Review: Corelight adds security clues to network packet analysis

In the tradition of other great network analysis tools like Bro and Sourcefire, Corelight gives security pros deep insight into data traffic on the systems they defend.

network security digital internet firewall binary code

I’ve long been a huge fan of network packet analysis. Like math in the real world, I believe network packets are the only truth to what is going on with your network. Sniff your network and you’ll find out the problem, or at least be pointed in the right direction to the culprit. Back in the Novell network days, I was a fan of an early (and now deceased) network packet sniffer called LANAnalyzer. Then I got turned on to Ethereal, which became Wireshark.

Those were great tools for pure network packet sniffing, but they were not the perfect, optimized tools for more efficiently detecting security issues. Then I was lucky enough to be in one of the first Snort SANS classes taught by its creator Martin Roesch. I’ve still got plastic little Snort pigs all around my house and office.

Snort was great, like an antivirus network sniffer on steroids, but it quickly became overwhelming if you deployed too many Snort sensors in a big environment. Many enterprise Snort users felt rescued when Marty turned it up to 11 by developing a commercial version called Sourcefire, which improved speed, manageability and capabilities.

For more than a decade, there wasn’t a company I worked at that didn’t address every new location connection by placing another Sourcefire appliance on the network egress/ingress point. Most enterprise network security managers didn’t consider a network secure unless they had a Sourcefire box involved. Sourcefire was eventually bought by Cisco.

The geekiest of the network packet security geeks fell in love with open source Bro, which was created and released over 23 years ago by Vern Paxson, now a Fellow for the Association of Computing Machinery (ACM), which means he’s an early founder of important technologies and a big deal.

To continue reading this article register now

The 10 most powerful cybersecurity companies