Case Study: Global Law Company achieves scalable threat hunting with Corelight

Global law firm unlocks new threat hunting capabilities with a Corelight sensor and Zeek Logs

Global Law Company, a major international law firm with hundreds of employees and dozens of satellite offices, needed better network visibility to support threat hunting across multiple data centers and offices. Their existing security stack, including firewalls, IDS, endpoint AV, and log management, lacked the east-west visibility required to track lateral movement effectively. They were looking for a scalable network traffic analysis solution based on Zeek, and found Corelight while researching commercial options.

Corelight provided an AP 1000 Sensor and Zeek Logs, giving the firm real-time, structured network evidence that could scale to 6 Gbps and be exported to tools like RITA. The team used the logs to hunt for beacons, analyze DNS lookups and certificates, and generate daily reports that improved investigation speed and depth. With Corelight, they reduced time spent maintaining open-source Zeek infrastructure and gained more bandwidth for proactive threat hunting, enabling a more scalable defense against advanced attacks.