Cisco-backed startup Corelight raises $150M to expand network security services

Cisco is part of a group that backed security startup Corelight with $150 million in Series E funding this week.

Corelight’s latest investment round is led by its first capital investor, Accel, with additional funding from Cisco Investments and CrowdStrike Falcon Fund. The new funding will enable Corelight to further develop its technology, which transforms network and cloud activity as well as packet capture into evidence that security teams use to proactively hunt for threats, accelerate response to incidents, gain network visibility, and create powerful analytics results, according to the startup.

Corelight is already used by cybersecurity services teams at CrowdStrike, Mandiant, and the Black Hat NOC at Black Hat events, the company says.

“From the very first conversation, it was apparent that both Corelight and Cisco Investments shared a staunch belief in how core networks could provide insights to disrupt future cybersecurity attacks,” wrote Prasad Parthasarathi, senior director with Cisco Investments, in a blog about the investment. 

“In this era of hyper-distributed devices, remote users, and ephemeral applications, if there is a fulcrum that CISOs can lean on – it would be the network. We are excited to invest in Corelight’s Series E and embark on a joint mission to supercharge network visibility and predictive security – leveraging the power of open-source and Gen AI,” Parthasarathi stated.

Corelight’s architecture is ingrained open-source technology, as one of its founders, Vern Paxson, a professor of computer science at the University of California, Berkeley, helped develop an open-source framework called Zeek.

“Today, Zeek is considered the gold standard for network security monitoring and network traffic analysis. It’s used by thousands of large organizations, from U.S. government agencies such as the U.S. Department of Energy to research universities like Indiana University, Ohio State, and Stanford,” Parthasarathi wrote.

Zeek is part of Corelight’s open network detection and response (NDR) platform, which is aimed at helping enterprises bolster cybersecurity attack detection coverage, speed incident response, and offer overall network visibility, Parthasarathi stated.  

The architecture also utilizes another open source package – Suricata – to further its network analysis and threat detection abilities.

The information gathered from systems such as Zeek, which for more than 25 years has been evolving and building its security data set, makes the large language models (LLM) that are behind Corelight’s AI technology invaluable.

Corelight’s LLM strategy is twofold, Parthasarathi stated. “On one hand, it provides out-of-the-box support for an abundance of practical LLM use cases that are natively available in products such as Investigator – a SaaS version of Corelight’s platform. These include using LLMs to translate alerts into English, give stock investigation guidance, and so on,” Parthasarathi wrote. “More importantly, the company is jointly supporting the development of multiple security-centric LLMs in an effort to drive compatibility across the ecosystem so that customers and partners have choice and flexibility in their still-evolving LLM strategies.”

There are three main opportunities for Corelight and Cisco in particular, according to Brian Dye, CEO of Corelight. “First is their shared focus around hybrid multi-cloud security; second is a big opportunity to extend and amplify Cisco’s portfolio of distributed security architectures; and third is the opportunity to use Corelight’s data as an accelerator for all security operations within Splunk,” Dye stated. 

Corelight already offers an app for Splunk, which Cisco recently acquired.  

Splunk’s technology includes wide-reaching software for searching, monitoring and analyzing system data. Network security teams can use this information to gain better visibility into and gather insights about network traffic, firewalls, intrusion detection systems (IDS), intrusion prevention systems (IPS), and security information and event management (SIEM) systems, from on-premises or its cloud-based package, according to Splunk.

Corelight will use this latest investment to expand its detection coverage; accelerate security workflows, both in its own technology and in customers’ SIEM platforms; and foster an LLM ecosystem that supports the direction customers choose, Dye stated in a blog about the new funding round.