Corelight: Things You Didn't Know Your NDR Could Do!

In this presentation, we will cover some of the features and functions of Corelight's NDR that are not only unique to Corelight as an NDR solution, but offer users the opportunity to consolidate multiple tools into a single solution whilst also saving costs on both capital and operational expenditures.

We will talk about how Corelight's YARA functionality allows customers to perform realtime signature analysis of files transmitted in the clear. Not only is the file captured, stored and analysed, but alerts can be configured to provide the insight and detail that you require as part of tour threat hunting and general security posture.

We will also talk about how SMART PCAP allows Corelight's customers to move away from unwieldy full PCAP solutions that require huge costly storage solutions, that still only contain days or maybe even just hours of data. Instead, customers are able to capture PCAPs directly related to the data that is important to them, with links to the captured file directly embedded in the associated alert. With one click linking, viewing these PCAPs is instantaneous, avoiding the hours of searching through file structures to find the data you need.

Finally, we will talk about how one of Corelight's customers refused a $10m ransomware demand by using Corelight to prove that the attackers had not accessed the data they claimed to have.