Overview
Product Information on Corelight Open NDR Platform
What is Corelight Open NDR Platform?
Corelight Open NDR Platform Pricing
Corelight Open NDR Platform Product Images
Overall experience with Corelight Open NDR Platform
“Corelight NDR enabling streamlined and precise incident analysis through network metadata”
“Challenges With Centralized Management In Multi-Environment Deployments Of Sensor Networks”
About Company
Company Description
Corelight is a company that primarily focuses on network security. Its objective is to transform network and cloud data into detailed evidence to help counter ever-evolving cyber threats. The company offers an open Network Detection and Response (NDR) platform that provides a comprehensive, correlated view of the network, granting unmatched visibility to users. With the advantage of swift investigation, expert-like cyber threat hunting and potential attack disruption capabilities, Corelight targets to enhance cybersecurity preparedness. It offers both on-premise and cloud-based sensors capable of capturing standard industry telemetry and insights that align with pre-existing user tools and processes. Clients of Corelight span diverse sectors, including large scale businesses, government agencies and research institutions.
Company Details
Do You Manage Peer Insights at Corelight?
Access Vendor Portal to update and manage your profile.
Key Insights
A Snapshot of What Matters - Based on Validated User Reviews
User Sentiment About Corelight Open NDR Platform
Reviewer Insights for: Corelight Open NDR Platform
Performance of Corelight Open NDR Platform Across Market Features
Corelight Open NDR Platform Likes & Dislikes
Ease of deployment and implementation. Quick deployment in the environment without the need of installing additional agents. After providing network traffic to the sensor, data immediately shows up in the Corelight console. Extraction of network data in a minimal and easily readable format that makes security triage and analysis faster and more straightforward. Additionally, if any alert is detected, it enables in depth analysis of network packets which are captured through the efficient SmartPCAP technology. Encrypted traffic analysis provides high fidelity insights into encrypted traffic (e.g., HTTPS, SSH, VPN, and DNS over TLS) without the need for traffic decryption. The underlying engine enables extraction of all relevant data from the encrypted traffic with no impact on the traffic analysis performance. Enables capturing of files across all analyzed traffic and storage of files for automated analysis. This is further enhanced by the YARA scanning functionality that detects potentially malicious files transferred through the network. Reliability and speed of traffic capture, data collection and data analytics. Traffic is parsed and quickly forwarded to the Corelight SIEM where it is available for analysis in less than a minute. Readiness of technical and customer support to jump on a call and discuss improvements to the platform provides peace of mind when using the solution. The Corelight team really aims at making a quality product that will streamline detection and response activities as much as possible by providing valuable information to security analysts.
FleetManager
The clarity and structure of the data. Corelight gives us high-fidelity, well-enriched logs that are actionable instead of chaotic. The detections are more organized, the data is richer, and investigations move faster because we are able to lay everything out in a way that makes sense. Sensor management is easy and the overall stability of the sensors has been a major plus. The product is consistently working towards reducing the noise and that's rare in this space.
Integration with EDR vendors - Integration exists but is limited to querying EDR vendors API endpoints. This can provide great context but it is far from a fully integrated console that would integrate EDR and NDR telemetry into one timeline. Limitations on Alerting capabilities - Currently one can only create alerts based on Zeek and Suricata detections. There is no ability to create custom alerts in the Investigator SIEM based on the collected network data. Cloud traffic inspection can incur sizeable additional costs - If using a cloud provider that doesn't natively support Cloud Network TAPs the price hike for monitoring cloud network infrastructure is significant.
The lack of having fully centralized operational management in environments with a large number of sensors deployed across multiple environments
The product is incredibly powerful, but some tuning requires trial and error before everything aligns the way you want. Certain detections and log types can feel a bit rigid in terms of customization, and more granular configuration options would help streamline deployments. Additionally, scaling log volume can overwhelm our SIEM licensing, so it requires careful planning to avoid ingest bloat. None of these are deal-breakers, but they are areas where more flexibility could make the experience better.
Top Corelight Open NDR Platform Alternatives
Peer Discussions
Corelight Open NDR Platform Reviews and Ratings
- SENIOR SECURITY ANALYST50M-1B USDIT ServicesReview Source
Corelight NDR enabling streamlined and precise incident analysis through network metadata
Corelight NDR is an essential tool that greatly simplifies the detection and triage of security events through network data. Evidence collected through the sensor simplifies detection of malicious behavior, as well as providing immediate insight into all the affected machines. It provides a great platform to analyze and find irregularities and misconfigurations in the network. The provided data can be directly utilized for system and network security hardening as well as a verification method for validating hardening efforts. The solution just works and usually there is no need for customer support. Nevertheless, when needed, customer support is fast to respond and resolve any issues that might arise. - IT SECURITY & RISK MANAGEMENT ASSOCIATE50M-1B USDTransportationReview Source
Corelight Improves Network Visibility But Requires Careful Tuning and SIEM Planning
Our experience with Corelight has been consistently strong. The platform delivers reliable, high-quality network visibility without drowning us in noise, and it has integrated strongly with our existing SIEM and workflows. The sensors have remained stable and easy to manage through the management application, and the data fidelity has improved our ability to investigate suspicious activity in both IT and OT. The support team has been responsive, knowledgeable, and genuinely invested in assisting us optimize our deployment. Corelight has made our detection and response efforts significantly more efficient and more confident. - Manager, IT Security and Risk ManagementGov't/PS/EdGovernmentReview Source
Death of NDR is greatly exaggerated
Corelight have been great and engaged with us from initial deployment stages through to ongoing maintenance in production. Product gets updated frequently with new functionality that is genuinely useful capability additions. - Engineering Manager50M-1B USDIT ServicesReview Source
Excellent customer support and GUI makes administration simple
Corelight staff have been friendly, knowledgeable, and prompt about providing support whenever we have asked, which has occurred on a range of topics over the course of the last year. I have been impressed with their level of responsiveness compared to other vendors, and I have not had a single negative interaction with Corelight even while troubleshooting product problems or issues, which says a lot about their staff's professionalism and courtesy. - senior security analystGov't/PS/EdGovernmentReview Source
High quality, user friendly security device with an excellent development team.
The product itself is open source, but the experience/good practices/new security insights exchanged with us is extremely useful and brings us a much added value. Some modules are not open source, those are developed by the labs team. But as we can have direct contact with them, cooperation is quick and easy. Summary: he software does what it needs to do, but a lot of experience from the internal teams is shared with us as a customer. With other suppliers it is impossible to talk direct to developers and specialized tech teams.