Virtualization Technology News and Information
Article
Search:
RSS
Follow VMblog.com:
Improve end user experience in VDI, DaaS and physical endpoint environments
Corelight Enhances Network Visibility and Detection Coverage with Insights from Microsoft Defender

Corelight announced that data from Microsoft Defender for Endpoint and Microsoft Defender Vulnerability Management will now feed directly into Corelight's sensors. With these new insights, organizations are able to cut mean time to detection and increase security operation center (SOC) efficiency with powerful risk-based alert prioritization across on-premises and multi-cloud environments, enabling faster, more accurate investigations. 

Security teams often struggle to maintain a strong, secure posture because they don't have the right information to triage the unrelenting stream of alerts quickly and effectively from an increasingly complex network environment. The SANS Institute found that most SOC teams rely on alerts from their endpoint security to trigger incident response. The integration of data from Microsoft Defender for Endpoint and Microsoft Defender Vulnerability Management enriches Corelight logs with relevant, real-time data that allows SOC teams to streamline incident response and boost analyst productivity by focusing on their organizations' most critical vulnerabilities and risks.

"By integrating with Defender for Endpoint and Defender Vulnerability Management, we are helping combat analyst fatigue from inefficiencies in the SOC and helping teams defend against adversaries adept at avoiding endpoint detection and response (EDR) solutions. With Corelight's advanced network telemetry, security teams can now easily identify unknown systems across the environment that can then be inventoried and managed by Microsoft Defender," said Todd Wingler, Corelight vice president, global alliances and channels. "Corelight is now the only NDR vendor to provide real-time enrichment of its network telemetry with endpoint and vulnerability data from the top three EDR vendors at the point of network observation, enabling our customers to conduct more streamlined investigations resulting in quicker remediation."

A unified view of this data allows SOC teams to conduct:

  • Enhanced Detections: Corelight's network telemetry with Microsoft Defender endpoint and vulnerability data provides users with prioritized alerts based on environmental risks at the point of observation on the network.
  • Streamlined response and asset inventory: By enriching Corelight logs with unique device IDs from Microsoft Defender for Endpoint, SOC teams can pivot seamlessly between NDR and EDR telemetry to accelerate investigations and streamline incident response.
  • Expanded visibility: Leveraging Corelight's expansive network telemetry, users can now gain enhanced visibility into all devices, including unmanaged and unknown endpoints.

"By integrating EDR and vulnerability management data from Microsoft Defender into Corelight's network sensors, analysts are empowered to streamline their investigations with enriched endpoint insights to create a more secure network," said Alon Rosental, general manager, Defender for Endpoint at Microsoft Corp.

Learn more about how Corelight and Microsoft Defender for Endpoint and Defender Vulnerability Management provide enhanced visibility across all environments here.

Published Tuesday, January 14, 2025 8:37 AM by David Marshall
Filed under:
Get This Featured White Paper: Shaping the Future of Remote Access With Apache Guacamole Technology
You may also be interested in this white paper: A Guide to Migrating from Citrix to Azure Virtual Desktop with Nerdio
Comments
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
GenAI
DTW-NA
innovatrix
capacity-europe
CGDC
vExpert
Calendar
<January 2025>
SuMoTuWeThFrSa
2930311234
567891011
12131415161718
19202122232425
2627282930311
2345678
OSZAR »