FireEye Stories

Corelight Collaborates with FireEye to Deliver Expanded Network Visibility and Accelerate Incident Response

“How quickly can we respond to bad actors on our network?” is a frequently asked question for most enterprise security teams. For many, the response will largely depend on how much visibility the team can get into the data traversing the network and the solutions they have in place to “see” into that traffic.

Recognizing that this is a concern for our customers, we are pleased to share that FireEye has entered a technical collaboration with Corelight. This collaboration is designed to give joint customers enhanced network visibility to speed incident detection and threat response.

This integration brings Corelight Sensors together with the FireEye Helix security orchestration platform, providing better network security and threat visibility into customer networks. Customers running FireEye Helix and Corelight benefit from real-time actionable insights into network traffic by extracting hundreds of security-relevant pieces of data across dozens of protocols and data types. This data is then enriched with FireEye Intelligence to help customers identify high priority threats.

Figure 1: FireEye Helix Showcasing Corelight Alerts

Figure-1: FireEye Helix Showcasing Corelight Alerts

Key benefits of the integration:

  • Ability to extend network threat visibility to higher throughput networks - at the edge and at the datacenter using the Corelight AP 3000 Sensor
  • Ability to extend visibility into cloud and virtual environments utilizing Corelight Sensors
  • Pre-built FireEye Helix dashboards to deliver security insights from Corelight logs
Figure-2: FireEye Helix dashboard showcasing Corelight and Zeek data

Figure-2: FireEye Helix dashboard showcasing Corelight and Zeek data

The information that Corelight provides to the Helix platform will allow security professionals to accelerate their response to threats. Corelight has created custom Helix dashboards that enable customers to:

  • Effectively detect and respond to attacks
  • Identify anomalies quickly
  • Hunt for attackers using contextual data beyond alerts

These dashboards can also be utilized for anyone leveraging Zeek (formerly known as Bro), the open source network security monitoring platform that underlies the Corelight technology. This additional context coupled with leading FireEye intelligence will allow mutual customers to focus their energy on the threats that matter.

To learn more about these FireEye and Corelight integrations, please visit either the FireEye Market or the Corelight website.