Alan Saldich, chief marketing officer, Corelight, discusses how the company’s global expertise can enable Middle East organisations enhance their security postures.
Can you please give an overview of Corelight’s operations and offerings?
Corelight provides solutions based on an open-source software project called “Zeek” formerly known as Bro.
Created by co-founder Dr. Vern Paxson more than two decades ago, Zeek is being used by thousands of organisations around the world; taught by technology firms such as SANS and Cisco as part of their security training curriculum; and incorporated into dozens of commercial security products.
As an open-source software, many people contribute to the project. However, all of the core developers on the Zeek project work for Corelight, which gives us a strategic advantage in the market.
The power of Zeek is its capability to ingest raw packets and extract hundreds of elements of data that are specifically curated for network forensics, incident response and threat hunting. That data is parsed, structured and exported in real-time to the customer’s analytics stack (typically a SIEM like Splunk, Elastic, Exabeam, Securonix, ArcSight, QRadar or virtually any other analytics platform). The logs Zeek produces can be augmented with third-party or internal data to make them more useful, and Corelight customers can also add their own customised detections or those that were created by other members of the Zeek open source community.
Coreight Sensors are available as physical appliances, virtual or cloud-deployable systems, which can be installed in about 15 minutes and begin capturing valuable data immediately.
Why is the Middle East an important market for Corelight?
Cybersecurity has become a top priority for organisations in the Middle East. A recent report by PwC has found that businesses in the Middle East are more prone to cyber-attacks than those anywhere else in the world. With this in mind, we believe that regional firms including government agencies will see the same value in our offerings as US and European organisations have. We aim to show them how our offering can be an integral part of their security stacks as they modernise and become more data-driven in strengthening their security postures.
Today, we already have significant business in the Middle East and since protecting the network is one of the most fundamental aspects of security for any organisation, we think the opportunity in the region is massive.
What best practices should enterprises undertake to strengthen their network security strategies?
The number one thing Corelight recommends is to start collecting data “yesterday” – or, in other words, as soon as possible!
You only get one chance to capture data and since Zeek logs are very compact – they can be kept for years at modest costs – it makes sense to install sensors now and begin collecting the data even if a security team is not finished designing its next-generation security stack yet. Whatever SIEM, SOAR or detection methodology a customer selects, and whether they make that selection next week or next year, their security teams will be thankful they began collecting data early so that it’s at their fingertips when they need it to defend themselves.
What can regional organisations expect from Corelight in the coming months?
Corelight’s regional presence now includes a regional hub in Dubai servicing the GCC and the wider Middle East region. This includes sales, pre-sales, and customer success teams. Along with our local partners, our objective is to provide the same local support and expertise to customers in the Middle East that we give to our customers around the world.
We also aim to work closely with security professionals and customers to provide ongoing local training, support as well as thought leadership events to promote advanced techniques in dealing with incident response, threat hunting, and network evidence-based forensics using Corelight’s technology.