Close
  • Latest News
  • Cybersecurity
  • Big Data and Analytics
  • Cloud
  • Mobile
  • Networking
  • Storage
  • Applications
  • IT Management
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Menu
eWEEK.com
Search
eWEEK.com
  • Latest News
  • Cybersecurity
  • Big Data and Analytics
  • Cloud
  • Mobile
  • Networking
  • Storage
  • Applications
  • IT Management
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity
    • Networking

    Corelight Expands Network Security Platform With Virtual Edition

    By
    SEAN MICHAEL KERNER
    -
    September 11, 2018
    Share
    Facebook
    Twitter
    Linkedin
      Corelight Bro

      Corelight is pushing forward with a strategy to advance its network security platform, based on the open-source Bro security project.

      On Sept. 11, Corelight announced that it raised $25 million in a Series B round of funding, led by General Catalyst. Total funding to date for Corelight stands at $34.2 million. The new funding follows Corelight’s announcements on Sept. 6 of a new virtual sensor platform and enhanced packages for the Bro platform.

      “We’re commercializing open-source software that has its origin in the 1990s,” Greg Bell, CEO of Corelight, told eWEEK. “Bro started around the same time as other great open-source security projects like Snort and Nesuss, which both led to great companies, with Sourcefire and Tenable, and we see Corelight very much in the tradition of those companies.”

      Snort is an intrusion prevention system that was commercialized by Sourcefire, which in turn was acquired by Cisco Systems in 2013 for $2.7 billion. Nessus is a vulnerability scanner that was commercialized by Tenable, which just had its initial public offering on July 26 on the Nasdaq stock exchange. The open-source Bro project fills a different role than either Snort or Nessus. Bro is a network security monitoring technology that provides an analysis framework.

      Corelight provides additional enterprise integrations and features on top of the open-source Bro project, according to Bell. He noted that the company got started in 2013 initially as a services organization and then expanded into providing hardware appliances integrated and optimized for Bro.

      “We’re now extending the product line into the virtual realm,” Bell said. “Our vision really is to allow enterprises achieve great network visibility wherever and however they need it.”

      Software

      In recent years, it has been more common for startups to start with a software or virtual edition of a commercial cyber-security product rather than start with hardware, which is what happened at Corelight. Bell explained that Corelight got started with hardware, as the core founding team, which is also the team that created Bro, knew they could create a high-performance implementation of Bro on hardware that companies would pay for.

      “It’s funny, internally we very much think of ourselves as a software company,” Bell said. “The core open-source team, of course, has been writing software together for a long time and internally we’ve always developed on a virtual platform.”

      Bell added that in a sense, the hardware sensor that Corelight first went to market with is a hardware port of the company’s original product, which is a virtual sensor. He noted that the new virtual sensor that became available on Sept. 6 is the first time Corelight has had a commercially supported virtual sensor for customers to use. The Corelight virtual sensor currently runs on VMware virtualization technology, though Bell noted that efforts are underway to enable it to also run on container and Kubernetes-based platforms.

      The virtual platform doesn’t benefit from the accelerated performance that the hardware version of Corelight’s sensor provides. Bell said the Corelight hardware sensor platform uses commodity parts alongside a specialized FPGA (Field Programmable Gate Array) network interface card (NIC).

      “We offload as many CPU-intensive cases to the NIC as we can,” Bell said. “Bro is very CPU-intensive, because what it’s doing under the hood is parsing thousands or even millions of simultaneous TCP and UDP connections.”

      How Bro Works

      Bro is a different type of network security tool than a classic intrusion detection system (IDS) that relies on signatures to detect anomalies.

      “Bro is doing something different; it’s providing real-time telemetry, sometimes called metadata, with very detailed actionable data about what’s happening on the wire,” Bell explained. “So when something bad happens, you can quickly piece together the narrative of what happened, what led to the incident or breach and what happened afterwards.”

      Bro isn’t the only open-source project that can be used to understand network data. Another popular project is the open-source Wireshark packet capture data (PCAP) data effort.

      “The rising popularity of Bro is because it is in the sweet spot between PCAP on one hand and netflow on the other, which is quite minimalist,” Bell said. “We find that most organizations can resolve most of their security incidents just using Bro data.”

      Looking beyond just using Bro for network data analysis, Bell said Bro is also an application platform that the community uses to build scripts and other applications that do interesting work with the network data.

      “We have only just begun to exploit the power of those scripts in our product, and really almost anything you can imagine wanting to do with network traffic can be done with Bro,” he said. 

      The Core Collection for Bro, which was announced alongside the virtual sensor release, provides a series of different scripts to enable operational insights from Bro. Among the scripts in the collection is a crypto-currency mining detector, as well as an automatic hostname detector for network traffic.

      “You’ll see us working to make the data from Bro even better, more useful and more targeted so that security operations centers can do their jobs faster and more effectively,” Bell said. “We aim to be the definitive data source for network derived data.”

      Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.

      MOST POPULAR ARTICLES

      Android

      Samsung Galaxy XCover Pro: Durability for Tough...

      CHRIS PREIMESBERGER - December 5, 2020 0
      Have you ever dropped your phone, winced and felt the pain as it hit the sidewalk? Either the screen splintered like a windshield being...
      Read more
      Cloud

      Why Data Security Will Face Even Harsher...

      CHRIS PREIMESBERGER - December 1, 2020 0
      Who would know more about details of the hacking process than an actual former career hacker? And who wants to understand all they can...
      Read more
      Cybersecurity

      How Veritas Is Shining a Light Into...

      EWEEK EDITORS - September 25, 2020 0
      Protecting data has always been one of the most important tasks in all of IT, yet as more companies become data companies at the...
      Read more
      Big Data and Analytics

      How NVIDIA A100 Station Brings Data Center...

      ZEUS KERRAVALA - November 18, 2020 0
      There’s little debate that graphics processor unit manufacturer NVIDIA is the de facto standard when it comes to providing silicon to power machine learning...
      Read more
      Apple

      Why iPhone 12 Pro Makes Sense for...

      WAYNE RASH - November 26, 2020 0
      If you’ve been watching the Apple commercials for the past three weeks, you already know what the company thinks will happen if you buy...
      Read more
      eWeek


      Contact Us | About | Sitemap

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Property of TechnologyAdvice.
      Terms of Service | Privacy Notice | Advertise | California - Do Not Sell My Info

      © 2020 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×