Corelight, a security startup that built network visibility software based on open-source Bro, launched today after closing a $9.2 million Series A funding round led by Accel Partners. Osage University Partners and Riverbed Technology Co-founder Steve McCanne also participated.
This brings the San Francisco-based startup’s total funding to under $9.5 million, CEO Greg Bell said.
Bro is an open-source network monitoring framework. The name refers to George Orwell’s “Big Brother.” Computer scientist Vern Paxson began developing it more than 20 years ago to help him study Internet traffic patterns for his dissertation.
“The data produced turned out to be very useful,” Bell said. “It was almost immediately deployed at Lawrence Berkeley National Laboratory for the purposes of cybersecurity, and then at other national laboratories, federal government agencies, and within the intelligence community. For the next 10 years that software was a best-kept secret.”
About five years ago, Bro became popular with large corporations because “enterprises needed more visibility about what was happening in their network and this software produces exceptionally good data,” Bell said. “Bro is like a summary, and the data is organized perfectly for forensic response and threat hunting. It’s very good, actionable data.”
Before joining the Corelight team, Bell spent more than 15 years at Lawrence Berkeley National Lab. “I was a network operator and Bro was my tool,” he said. Paxson, a professor of computer science at UC Berkeley, took leave from the university to join Corelight as its chief scientist.
The team’s flagship product, Corelight Sensor, is the enterprise version of open-source Bro. It is used to investigate and prevent all manner of security threats including ransomware, denial of service, unauthorized access, misconfiguration, malware infection, insider threat, port scanning, advanced persistent threat (APT), and phishing or other mail-based attacks or incidents.
The commercial version of the software makes it easier for enterprises to deploy and scale, compared to its open-source counterpart, Bell said.
It also includes integrations for Splunk, Amazon S3, and Kafka, as well as performance optimizations that produce up to four times higher data processing throughput compared to standard servers.
“We’re thinking about virtual sensors, as well,” Bell added. “Our initial customer base wanted high-speed sensors, but we’ve had many requests for virtual sensors in AWS and Azure. So that’s very top-of-mind for us.”
Corelight customers include six Fortune 100 companies, smaller corporations, a federal agency, and “one of the very largest private companies in the US,” Bell said.
In addition to competing with the open-source Bro software, Corelight’s network data and security use cases pit it against networking giant Cisco, said analyst Peter Christy.
“The good news is that they [Corelight] have a valuable product and are doing all the right things,” Christy said. “The only bad news: networking is a difficult business with established competitors like Cisco who aren’t motivated to give any revenue to anyone for any purpose. And it’s hard to make money on open source.”