Corelight announced the integration of
Zeek, a popular open source network security monitoring platform, as a component of Microsoft Windows and
Defender for Endpoint. The
integration
will help security teams respond to the most challenging attacks by
providing "richer signals for advanced threat hunting, complete and
accurate discovery of IoT devices, and more powerful detection and
response capabilities."
Originally created by Corelight co-founder and chief scientist Dr. Vern Paxson while at Lawrence Berkeley National Laboratory (Berkeley Lab),
Zeek transforms network traffic into compact and high-fidelity logs,
file content, and behavioral analytics to accelerate security
operations. Vital funding for Zeek came initially from the National Science Foundation and the US Department of Energy's Office of Science.
As adoption increased, Corelight was founded to provide a financial
model and corporate sponsor for the project. This week in Austin, Texas,
Corelight hosts the annual ZeekWeek user conference, where the community will gather and where Microsoft speakers will describe the new integration.
"Microsoft is strongly committed to supporting open source projects
and ecosystems," said Rob Lefferts, corporate vice president for
Microsoft. "We're proud to be working with Zeek and are thrilled to
bring this level of network intelligence and monitoring to our
customers."
"This is an amazing development for Zeek and its community of
contributors and users," said Paxson. "I never imagined that the tool I
developed for network monitoring would find broader application in
defending endpoints - but that's part of the creative magic of open
source development. We are grateful for Microsoft's contributions and
support, and we are excited that the project's impact, and that of the
community of contributors, will increase so dramatically."