions for cybersecurity built on an open source framework called Bro.
Paxson began developing Bro in 1995 when he was working at the Lawrence Berkeley National Laboratory (LBNL); the name refers to George Orwell’s “Big Brother” as it signals the need for operators of network monitoring to remain mindful of their users’ rights and privacy. Today its powerful, versatile and actionable data is at the centre of many of the world’s most capable security operations, including those at Amazon and Deloitte.
“We help our customers solve cybersecurity problems faster than they can today, often decreasing the time to resolve incidents from hours and days down to minutes. This new investment will accelerate our progress,” said Greg Bell, CEO of Corelight. “We’re busy working on a series of new features customers are asking for so they can focus effort away from sensor management and towards higher-value activities like data analysis, threat hunting and incident response.”
Customers describe the Corelight Sensor, Corelight’s first product, as a “flight data recorder” for their network because users can easily go back in time to quickly understand sophisticated cyber attacks more effectively than ever before.
The Corelight Sensor is a turn-key appliance that delivers the power of Bro while greatly reducing deployment time and complexity. It incorporates features only available from Corelight, including a comprehensive API, enterprise integrations for Splunk, Amazon S3 and Kafka, performance optimisations yielding 3-4x higher data processing throughput compared to standard servers, a high performance FPGA-based network interface card, optimised file extraction and log filtering.