Corelight Integrates SentinelOne Singularity Platform Data to Accelerate SOC Transformation

Rhea-AI Summary

Corelight, a leading provider of network detection and response (NDR) solutions, has announced a partnership with SentinelOne (NYSE: S), an AI-powered security company. This collaboration aims to enhance SOC transformation by integrating SentinelOne's endpoint and vulnerability management data into Corelight Sensor, providing real-time enrichment of Corelight logs.

The integration addresses the challenge of alert overload faced by security teams, as highlighted in the Mandiant Global Perspectives on Threat Intelligence report. By correlating data from Corelight and SentinelOne at the sensor level, the partnership aims to simplify alert triage, provide better context for threats, and ultimately reduce mean time to detect (MTTD) and mean time to recovery (MTTR).

This collaboration offers SOC analysts a comprehensive view of network activity across all connected devices, including those where EDR cannot be installed. The integration also enables more effective threat detection and prioritization based on current environmental risks.

Positive

• Partnership with SentinelOne to enhance SOC transformation
• Integration aims to reduce mean time to detect (MTTD) and mean time to recovery (MTTR)
• Provides comprehensive visibility across network and connected devices
• Enables more effective threat detection and prioritization

Negative

• None.

Insights

Cybersecurity Analyst

This partnership between Corelight and SentinelOne represents a significant advancement in SOC (Security Operations Center) capabilities. By integrating SentinelOne's endpoint and vulnerability data with Corelight's network detection and response (NDR) solutions, security teams can now correlate threats more effectively at the sensor level. This integration addresses a critical pain point in the industry - the overwhelming volume of alerts that often leads to missed threats.

The combined solution offers several key benefits:

• Reduced alert fatigue and improved triage efficiency
• Enhanced visibility across both network and endpoints
• Faster threat detection and response times
• Better prioritization of vulnerabilities and threats

For SentinelOne investors, this partnership could potentially expand the company's market reach and increase the value proposition of its Singularity Platform. It demonstrates SentinelOne's commitment to interoperability and its ability to integrate with other leading security solutions, which could positively impact adoption rates and customer retention.

Market Research Analyst

This partnership aligns with current market trends in cybersecurity, where there's a growing demand for integrated, AI-powered security solutions that can handle the increasing complexity and volume of threats. The collaboration between Corelight and SentinelOne addresses key pain points identified in the Mandiant report, where 84% of respondents expressed concern about missing threats due to alert overload.

For SentinelOne, this move could potentially:

• Strengthen its competitive position against other endpoint security providers
• Increase its appeal to enterprise customers seeking comprehensive security solutions
• Drive upsell opportunities within its existing customer base

While the financial impact isn't immediately quantifiable, strategic partnerships like this often lead to increased market share and revenue growth in the medium to long term. Investors should monitor for any uptick in SentinelOne's customer acquisition rates or expansion within existing accounts as indicators of this partnership's success.

Company leverages SentinelOne's rich endpoint and vulnerability management telemetry data within Corelight Sensor to find and disrupt attacks

SAN FRANCISCO, Oct. 15, 2024 /PRNewswire/ -- Corelight, the fastest growing provider of network detection and response (NDR) solutions, today announced a partnership with SentinelOne^™, (NYSE: S), a global leader in AI-powered security, to provide real-time enrichment of Corelight logs. Combining endpoint and vulnerability data at the point of observation in the network sensor will greatly reduce a security team's mean time to detect (MTTD) and mean time to recovery (MTTR). This native integration drives AI-powered SOC transformation and helps customers disrupt future attacks.

SOC teams can now control the increasing volume of alerts and confidently reduce dwell time for a more secure posture.

According to interviews conducted for the Mandiant Global Perspectives on Threat Intelligence report, 84% of respondents said that they are concerned they may be missing out on threats or incidents because of the number of alerts and data they are faced with. The need for analysts to manually integrate data sources and sort through alerts that may not be indicative of malicious activity leads to increased response time, analyst fatigue and staff turnover. By correlating data from Corelight and SentinelOne at the sensor level, Corelight can simplify and streamline alert triage and provide better context for threats that are traversing or hiding in the network.

"Security teams can become overwhelmed with information across the security stack and as a result can miss the most critical alerts to action immediately," said Todd Wingler, Corelight vice president global alliances and channels. "By combining the insights from both Corelight Open NDR and the SentinelOne Singularity Platform, we're empowering SOC teams to accelerate investigations, reduce false positives, and focus on the most critical indicators of compromise. This means they can finally gain control over the increasing volume of alerts and confidently reduce dwell time for a more secure posture."

By enriching Corelight logs with relevant endpoint data from SentinelOne Singularity^™ Endpoint, SOC analysts have a comprehensive and holistic view of network activity across all connected devices, including unsecured, unsupported, and previously unmanaged endpoints, where EDR cannot be installed. Moreover, by correlating Corelight alerts with endpoint vulnerabilities identified by SentinelOne Singularity Vulnerability Management, mutual customers can more effectively detect and prioritize threats based on current risks to the environment. Pre-correlating data directly in the sensor enhances alerts with additional context that can help accelerate investigations, streamline incident response and reduce the distraction of alerts that can be deprioritized.

"For effective enterprise security, comprehensive visibility across the network and each connected device is paramount," said Melissa K. Smith, vice president of Technology Partnerships & Strategic Initiatives, SentinelOne. "As the fastest growing endpoint company and a top choice of customers around the world, SentinelOne sets the standard for endpoint protection. By integrating our AI-powered Singularity Platform with Corelight's industry-leading network intelligence, SOC teams get deeper insights into existing and novel threats with broader detection coverage and faster investigations."

Learn More about how Corelight and SentinelOne together provide a comprehensive view of enterprise security.

Corelight provides security teams with network evidence so they can protect the world's most critical organizations and companies. Corelight's global customers include Fortune 500 companies, major government agencies, and large research universities. Based in San Francisco, Corelight is an open-core security company founded by the creators of Zeek, the widely-used network security technology. For more information, www.corelight.com.

View original content to download multimedia:https://www.prnewswire.com/news-releases/corelight-integrates-sentinelone-singularity-platform-data-to-accelerate-soc-transformation-302275724.html

SOURCE Corelight

FAQ

What is the purpose of Corelight's integration with SentinelOne's Singularity Platform?

The integration aims to accelerate SOC transformation by providing real-time enrichment of Corelight logs with SentinelOne's endpoint and vulnerability management data, helping to reduce mean time to detect and recover from threats.

How does the Corelight-SentinelOne integration address the issue of alert overload?

By correlating data from both platforms at the sensor level, the integration simplifies alert triage, provides better context for threats, and helps security teams focus on critical indicators of compromise, reducing alert fatigue and improving response times.

What advantages does the Corelight-SentinelOne integration offer for SOC analysts?

The integration provides SOC analysts with a comprehensive view of network activity across all connected devices, including those where EDR cannot be installed, and enables more effective threat detection and prioritization based on current environmental risks.

How does the integration between Corelight and SentinelOne (NYSE: S) improve enterprise security?

The integration combines Corelight's network intelligence with SentinelOne's AI-powered Singularity Platform, providing deeper insights into existing and novel threats, broader detection coverage, and faster investigations for improved enterprise security.