Corelight, a San Francisco-based startup developing a network traffic analysis platform for cybersecurity, today announced that it has raised $50 million in a series C funding round led by Insight Partners and Accel. The fresh capital brings its total raised to $84 million, following a $25 million series B in September 2018 and a $9.2 million series A in July 2017. CEO Greg Bell said the fresh funds will accelerate Corelight’s investments in product development, research, sales, and marketing.
“What makes our data-first security approach so powerful is the global community behind it,” added Bell. “That community generously contributes new detections, parsers, and other capabilities for the benefit of all defenders. In addition to helping Corelight accelerate commercial progress, the new investment will enable us to engage and serve our community at a higher level. Belief in this joint vision is a key driver for the partnership with Insight and Accel, two renowned and experienced firms.”
Corelight got its start in 2013, when Dr. Vern Paxson — a professor of computer science at the University of California, Berkeley — teamed up with Robin Sommer and Seth Hall to build a network visibility solution atop an open source framework called Zeek (formerly Bro). Paxson began developing Zeek in 1995 while working at Lawrence Berkeley National Laboratory, and the open source project went on to reach thousands of organizations, including labs in the U.S. Department of Energy; various agencies in the U.S. government; and research universities like Indiana University, Ohio State, and Stanford.
Corelight offers a suite of enterprise-managed features supporting Zeek, including out-of-the-box integrations, distributed management, and data tuning capabilities that transform undifferentiated network traffic into rich logs, extracted files, and security insights. Specifically, it offers traffic logging for more than 35 network protocols (like IRC, SMTP, SSH, SIP, SOCKS, FTP, and MySQL) and support for the core collection of Zeek packages, in addition to custom packages for customers who opt to use them.
Logs from Corelight’s sensors — which are available in physical, virtual, and cloud-based form factors — can be seamlessly exported to data tools like Splunk, Elastic, QRadar, and Spark in minutes. This reduces downstream security information and event management costs by around 30% compared to a typical open source deployment, according to Bell.
Spurred on by the threat of hacks and data breaches, the global cybersecurity market is expected to grow from $152 billion in 2018 to $250 billion by 2023. Corelight has plenty in the way of competition but says it has managed to acquire over 70 customers to date, including Fortune 500 brands, “major” government agencies, and large universities.
“Corelight recognizes that network data provides ground truth evidence that security teams need to root out malicious activity inside their organizations,” said Insight Partners cofounder and managing director Jeff Horing. “It is this unique data-centric approach that sets Corelight apart from other vendors in the security market space. As a result, we believe that Corelight has substantial opportunities to expand their portfolio and provide customers a fundamentally better foundation for their security programs. We look forward to partnering with the team as they build out that vision.”
Among Corelight’s existing and previous investors are General Catalyst, Osage University Partners, and Riverbed Technology cofounder Dr. Steve McCanne.