Corelight, provider of the industry’s leading open network detection and response (NDR) platform, today announced product compatibility with Microsoft Defender for IoT. Corelight is the first Microsoft NDR partner to take advantage of Defender for IoT’s cross-industry integration capabilities. Corelight customers can send data from deployed sensors to Microsoft 365 Defender, and in turn Defender for IoT to apply its behavioral analytics and machine learning techniques to discover and classify devices and to protect, detect, and respond to IoT attacks. This also enables Defender for IoT to apply its global IoT and OT threat intelligence.
“The number of unmanaged systems on the Internet is soaring, and this ever-expanding risk surface is already a target. Unfortunately, most defenders lack the information they need about IoT and OT systems in their environment,” said Greg Bell, co-founder and chief strategy officer for Corelight. “Our integration combines best-in-class network evidence from Corelight, with the advanced vulnerability management, threat intelligence and detection and response capabilities of Microsoft Defender for IoT. The result is more efficient incident response, and deeper insight into IoT footprint, behavior, and risk.”
Corelight’s open NDR solution provides full network coverage of on-premise, cloud, and hybrid environments to help security operations teams using Defender for IoT detect and respond to the most challenging attacks. As an open platform, Defender for IoT can use network signal from Corelight sensors for asset discovery, inventory, risk assessment, detection, and mitigation.
“Corelight is leveraging our open platform to share data to further enrich Microsoft Defender for IoT,” said Nir Giller, Microsoft Defender for IoT group manager. “Customers who have deployed Corelight can secure their entire IoT and OT environments with Microsoft 365 Defender and Defender for IoT within minutes while adding more detections based on encrypted traffic analysis and complementing Microsoft’s MITRE ATT&CK coverage.”
Additional benefits from Corelight’s solution include:
Network detection and response (NDR) coverage for every device on the network: Understand and manage risk across the entire IoT and OT landscape including high-value assets, managed and unmanaged endpoints, IoT devices, and cloud environments.
Single platform for NDR: Corelight provides everything security operations teams need for detection and response, built on open standards including Zeek® for telemetry, Suricata for alerts, and Smart PCAP for packets.
Faster answers for analysts and hunters: Rich, structured network data from 35+ protocols, 400+ data fields captured in real time provides additional context for alerts, accelerating incident response and dramatically expanding threat hunting capabilities.
Integration with existing SOC toolsets: Correlate rich network telemetry with threat intelligence feeds for sending to multiple destinations simultaneously, including Microsoft Sentinel, Splunk, and other analytic tools.
Deeper insights: Unique insights to hunt for attackers without compute-intensive practices that compromise privacy, find command-and-control (C2) activity with more than 50 unique insights that cover both known C2 toolkits and MITRE ATT&CK C2 techniques, and more.
Today’s news was announced on the opening day of Microsoft Ignite 2021 virtual conference.
Corelight integration will be available with public preview of Microsoft Defender for IoT scheduled for November 30. More information on today’s news can be found on the Corelight blog.