Startup Corelight Inc. has secured $75 million in fresh funding to drive adoption of its cybersecurity products, which help enterprises detect threats using the open-source Zeek network monitoring engine.

Corelight announced the funding today, saying that the investment was led by Energy Impact Partners. The startup has raised a total of $160 million to date.

Zeek was originally developed in 1994 by Corelight co-founder Vern Paxson, a computer science professor at the University of California at Berkeley. The tool, which is available under an open-source license, can scan the data traffic zipping through a company’s network for signs of malicious activity. Zeek is one of the most popular tools in its category: there are more than 10,000 deployments of the software running at Fortune 500 companies, major research universities, government agencies and many other organizations.

San Francisco-based Corelight sells products that make it easier to use Zeek. The company has two main sets of products that it refers to as collections and sensors, respectively.

One of Zeek’s flagship features is that the tool is highly extensible: companies can customize what threats it looks for and how, as well as tune various other technical details to their requirements. Corelight’s collections are code packages that customize Zeek to make the tool more useful. They detect if a hacker is scanning a firm’s network for potential vulnerabilities, identify when malware attempts to send company data to external servers and spot other kinds of cybersecurity threats as well.

Corelight’s sensors, which form its other main product line, help with the task of collecting network traffic and sending it to Zeek for analysis. They come in both hardware and software varieties. The hardware sensors are appliances that can be set up in an on-premises data center and monitor up to 100 gigabits per second of network traffic, or more. Corelight’s software sensors, meanwhile, are programs that perform the same process of collecting network traffic, but are designed to run in public cloud environments or on a company’s own hardware.

Yet another area where Corelight promises to help is cost management. Scanning network traffic for threats can incur significant bandwidth and storage costs. Corelight has built a tool that it says can up to halve the expenses involved in processing network traffic by only ingesting logs containing useful network information and skipping the rest. Lowering the volume of data that needs to be processed reduces the amount of storage capacity and bandwidth required for the task. 

Commenting on Corelight’s funding round, Chief Executive Officer Brian Dye said that “this latest investment is a powerful affirmation not only of the network detection and response category, but also of our open-source heritage, data-centric approach and commitment to customer success.”

The popularity of Zeek in the enterprise potentially bodes well for Corelight’s revenue growth prospects. The large number of organizations that already use Zeek to detect network threats represent a large addressable market. 

It’s a market where Corelight may in some respects have an edge over competing cybersecurity providers. For a company that relies on Zeek as a core component of its cybersecurity operations, switching to an entirely new cybersecurity platform can potentially be a fairly complex undertaking from a software deployment and employee training standpoint. Corelight, in contrast, extends rather than replaces Zeek with its products.

Corelight is the latest in a series of startups commercializing open-source technologies that have raised funding or been acquired recently.

Image: Corelight