Zeek / Bro is used by thousands of organizations around the world to extract meaningful data from network traffic in real time. Here are a few examples of real world implementations.
Education First is a global firm with 40,000 employees. After deploying Corelight Sensors, their security team saw incredible impact. Their average incident response time dropped from hours to minutes thanks to Corelight’s network logs that allowed them to make lightning-fast sense of their traffic.
The law firm wanted a threat hunting solution based on network traffic analysis to provide real-time, comprehensive insight into traffic spanning multiple data centers and satellite offices around the world that collectively saw throughput speeds of up to 6 Gbps.
A top research university's network footprint spans multiple campuses, with average utilization exceeding 35 Gbps. They wanted to build more custom detection scripts, but their netflow records and server and firewall logs did not offer rich enough data to accomplish this. Corelight's Zeek logs did.
A Security Engineer at one of the world's largest energy companies found Corelight through his prior experience running Bro (now Zeek), an open-source network security monitoring framework. The Security Engineer worked on an agile security engineering team within the organization's Security Operations Center (SOC) and managed network forensics across multiple regional offices.