Case Study: TietoEVRY achieves faster incident response with Corelight

TietoEVRY achieves faster incident response, better network analysis

TietoEVRY, a global digital services and software company, needed more actionable network data to support quick incident investigations across its large, distributed environment. After years of using open source Zeek, the SOC/CSIRT and network operations teams looked for a commercial option that could provide better visibility than next-generation firewalls and improve security monitoring and response. Corelight’s network telemetry fit that need.

TietoEVRY deployed Corelight AP 1001 and AP 3000 sensors across multiple datacenters and locations, using Zeek logs as the primary data source via Apache Kafka into Elastic Stack and other SIEM tools. With Corelight, the company reports faster incident response, better threat hunting, and improved network diagnostics, while handling roughly 30Gbps of traffic across its sensors.

TietoEVRY

Markus Fors

Lead Security Engineer