When most cyber-attacks must cross the network, extracting relevant data from network traffic is essential for security operations. Many security teams have limited or no traffic visibility at the perimeter, leaving them blind to attackers who hide and establish malicious C2 server communications, deploy malware, and exfiltrate sensitive data.

Finding a way to reliably and cost-effectively capture and transform traffic into usable security data can be challenging, especially in environments with limited data center space and high throughput traffic. The Corelight and Garland solution takes minutes, not months, to deploy and emit actionable insights. The solution provides 100% visibility of your network for up to 10x peak performance gains and is packed with additional enterprise functionality from the creators and maintainers of Zeek.

Integration Benefits

The Corelight and Garland Technology solution offers a scalable way to capture and efficiently make sense of 100% the network traffic no matter the environment. By dramatically accelerating network security operations with Zeek data, the solution reliably reduces blind spots in the network and the risk of any malicious data on the wire. Whether a lean or robust security team, the easy deployment and infinite features with Zeek data provide a comprehensive solution for security performance.

IT and Sec Ops Team Benefits

• Full visibility across on-premise data centers and private, public (AWS, Azure, Google), or multi-cloud environments.
• Easy access and monitoring of network traffic from physical, virtual, and cloud networks.
• Reduce network downtime, improve reliability, reduce costs, and gain better device utilization by spreading the load data across multiple tools.
• Extract over 400 fields of data from network traffic in real-time across 35+ protocols from Layer 3 to 7 (HTTP, DNS, SSL, ext.)
• The logs provide nearly the fidelity of full traffic at less than 1% of the file size.
•Logs are organized by protocol with fields extracted specifically for SOC / DFIR teams so that they can make fast sense of their network to threat hunt and resolve incidents more efficiently.
•Preloaded with the Core Collection, a set of Zeek packages curated and certified for performance and stability.
•Provide specific threat detection, data enrichment, and operational insight capabilities, such as identifying port scanning behavior or extracting URLs from email bodies for filtering.