Corelight expands AI usage across its portfolio to boost SOC efficacy

Corelight announced a broad expansion in the integration of AI technologies across its portfolio.

AI is now used to detect a wider range of sophisticated attacks, to enrich security data with contextual insight, and to provide SOC analysts with new capabilities for understanding and reacting to security alerts.

Corelight now offers a full range of advanced machine learning (ML) models across all form factors, from SaaS, to the network edge, to the datacenter. In addition to Corelight’s existing coverage across a wide range of TTPs, organizations can now leverage both supervised and deep learning techniques for identifying and responding to malicious URLs and domains, as well as targeted phishing attacks.

These models play a critical role in detection and analytics within Corelight’s Open NDR platform. The platform also allows SOC analysts to view and understand ML determinations, providing critical explainability and visibility.

The Corelight platform features a broad array of detection techniques, in addition to machine learning – including threat intelligence, deep stateful analysis and both signature and behavioral techniques, so that customers can leverage the most effective approach to each detection problem. This comprehensive detection strategy allows customers to leverage multiple techniques for each detection task, providing true defense-in-depth.

“Phishing remains a key pain point for many enterprises that fall victim to advanced attacks, and defenders struggle to find it as it’s happening. Our new ML models enable customers to identify malicious domains impersonating legitimate and commonly used sites through a variety of new techniques, providing increased visibility into these dangerous attacks,” said Dr. Vern Paxson, Corelight Chief Scientist.

“AI won’t replace you, but an attacker using AI will surely try to defeat you – so defenders need every technique at their disposal,” said Brian Dye, Corelight CEO. “Our newest ML analytics continue to expand the breadth of detection coverage at high accuracy, and our AI integration accelerates investigation and response – providing end to end assistance for security analysts. This is made possible because of the quality of evidence born from the Zeek project, which powers the most advanced network defenders globally.”

Corelight also announced today anntegration for large language models (LLM) with OpenAI’s GPT-4 that enables NDR customers to leverage the power of AI-driven language processing to boost SOC efficacy, while mitigating risks inherent in adopting these technologies.

Available on Corelight’s SaaS platform (Investigator), GPT language processing is now integrated directly into the SOC analyst’s workflow, leveraging powerful capabilities to provide new context surrounding alerts, potential mitigation, and increased explainability that enables users to immediately understand otherwise complex detection patterns and pursue feasible actions.

“By leveraging GPT directly in our analyst experience, we are able to empower all users regardless of their sophistication to immediately recognize and understand complex attack patterns and potential remediations,” said Clint Sand, SVP of Product at Corelight. “As with many systems, the output is only as good as what you put in it, so there is plenty of opportunity for innovation. Our customers are telling us that our approach to GPT integration is solving a real problem, and this is only the beginning of what’s possible.”

Additional machine learning is available in Corelight’s SaaS platform, Investigator, now and will be available on Corelight Sensors in May. GPT integration into Investigator will be released in July.

Corelight will demonstrate GPT integration at RSA Conference 2023.