Artificial Intelligence & Machine Learning , Network Detection & Response , Next-Generation Technologies & Secure Development
Corelight Gets $150M to Expand Detection, Improve Workflows
Series E Funding Round to Cover Future Operations, Enhance Product InnovationA network detection and response startup led by a former Symantec and McAfee executive raised $150 million to enhance detection and improve data processing capabilities.
See Also: The SIEM Selection Roadmap: Five Features That Define Next-Gen Cybersecurity
The Series E funding will allow San Francisco-based Corelight to develop security workflows that support large language models while providing sufficient runway for the company to become cash flow positive, according to CEO Brian Dye. The cash infusion brings Corelight's post-money valuation to $900 million and comes amid 40% annual growth and 300% growth in the company's SaaS and cloud business.
"We want to make sure we've got the fuel we need to continue to drive growth all the way through full independence," Dye told Information Security Media Group. "This is going to cover any remaining burn in the company's future. In terms of the current business model, it gives us additional funding to be able to incrementally invest in growth opportunities and selective M&A as well."
Leaning Into Large Language Models
The Accel-led funding comes 31 months after the company completed a $75 million Series D round at a significantly lower valuation, according to Dye. The latest investment will allow Corelight to deepen its relationship with existing partners such as CrowdStrike, Google, Cisco, Amazon Web Services and Microsoft while extending its expertise from large enterprises and government entities to the enterprise sector.
Dye said the money will help improve data quality for security analysts, enhance detection capabilities, and drive security workflows through increased use of artificial intelligence and machine learning. Corelight positions itself as the cybersecurity equivalent of an NTSB flight data recorder, offering high-fidelity information to detect and address complex attacks, according to Dye.
Novel data is needed to enable novel detections, so Corelight wants to add new datasets and functionality to strengthen its security workflows, Dye said. Corelight specifically wants to enhance its detection capabilities in cloud and industrial control environments, and Dye said the company is tailoring solutions to address specific challenges in these sectors.
Corelight's open-source heritage allows for easy integration with a range of large language models and ensures compatibility across various technology partners and customer deployments, Dye said. The company wants to integrate security automation into LLMs such as OpenAI, Google, Anthropic and Security Copilot, providing efficient and flexible support to organizations at various stages of their AI journey (see: Harnessing the Power of Open Source to Protect Networks).
"The open-source heritage means we have a level of out-of-the-box support for all the big large language models," Dye said. "It's completely differentiated with any other kind of private company."
Expanding Into the Mid-Enterprise
Large enterprises and government agencies such as the departments of Defense and Homeland Security often use Corelight solely for data and detections, but midsized enterprises often want more innovative capabilities since their staff size and technical expertise is more finite, Dye said. Corelight wants to offer comprehensive data, advanced detections and effective workflows for its users, according to Dye.
"In the mid-enterprise, we sold the data detections but also a SaaS service called Investigator that gives them an out-of-the-box experience with workflows, security automation, alerts and aggregation," Dye said. "They can still export all of this data to the SIEM, but it gives them a much more out-of-the-box experience because they don't have the range of security engineering talent needed to build that right."
Corelight competes against ExtraHop and Vectra in the enterprise market, while Darktrace tends to be more prominent in the midmarket segment, according to Dye. He therefore doesn't anticipate much impact from private equity firm Thoma Bravo agreeing to pay $5.32 billion to acquire Darktrace (see: Thoma Bravo to Buy Cybersecurity AI Firm Darktrace for $5.3B).
From a metrics perspective, Dye wants Corelight to continue growing at a rate of at least 40% while maintaining high levels of customer satisfaction as measured through net dollar retention. Dye said Corelight's net dollar retention is around 130%, which indicates both strong customer loyalty and upsell potential.
Grounding threat detection and response in quality data is key since its helps organizations differentiate between perceived threats and actual ones, Dye said. Corelight can support the AI strategies of security operations teams, offer innovative network detection and response capabilities and enable flexibility in how different organizations approach spotting threats on their networks, according to Dye.
"Being a fuel for security AI is really, really key in a way that gives the customer architectural flexibility," he said.