Skip to content
    Back to Security Operations (SecOps)
    Security Operations (SecOps)StartupOpen NDR

    Corelight

    Open network detection and response built on Zeek and Suricata — delivers deep packet analysis and behavioral threat detection for enterprise and critical infrastructure SOCs

    Mkt Cap / ValPrivate $350M+
    RevenueEst. $60M ARR
    Growth+40% YoY
    Open NDR built on proven Zeek and Suricata foundation—delivers deep packet analysis and behavioral detection without vendor lock-in.
    Analyst take · Competitive edge

    SWOT Analysis

    Strengths
    • Open-source (Zeek/Suricata) foundation provides transparency, extensibility, and avoids vendor lock-in
    • Deep packet analysis and behavioral threat detection differentiate from siloed EDR/XDR tools
    • Strong growth (+a significant share YoY) and $60M ARR show solid market traction in NDR segment
    Opportunities
    • Expansion into behavioral threat hunting and AI-driven anomaly detection on network telemetry
    • Integration with SIEM/SOAR for correlated detection across network and endpoint
    • OT/ICS network monitoring for critical infrastructure security
    Weaknesses
    • Open-source positioning attracts security teams but complicates commercial support and monetization
    • Deep packet inspection requires network tap/mirror infrastructure, limiting deployment in some architectures
    • Smaller scale ($350M+ valuation) vs. well-funded XDR/EDR incumbents
    Threats
    • Cloud network environments (AWS, Azure, GCP) reduce traditional packet-capture feasibility
    • XDR and EDR incumbents adding behavioral network detection without separate deployment
    • Encrypted traffic expansion reduces signature-based and behavioral detection efficacy

    User Sentiment

    Synthesized from G2, Gartner Peer Insights, and analyst review data.

    What users love
    • Transparent, open-source detection signatures reduce black-box threat detection concerns
    • Deep packet analysis and behavioral analytics catch threats EDR and firewalls miss
    • Extensibility and integration with custom threat hunting and detection workflows
    Common complaints
    • Deployment complexity and infrastructure requirements (network taps, mirrors) limit adoption
    • Encrypted traffic (TLS, VPN) reduces effectiveness of signature and behavioral detection
    • Skill gap: deep packet analysis expertise rare in modern SOCs familiar only with endpoint/cloud tools

    Customer Profile

    Who buys this

    Typical segments

    Enterprise and critical infrastructure SOCs with mature network monitoring practicesOrganizations with strong network visibility and advanced threat hunting capabilities

    Typical buyer

    Network Security or Threat Detection Lead

    Top use cases
    1. 1Deep packet inspection and behavioral threat detection for internal/east-west traffic
    2. 2Network anomaly detection and lateral movement hunting across segmented networks
    3. 3Critical infrastructure and OT/ICS network monitoring for threat detection

    Future Focus Areas

    1

    AI-driven behavioral anomaly detection and threat modeling on network telemetry

    2

    Integration with cloud network monitoring and encrypted traffic analytics

    3

    Supply chain and third-party threat detection via network traffic correlation