We partner with Corelight, combining their gold standard Network Detection & Response technology with Cribl LogStream distilling data for cost effective NDR

Security threats are becoming
more organised and more serious

We have recently seen the Colonial Pipeline ransomware attack, numerous attacks against Microsoft Exchange Server and prior to these the infamous SolarWinds attack, purported to be a Russian state-sponsored assault on US government networks that also affected 425 US Fortune 400 companies as well as US accounting firms, universities and colleges world-wide.

Too many Security Operations Centres (SOCs) are set up to fail. The Ponemon Institute recently found only 50% of organisations think their SOC is effective and that’s because they are often not optimised in terms of the data they are collecting.

The pandemic has worsened the situation. Verizon states that phishing has risen 11%, ransomware 6% and 80% of breaches weren’t even detected internally, suggesting that the SOC isn’t delivering. 

Faster investigations,
more effective threat hunts
with the world’s best
network evidence

SOC Visibility Triad

Mid to large organisations either employ security analysts (costly and hard to find) or invest in SIEM, which is only as effective as the data it receives – namely log files. This approach leaves gaps in the security posture of an organisation, even with User Entity Behaviour Analytics (UEBA) in place the whole estate will not be covered in terms of security.

To better fill the gaps and optimise security posture, Gartner recommends adding Network Detection and Response and Endpoint Detection and Response technologies. Combined with SIEM this enables the completion of what Gartner has coined the SOC Visibility Triad.

  • PNetwork Detection and Response
  • PEndpoint Detection and Response
Graphic showing SOC Visibility Triad
  • NDR Solutions

EDR focuses on monitoring and preventing endpoint attacks and most organisations have an EDR solution in place.

NDR is vital as it creates full visibility across the network in real-time. Yet it remains largely unaddressed within businesses – typically due to the costs associated with analysing the enormous amount of data that NDR generates.

NDR data has to be sent to a SIEM but it makes no sense to pay twice for analysis (once in the NDR tool and again in the SIEM). To address this Corelight created Open NDR where NDR doesn’t need to do the analysis that the SIEM will do and where any SIEM technology can be used giving you the flex to change as your business evolves. Corelight is the gold standard NDR solution that we offer to our customers.

  • Data Distillation

We help you further filter data to ensure that only the data needed by YOUR specific SIEM gets through. We do this by combining our Cribl (Event Stream Processor technology) solution with Corelight to distill your data in line with your exact requirement, reducing the amount of data sent to the SIEM by 50-70%.

This way, achieving the SOC Visibility Triad becomes viable for your organisation and you also create cost effective NDR within your organisation.

Further Resources

Explore our Knowledge Centre to find out more about Network Detection & Response and Data Distillation solutions

Corelight CASE STUDY

Combining Corelight and Cribl LogStream for affordable NDR