Corelight announced that data from Microsoft Defender for Endpoint and Microsoft Defender Vulnerability Management will now feed directly into Corelight's sensors. With these new insights, organizations are able to cut mean time to detection and increase security operation center (SOC) efficiency with powerful risk-based alert prioritization across on-premises and multi-cloud environments, enabling faster, more accurate investigations. Security teams often struggle to maintain a strong, secure posture because they don't have the right information to triage the unrelenting stream of alerts quickly and effectively from an increasingly complex network environment. The SANS Institute found that most SOC teams rely on alerts from their endpoint security to trigger incident response.
The integration of data from Microsoft Defender for Endpoint and Microsoft Defender Vulnerability Management enriches Corelight logs with relevant, real-time data that allows SOC teams to streamline incident response and boost analyst productivity by focusing on their organizations' most critical vulnerabilities and risks. A unified view of this data allows SOC teams to conduct: Enhanced Detections: Corelight's network telemetry with Microsoft Defender endpoint and vulnerability data provides users with prioritized alerts based on environmental risks at the point of observation on the network. Streamlined response and asset inventory: By enriching Corelight logs with unique device IDs from Microsoft Defender for Endpoint, SOC teams can pivot seamlessly between NDR and EDR telemetry to accelerate investigations and streamline incident response.
Expanded visibility: Leveraging Corelight's expansive network telemetry, users can now gain enhanced visibility into all devices, including unmanaged and unknown endpoints.