Corelight

Company Overview

Corelight is a cybersecurity company specializing in network detection and response (NDR) solutions. Founded in 2016, the company is headquartered in San Francisco, California with additional offices in Virginia, London, Dubai, and Sydney. Corelight’s core technology is based on Zeek, an open-source network security monitoring platform originally developed by co-founder Dr. Vern Paxson in 1995.

The company’s mission is to put evidence at the heart of security by transforming network and cloud activity into high-fidelity data that defenders can use for complete visibility, analytics, faster investigations, and expert threat hunting. Corelight aims to help organizations stay ahead of ever-changing cyber attacks.

Products Overview

Corelight’s flagship product is its Open Network Detection and Response (NDR) Platform. Key components include:

• Investigator - A SaaS-based threat investigation platform that simplifies Tier 1 workflows and accelerates triage and resolution.

• Zeek-based Network Evidence - Enterprise-grade implementation of the open-source Zeek network security monitoring platform.

• Intrusion Detection System (IDS) - Integration of the open-source Suricata IDS engine.

• Smart PCAP - Selective packet capture technology that enables storing months of traffic history.

• Analytics & Detections - Security analytics developed by Corelight Labs and curated from the Zeek community.

• Sensors - Available as physical appliances, cloud, software, and virtual deployments to collect network data.

• Fleet Manager - Centralized management console for Corelight sensors.

The platform is designed to provide comprehensive network visibility, power analytics and threat detection, accelerate incident investigations, and enable proactive threat hunting.

Founding Team

Corelight was co-founded by:

• Dr. Vern Paxson - Chief Scientist, creator of the Zeek platform
• Dr. Robin Sommer - Zeek Project Leader
• Seth Hall - Chief Evangelist
• Dr. Greg Bell - Former Chief Strategy Officer

The founders bring deep expertise in network security, open-source development, and cybersecurity research from institutions like UC Berkeley, Lawrence Berkeley National Laboratory, and the International Computer Science Institute.

Problem and Market Fit

Corelight addresses the challenges organizations face in gaining comprehensive visibility into network activity and rapidly investigating security incidents. As cyber attacks grow in sophistication, security teams struggle with alert fatigue, lack of context in alerts, and difficulty piecing together evidence during investigations.

By providing rich network evidence enriched with analytics, Corelight enables defenders to:

• Increase visibility across on-premises, cloud, and hybrid environments
• Accelerate threat detection and response
• Conduct more effective incident investigations
• Proactively hunt for hidden threats

The company’s solutions cater to large enterprises and government agencies dealing with advanced persistent threats and needing to protect sensitive data and critical infrastructure.

Business Model

Corelight operates on a subscription-based business model, offering its NDR platform and sensors through annual or multi-year contracts. The company sells both directly to end customers and through channel partners.

Key revenue streams include:

• Software subscriptions for the NDR platform
• Hardware appliances and virtual/cloud sensor deployments
• Professional services and training

Corelight focuses on serving large enterprise and government customers, particularly in regulated industries like financial services, healthcare, and critical infrastructure.

Funding and Runway

Corelight has raised over $284 million in venture funding to date across multiple rounds:

• Series A: $9.2M led by Accel in 2017
• Series B: $25M led by General Catalyst in 2018
• Series C: $50M led by Insight Partners and Accel in 2019
• Series D: $75M led by Energy Impact Partners in 2021
• Series E: $125M led by Energy Impact Partners in 2022

Key investors include Accel, General Catalyst, Insight Partners, Energy Impact Partners, CrowdStrike Falcon Fund, and others. The substantial funding provides Corelight with significant runway to continue its rapid growth and product development.

Competitive Landscape

Corelight operates in the competitive network detection and response (NDR) market. Key competitors include:

• Darktrace
• ExtraHop
• Vectra AI
• Cisco (Stealthwatch)
• Arista Networks (Awake Security)

Corelight differentiates itself through its open-source heritage, focus on providing rich network evidence beyond just alerts, and integration with leading SIEM and XDR platforms. The company has strategic partnerships with major cybersecurity vendors like CrowdStrike, Splunk, and Microsoft.

Customers

While Corelight does not publicly disclose its full customer list, the company serves large enterprises and government agencies across various sectors. Publicly mentioned customers and use cases include:

• U.S. Department of Energy - Network monitoring for scientific research networks
• Fortune 500 financial services firms
• Large healthcare providers and pharmaceutical companies
• Major retailers and e-commerce platforms
• Federal, state and local government agencies

The company protects some of the most sensitive, mission-critical networks globally.

Relevant News

• July 2024: Recognized in Gartner’s Competitive Landscape report for NDR, specifically for SaaS and cloud identity applications security capabilities.

• May 2024: Announced enhanced Splunk integration to simplify SOC analyst workflows.

• May 2024: Added 1-Click Entity Isolation feature leveraging CrowdStrike Falcon integration.

• Feb 2024: Named a leader in the G2 Grid Report for Network Detection and Response.

• Oct 2023: Launched Corelight Investigator, a SaaS-based threat investigation platform.

• Aug 2023: Announced strategic partnership with CrowdStrike, including CrowdStrike’s use of Corelight’s NDR capabilities.

Corelight continues to expand its capabilities in cloud security, encrypted traffic analysis, and AI/ML-powered detections to address evolving cyber threats.