Corelight boosts AI-driven network detection and response

Flush with cash from a recent $150 million funding round, Corelight is one of Network World’s 7 network security startups to watch for 2024. Its network detection and response platform aims to tackle NDR weak spots, including alert overload and tool sprawl.

Corelight at a glance

• Founded: 2013
• What they do: Provide open NDR-based network security
• Funding: $309.2 million
• Headquarters: San Francisco, California
• CEO: Brian Dye
• Competitors include: Corelight competes directly against traditional NDR (network detection and response) providers, such as ExtraHop and Vectra, as well as indirectly competing against large cyber-security/networking companies, including Cisco, CrowdStrike, and Microsoft, that provide solutions similar to NDR.
• Customers include: Carrefour and Grand Canyon Education

Why Corelight is a startup to watch

Corelight’s co-founders – Dr. Vern Paxson (chief scientist), Dr. Robin Sommer (Zeek project leader), and Seth Hall (chief evangelist) – originally worked together on the open-source Zeek security management platform. The three founded Corelight in 2013 to provide services built around Zeek. The startup’s CEO is Brian Dye, who previously served as EVP of products for McAfee and SVP of information security for Symantec. 

The company isn’t a newcomer, but its new financing is significant. In April 2024, Corelight closed a $150 million Series E round of funding, bringing its total raised to date to $309.2 million. Accel led the round. Cisco Investments and CrowdStrike Falcon Fund also participated.

According to Corelight, SOC teams face three major problems that status-quo NDR software fails to counter: 1) stealthy and low-and-slow attacks, 2) alert/alarm overload, and 3) tool sprawl.

Corelight’s open NDR platform provides SOC teams with visibility into all network activities across physical, cloud, and hybrid environments. AI and ML tools detect aberrant behaviors and hidden threats, while also assisting with investigation and remediation workflows to speed response times. Corelight’s platform also consolidates IDS, PCAP, and threat detection with traditional NDR capabilities.

Corelight

Read more about network security startups

• Aembit brings identity management to non-human workloads
• Astrix Security manages non-human entities across networks and clouds
• Dazz aims to unify security remediation with AI-driven platform
• dope.security puts a new spin on secure web gateways
• Mitiga zeros in on cloud and SaaS security
• Qevlar AI tackles alert fatigue with autonomous investigation

Jeff Vance is the founder of Startup50.com, a site that discovers, analyzes, and ranks tech startups. Follow him on Twitter, @JWVance, or connect with him on LinkedIn.