CIO Influence
CIO Influence News IT services Machine Learning Natural Language SaaS

Corelight Simplifies Alert Triage with AI-Led Workflows to Help SOC Analysts Understand Threat Context in Seconds

Corelight Simplifies Alert Triage with AI-Led Workflows to Help SOC Analysts Understand Threat Context in Seconds

Corelight is the fastest growing provider of network detection and response (NDR) solutions. (PRNewsfoto/Corelight)

New Guided Triage in Corelight Investigator reduces time to triage by up to 50% by simplifying correlated data into plain language summaries

Corelight, the fastest growing provider of network detection and response (NDR) solutions, today unveiled Guided Triage – a new set of capabilities in its SaaS solution, Corelight Investigator. Guided Triage utilizes artificial intelligence (AI) to deliver fast, expert-level data insights in plain language, which expedites triage, reduces SIEM ingest requirements and associated costs, and bridges analyst skill gaps.

Also Read: Implementing a Digital Adoption Platform in Your Organization? This can help!

According to a 2023 report by Enterprise Strategy Group (ESG), 62% of Security Operations Center (SOC) teams are seeking cost-effective solutions due to the escalating expenses related to storing and managing large volumes of log data within SIEM systems. In addition, the increasing complexity and volume of cyber threats are pushing SOC teams to leverage AI to ensure that security analysts at all levels can better understand both the severity and priority of alerts using plain language for faster decision-making. Corelight applies industry-first large language models (LLMs) to summarize network activity and attack payloads, and innovative packet capture and single-screen triage technology to both reduce costs, and significantly accelerate incident response.

“The volume of data that SOC analysts have historically needed to wade through and manually correlate can make it difficult to quickly determine which alerts are the most important to remediate. In some cases, that data requires review by the most experienced analysts to determine the complete context of an attack and better inform incident response,” said Vijit Nair, vice president of product, Corelight. “By creating one interface with all the necessary context along with plain language summaries and easy access to raw data, we are aiming to reduce analyst fatigue, speed incident response, and empower all levels of the SOC team.”

Corelight Investigator with Guided Triage is the ideal tool for junior analysts looking to speed discovery and correlation activities with simplified AI-driven summaries. It enables them to rapidly enhance both their incident response skills and knowledge. Similarly, the new capability gives senior analysts the ability to easily assess pre-correlated context and quickly pivot into the raw data for deeper investigation through a single screen triage.

Also Read: The Identity Security Challenge

“Corelight’s Guided Triage is a fantastic force multiplier, surfacing correlated information quickly and concisely to help analysts make faster decisions with more confidence,” said Sheldon Carmichael, information security architect, Sally Beauty. “This is information that analysts would normally have to pivot to collect from different sources and manually correlate, which takes significant time and knowledge. The more information available with fewer pivots or clicks, the faster analysts of all skill levels can move to resolution.”

Guided Triage also delivers:

  • Full triage history – All alerts appear in the context of the original detection, building knowledge on that threat. Analysts can easily see the true positive (TP) and false positive (FP) history, their teammates who made any decisions, and their notes to help tune and automate their future decision-making.
  • Interactive visual timeline – A unique depiction of all detections on the source and destination machines involved that helps create a cohesive story, ensuring that the analyst doesn’t miss any related alerts in the sequence.
  • Easy access to raw network data – Suricata payloads and PCAP links are easily viewable and accessible through one-click access, eliminating the usage of Log Search and streamlining critical workflows.

Guided Triage’s availability comes on the heels of Corelight’s inclusion in Fortune’s prestigious annual Cyber 60 list and achieving $150 million in Series E funding in April 2024.

[To share your insights with us as part of editorial or sponsored content, please write to psen@itechseries.com]

Related posts

Reinvent Telecom Launches Next-Gen MyCloud UCaaS Solution

DevSecOps Leader AutoRABIT Secures Additional $14.5M In Funding Led By Full In Partners

CIO Influence News Desk

Keysight, NXP Collaborate to Advance Development of 5G Fixed Wireless Access (FWA) Solutions