Corelight Competitors and Alternatives

Get our free report covering Darktrace, ExtraHop Networks, Vectra AI, and other competitors of Corelight. Updated: June 2021.
511,773 professionals have used our research since 2012.

Read reviews of Corelight competitors and alternatives

JG
Head of Information Security at a engineering company with 10,001+ employees
Real User
Top 5
Gives us network layer visibility into things that may not be covered by other monitoring tools, such as shadow IT

What is our primary use case?

One of the interesting things that made us lean towards going with Awake was that it fulfilled a couple of use cases. One was the core NDR functionality. We wanted it to be able to monitor our network traffic and alert us on security-relevant events. Another request we had was that because our security team was pretty resource-constrained, we wanted a solution that could provide an in-house managed service for monitoring it, as a partner. Awake was able to provide that, with their MNDR team. and that was something that we found pretty valuable.

Pros and Cons

  • "The query language that they have is quite valuable, especially because the sensor itself is storing some network activity and we're able to query that. That has been useful in a pinch because we don't necessarily use it just for threat hunting, but we also use it for debugging network issues. We can use it to ask questions and get answers about our network. For example: Which users and devices are using the VPN for RDP access? We can write a query pretty quickly and get an answer for that."
  • "One concern I do have with Awake is that, ideally, it should be able identify high-risk users and devices and entities. However, we don't have confidence in their entity resolution, and we've provided this feedback to Awake. My understanding is that this is where some of the AI/ML is, and it hasn't been reliable in correctly identifying which device an activity is associated with. We have also encountered issues where it has merged two devices into one entity profile when they shouldn't be merged. The entity resolution is the weakest point of Awake so far."

What other advice do I have?

One thing to be aware of, for someone else using Awake, is to be ready, at the beginning, to clearly define what is expected network activity and what is not. That helps both teams. For us, it has been an interesting challenge because our network is quite complex. In the life sciences, we have pretty varied environments for physical manufacturing, R&D, and SGNA. It spans the whole gamut. What helps in that environment is being very clear, up front, about documenting and giving context to the Awake MNDR team about which devices are domain controllers and the kinds of traffic they should expect…
Eric Weakland
Director, Information Security at American University
Real User
Its artificial intelligence and machine learning helps us with looking at deviations from the norm

What is our primary use case?

One of the reasons we went with this solution was because there is less that we have to customize; it's more commercial off the shelf. Therefore, my team can spend their time doing what's most beneficial for the university, which is protecting it, not upgrading custom software. We use it to inspect and look for malicious, abusive, or other types of forbidden behavior with our north-south and east-west traffic. We not only look at traffic from our campus to the Internet, but we look at traffic internally in our network as it does network AI. It not only looks when a specific event happens, but… more »

Pros and Cons

  • "The solution provide visibility into behaviors across the full lifecycle of an attack in our network, beyond just the Internet gateway. It makes our security operations much more effective because we are now looking not just at traffic on the border, but we're looking at east-west internal traffic. Now, not only will we see if an exploit kit is being downloaded, but we would be able to see then if that exploit kit was then laterally distributed into our environment."
  • "Some of their integrations with other sources of data, like external threat feeds, took a bit more work than I had hoped to get integrated."

What other advice do I have?

We don't have that big of a cloud presence yet. However, the solution would correlate behaviors in our enterprise network and data centers with behaviors we see in our cloud environment because part of our east-west visibility includes our dedicated connections to cloud instances. If it goes over to our commodity Internet, it should see it there too. I would rate this solution as an eight point five (out of 10). All opinions in this review are my own.
Get our free report covering Darktrace, ExtraHop Networks, Vectra AI, and other competitors of Corelight. Updated: June 2021.
511,773 professionals have used our research since 2012.