26 INTERVIEW 01732 759725 With Matt Ellison, Director, Sales Engineering, EMEA at Corelight In this Q&A, we ask Matt Ellison, Director of Sales Engineering, EMEA about Corelight’s proposition, evolution and value to the channel. Technology Reseller (TR): Please could you provide some background on the genesis of Corelight and the problem it addressed. Matt Ellison (ME): Our story starts more than 25 years ago with our co-founder Dr. Vern Paxson, who was working at the Lawrence Berkeley National Laboratory. Vern needed to better understand what was happening on the lab’s networks, so he created an open source project, now called Zeek, to provide detailed information about network activity. Cofounder Dr. Robin Sommer joined the project, now based out of the International Computer Science Institute in Berkeley, in 2001. A third co-founder Seth Hall began contributing in 2007. Under Robin’s leadership, the project received millions of dollars of financial support from the US National Science Foundation (NSF), which was instrumental in turning a powerful but boutique system into an industrial-strength platform. The US Department of Energy also provided financial support during this period. By 2013, the platform’s ability to provide evidence in the form of network data logs had become the gold standard for understanding network activity. To support the Zeek project, Vern, Robin and Seth founded a company – now named Corelight – with a business model to provide services to make it easier for companies to leverage Zeek. By 2015 it had become clear that people needed more than a service – they demanded a fully integrated system that truly leveraged the design pattern built by the Zeek community. The company was incorporated in 2016 and the Corelight Sensor was born. Today, Zeek is the world’s leading platform for network security monitoring, and Corelight continues to be its steward. Our offerings now include rich insights not only from Zeek, but also Suricata; we’ve created our own proprietary technologies for VPN, encrypted collections, packet capture and more; our sensors now address virtual, software, cloud and physical environments; and we’ve added machine learning and intuitive scalable search to the mix. Serving large enterprises and government agencies in more than fifteen countries, we help organisations translate network and cloud activity into evidence that they can use to proactively hunt for threats, quickly investigate cyber incidents, gain visibility into their networks and leverage analytics powered by machine learning. TR: What’s different about Corelight’s approach and why is this relevant now? ME: Corelight provides a Network Detection and Response (NDR) platform, differentiated by its use of open source technologies such as Zeek and Suricata. This is a tremendous advantage in that new insights and evidence are continually being fed into the platform, which means that the evidence/data we provide is more comprehensive than other offerings. It’s also linked to other data for context and unique insight – for example encrypted traffic. We also offer arguably the broadest range of detection techniques, including machine learning, behavioural models, signatures and queries, from a single platform delivering network security monitoring, intrusion detection (IDS), packet capture and investigation/threat hunting. Corelight’s open source heritage means it integrates seamlessly with existing customer toolsets such as XDR, SIEM and SOAR platforms. In fact, customer experience is key – Corelight has an industry leading NPS score and net/gross retention, driven by proactive support capabilities including the assignment of a technical account manager to every customer. TR: What is your typical customer profile and your route to market? ME: Our typical customers are larger enterprises that already have a Security Operations Centre (SOC) for threat detection and response and core technologies such as endpoint protection Corelight, the leader in open network detection and response (NDR), gives organisations a better way to detect early warning signs of a breach (and actively hunt for threats), empowering SOC analysts to prioritise alerts and take action to contain and eliminate threats before they can have a significant impact. Its NDR platform and natively integrated Suricata intrusion detection software (IDS) are complementary, add-on solutions to existing endpoint detection and response (EDR) tools, giving system integrators and MSSPs the opportunity to add value for their EDR customers and boost revenue through sales and additional service revenue. Corelight says its NDR platform has particular value for partners because it is built on open source technology and is backed by strong industry alliances. This allows Corelight to deliver industry-leading technologies like Zeek – the standard for network security monitoring – and integrate more capabilities both upstream, e.g. threat intelligence feeds, and downstream, e.g. analytics vendors. This, it says, is preferable to black box NDR, which serves up alerts but provides no information on how decisions are reached. Q&A Corelight had significant growth even through the pandemic years and this has been fuelled not only by new logo acquisition but also by customer expansions and renewals Matt Ellison
RkJQdWJsaXNoZXIy NDUxNDM=