Corelight Unveils Corelight Labs, a Hub for Research and Innovation

Company expands its research expertise with addition of AI and security operations experts from its PatternEx acquisition to the Labs team.

October 13, 2021

3 Min Read


Corelight, provider of the industry's leading open network detection and response (NDR) platform, has launched Corelight Labs, a research team within the company dedicated to providing cutting-edge content that enables complete, detailed monitoring of enterprise network activity for threat hunting, analysis, and response. Under the leadership of Dr. Vern Paxson, co-founder and chief scientist at Corelight, the team is comprised of security researchers with decades of collective experience in academia and security research roles at some of the world's leading consumer brands, enterprises, government agencies and universities.

Joining the Corelight Labs team of security researchers is a group of seasoned data scientists, artificial intelligence and security operations experts from PatternEx, a key vendor in the AI-for-security-operations space, following Corelight's acquisition of the company last year.

"It has been a privilege to attract some of the brightest minds in network security and data science to Corelight and to bring them together as our core research team," said Paxson. "The experience and excellence they bring to the problems we tackle makes it exhilarating to lead them. This shows in the sophistication of the content collections the team produces, as well as in their ability to quickly respond to recent security exploits, such as the PetitPotam and OMIGOD incidents."

Corelight Labs research fuels innovation for new insights and capabilities that help to power the Corelight Sensor portfolio. "The expertise this team brings to the table has led to collections of data insights that empower Corelight's customers to effectively counter the latest threats," added Paxson.

Corelight Labs contributions to the Corelight Sensor portfolio include:

Corelight C2 Collection: helps customers find command-and-control activity with over 50 unique insights and detections. This collection covers both known C2 toolkits and MITRE ATT&CK C2 techniques to find new attacks.

Corelight Encrypted Traffic Collection: offers dozens of novel insights into SSL, SSH, and RDP connections, along with encrypted insights from the Zeek® community like JA3 — all without decryption.

Corelight Core Collection: combines proprietary Corelight packages that help sensors scale in high-throughput environments, along with curated insights developed by the Zeek community.

The Corelight Labs launch coincides with the first day of ZeekWeek 2021 (formerly BroCon), a central community event for users, developers, incident responders, threat hunters and architects who rely on open source Zeek as a critical element in their security stack. This year's annual event is taking place virtually from Oct. 13-15, 2021, and is free to attend (registration is required). Corelight Labs team members are scheduled to speak at the show.

Please visit Corelight Labs home page for more information on the team's research, projects, mission and members.

About Corelight

Corelight provides security teams with network evidence so they can protect the world's most critical organizations and companies. Corelight's global customers include Fortune 500 companies, major government agencies, and large research universities. Based in San Francisco, Corelight is an open-core security company founded by the creators of Zeek, the widely-used network security technology. For more information,

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights