Case Study: Major Federal Security Company reduces response time by 75% with Corelight

Federal SOC reduces response time by 75% via automation and DNS visibility

Major Federal Security Company, a major federal security organization, was already automating many security workflows but still lost time on manual data pivots and incomplete DNS information during investigations. It needed better visibility into DNS traffic and a way to reduce the time analysts spent gathering evidence, so it turned to Corelight and its network visibility capabilities.

Corelight deployed a sensor in the east-west traffic path to capture rich DNS data and feed it into the company’s SIEM, enabling a SOAR playbook with pre-populated event records and real-time DNS context. With Corelight’s DNS visibility, analysts could make faster decisions and close incidents more quickly, cutting average response time by 75% and saving about 15 minutes per event.