Corelight closes $9.2M Series A to help enterprises battle ransomware

It’s already been a year of multiple high profile ransomware attacks and now cybersecurity startup Corelight has bagged a $9.2 million Series A round, led by Accel Partners. Osage University Partners and Riverbed Technology Co-founder Dr Steve McCanne also participated in the round.

Preventing ransomware is among the listed use-cases for the startup’s first product, the Corelight Sensor, which it describes as a “flight data recorder” for its target enterprise customers’ networks — allowing them to “quickly” and “easily” go back in time to try to understand sophisticated cyber attacks.

As well as investigating and preventing ransomware, the product aims to address other security threats — including denial of service, unauthorized access, misconfiguration, abuse, exfiltration of data, malware infection, insider threat, port scanning, advanced persistent threat, plus phishing and other mail-based attacks or incidents.

Corelight’s investment comes against a backdrop of existing enterprise market traction for its network visibility products — which are themselves built atop a widely used open source framework (called Bro) which co-founder Dr Vern Paxson began developing all the way back in 1995 when he was working at the Lawrence Berkeley National Laboratory. Users of the Bro framework are slated to include Amazon and Deloitte.

The team’s route for commercializing their open source framework is via Corelight’s turn-key solutions for enterprise network visibility which they say reduce deployment time and complexity.

The Corelight Sensor also offers paying customers a “comprehensive” API; enterprise integrations for Splunk, Amazon S3 and Kafka; performance optimizations yielding “3-4x higher data processing throughput compared to standard servers”; a “high performance” FPGA-based network interface card; optimized file extraction and log filtering.

Commenting on the Series A in a statement, Accel’s Eric Wolford, said: “We often invest in very widely-used open source projects. But it’s uncommon for them to have much enterprise market traction. And what’s highly unusual for a Series A company like Corelight is to have a shipping product built on battle-hardened open source software and dozens of paying customers including six of the Fortune 100, plus one of the largest private companies in the US. I’ve never seen that before.”

Corelight said the Series A funding will be used to accelerate its growth plans to meet market demand for its products through investments in sales, marketing and engineering.

“We’re busy working on a series of new features customers are asking for so they can focus effort away from sensor management and towards higher-value activities like data analysis, threat hunting and incident response,” noted Greg Bell, CEO of Corelight, in a statement.

“We help our customers solve cybersecurity problems faster than they can today, often decreasing the time to resolve incidents from hours and days down to minutes. This new investment will accelerate our progress.”

Prior to taking in VC funding, the San Francisco-based company has been supported by an SBIR grant, while the Bro project was initially funded by the National Science Foundation at the International Computer Science Institute.