“How quickly can we respond to bad actors on our network?” is a frequently asked question for most enterprise security teams. For many, the response will largely depend on how much visibility the team can get into the data traversing the network and the solutions they have in place to “see” into that traffic.
Recognizing that this is a concern for our customers, we are pleased to share that FireEye has entered a technical collaboration with Corelight. This collaboration is designed to give joint customers enhanced network visibility to speed incident detection and threat response.
This integration brings Corelight Sensors together with the FireEye Helix security orchestration platform, providing better network security and threat visibility into customer networks. Customers running FireEye Helix and Corelight benefit from real-time actionable insights into network traffic by extracting hundreds of security-relevant pieces of data across dozens of protocols and data types. This data is then enriched with FireEye Intelligence to help customers identify high priority threats.
Figure-1: FireEye Helix Showcasing Corelight Alerts
Key benefits of the integration:
- Ability to extend network threat visibility to higher
throughput networks - at the edge and at the datacenter using the
Corelight AP 3000 Sensor
- Ability to extend visibility into
cloud and virtual environments utilizing Corelight Sensors
- Pre-built FireEye Helix dashboards to deliver security insights
from Corelight logs
Figure-2: FireEye Helix dashboard showcasing
Corelight and Zeek data
The information that Corelight provides to the Helix platform will
allow security professionals to accelerate their response to threats.
Corelight has created custom Helix dashboards that enable customers to:
- Effectively detect and respond to attacks
- Hunt for attackers using contextual data
These dashboards can also be utilized for anyone leveraging Zeek
(formerly known as Bro), the open source network security monitoring
platform that underlies the Corelight technology. This additional
context coupled with leading FireEye intelligence will allow mutual
customers to focus their energy on the threats that matter.
To learn more about these FireEye and Corelight integrations, please
visit either the FireEye Market or the Corelight website.