Corelight, a San Francisco-based technology startup announced today that had raised $9.2 million in a Series A round of funding led by Accel Partners. Osage University Partners and Dr. Steve McCanne, co-founder of Riverbed Technology also participated.
The company’s product, Corelight Sensor, is an appliance that uses Bro, an open-source network analysis framework, to quickly unravel even the most advanced or stealthy network attacks. Bro originally hails from Dr. Vern Paxson, a professor of computer science at UC Berkeley, who co-founded the company and serves as its chief scientist.
The specialized hardware is tuned to provide up to four times the data processing throughput of standard servers and features a high-performance network interface card based on field-programmable gate array (FPGA) technology to quickly generate and deliver results to enterprises IT network and security professionals. In fact, Corelight Sensor has already found a home in six Fortune 100 companies, according to Corelight.
“Since all data, no matter what the threat vector, travel over networks, the Corelight Sensor is a powerful tool to understand threats” Alan Saldich, CMO of Corelight, told eSecurity Planet. Those threats include malware infections port scanning, denial of service attacks, unauthorized access, misconfigurations, abuse, exfiltration of data, insider threats, advanced persistent threats, phishing or other mail-based attacks, he said.
“While Bro-Corelight is not always the tool that detects incidents–in many cases it is end users who detect unusual emails or behavior, or report ransomware–it is the fastest way to resolve them and get clarity about exactly what happened and why, to get to the root cause,” continued Saldich.
There’s no shortage of security monitoring and alerting tools, but making sense of their output can become a job in and of itself.
“Understanding those alerts is a laborious and time-consuming job because there are many systems involved, each with different data, logs, user interfaces, formats and they are not necessarily correlated or organized in way that is useful to [incident responders],” said Saldich. “That means that advanced persistent threats can linger undetected or unresolved for hours, days or weeks because dealing with them is so challenging.”
And every minute a security threat goes unaddressed can lead to a costly breach. Corelight takes the mystery out of security alerts for IT security professionals by structuring network activity information into an actionable format.
“Corelight helps companies resolve cybersecurity incidents much faster than they can today. We do that by providing clarity and detailed information about all network traffic, summarized and structured specifically for cybersecurity pros and incident responders,” added Saldich.