Impact Stories: From concept to company: How an idea incubated at ICSI became one of today’s leading network security monitoring platforms

Welcome back to ICSI Impact Stories! This is our second installment in the series - read the first story, 'ICSI in the Driver's Seat,' here.

Greg Bell and Vern PaxsonWith the rise of the Internet in the mid-1990s came the scourge of Internet attacks. At the time, Vern Paxson was pursuing a work-study Ph.D. at the Lawrence Berkeley National Laboratory (LBNL), with a focus on Internet measurement. The LBNL security staff would occasionally ask him whether his research data happened to have information about a particular attack. It often did, but extracting the activity was a cumbersome process that only provided insight after-the-fact. This led him to develop a system – now named Zeek – to more effectively answer such questions.

Zeek’s key advantage is its ability to handle vast streams of Internet traffic to provide both real-time intruder detection and a rich archive of logs for retrospective security analysis. Paxson pursued the concept for about two years at LBNL before transitioning the project to ICSI, where it became a major focus of ICSI’s newly-minted Center for Internet Research. The open-source system debuted in 1998 (in a paper subsequently recognized with the distinguished USENIX “Test of Time” Award) and gradually matured into a platform popular with universities, national laboratories, and supercomputer centers. Zeek development and maintenance continued at ICSI for more than two decades.

By the mid-2000s, the National Science Foundation (NSF) and the U.S. Department of Energy were investing in its development, and between 2010-2016 NSF granted nearly $7 million to facilitate the project’s transition from a specialized system for highly technical users to a tool that could be used much more broadly. That work set Zeek on its path to becoming a system heavily relied upon by customers across various sectors and industries, including companies such as Amazon and Microsoft.

To provide sustainability for the project, its developers founded Corelight, a startup spun out of ICSI that has attracted $160 million in venture funding to date and grown into one of today’s leading solutions for network security monitoring. The platform’s path from a technology born in a government lab to startup stardom exemplifies ICSI’s role as an incubator for transformative technologies and a bridge between government, academia, and industry.