Corelight Reviews

Corelight is a network traffic analysis product. It is an enterprise solution of Zeek and Suricata. It is deployed mostly with physical sensors, although cloud, virtual and software sensors are available as well. We deploy it for our customers, and MSSP.

Cyber Security Operators barely need to learn how Corelight works because it is integrated with the SIEM of the company. That's why Corelight is very useful since the very first moment it is deployed. Corelight makes much easier the remediation of cyber attacks. Instead of facing a chaotic amount of logs, Corelight provide correlated metrics that allow pivoting to find, in seconds all the data related to an alert, detection or asset. It can be used both on-premise and cloud, and it can be easily scaled.

Corelight provides a insight, visibility and a lot of data. No matter if you need detection for proactive defense or you need data for forensics, Corelight is the primary source of information for cyber security. The deployment is very quick and you are using it from the very beginning.

Al the beginning I was surprised that it didn't include Machine learning based detection, but after some months, I understand why. Our SIEM and our SOAR already includes Machine Learning detection, and Corelight already make behavior based detection as well as signature based detection. Everything in Corelight is useful, and adding ML to an NDR would just make it more expensive, and I'm not sure if it would really improve the final result since Corelight sees everything and ML can be used in other solutions.

Last release included Smart PCAP, a tool that makes PCAP storing easier (and more cost-effective).

We have been using the product, about four months. First time I used it was in April '21

Corelight is very stable. It is based on Zeek, a solution that has been used for more than 20 years.

It is a simple procedure to scale the installation.

Excellent. They are dedicated to the customer from the first moment.

It is very straightforward to choose one physical sensor because you have a sensor with all the installation pre-installed. It is a very straightforward solution because it has a sensory set already configured. You have to adapt it to integrate with your network, with packet brokers. This is the main step that we have to do to integrate with a network. It's not a complicated process.

It is surprisingly affordable

It depends on the kind of customer, but I would recommend it for most companies that had a SOC. It is instrumental. I would rate this product a 10 out of 10. Corelight, including Zeek (former BRO) and Suricata, is well known by most cyber security analysts. For that reason, we have seen that people liked Corelight and Zeek. It adapts perfectly to the day to day work for people in security analytics.

It is mainly being used for security purposes, and to increase cyber visibility.

The most valuable feature is the embedded IDS from Suricata.

It's an expensive solution and the price could be reduced.

They don't have a GUI. In the next release, building a graphical user interface would be helpful.

I have been using Corelight for a few months.

Corelight is a stable solution.

It's a scalable product.

Technical support seems to be good. The response is quite good and also the response time is quite good.

The initial setup is pretty easy with respect to installing.

They have a license-based model.

It's a yearly fee and depends on what you are looking for.

It's an expensive product.

I don't have enough visibility in the competition in order to give you an accurate response to what could be improved. We are still new to this solution we don't know yet. 

I would rate this solution an eight out of ten.