Zeek has raised $13.0M in total across 2 funding rounds.
Zeek's investors include All Iron Ventures, Ataria Ventures, B Capital Group, Blockchange Ventures, Engie, FJ Labs, Forerunner Ventures, Giza Polish Ventures.
Zeek is the world's leading open-source network security monitoring (NSM) platform, transforming network traffic into compact, high-fidelity transaction logs, file content, and customizable behavioral analytics for security analysis.[1][2][4][5] It serves security teams, enterprises, government agencies, research institutions, and cloud environments by solving the problem of gaining deep visibility into network activity without active blocking—enabling threat hunting, performance monitoring, audits, and capacity planning across small offices to global networks.[1][2][4] With over 10,000 deployments, 7,300+ GitHub stars, and 270+ community packages, Zeek demonstrates strong growth, bolstered by its 2022 integration into Microsoft Windows and Defender for Endpoint, enhancing threat detection and IoT discovery.[1][4]
Originally developed as "Bro" in the 1990s, Zeek (renamed in 2018) is now custodied by Corelight, a San Francisco-based open-core security company founded by its creators, which provides funding, code contributions, and advocacy while the project remains BSD-licensed and community-driven.[1][2][4]
Zeek's development began in 1995 at Lawrence Berkeley National Laboratory (LBNL) under Vern Paxson, a chief scientist who created it (originally named "Bro") to analyze network traffic on university and national lab networks, inspired by a pseudo-user "zeek" for sensors.[1][4][5] Funded initially by the National Science Foundation and U.S. Department of Energy’s Office of Science, it evolved over 20+ years of federally backed R&D into a flexible NSM tool, renamed Zeek in 2018 to reflect its expanded role.[1][4][5]
Paxson co-founded Corelight with other Zeek creators, which took custodianship from the International Computer Science Institute (ICSI) in Berkeley—a nonprofit that nurtured its early growth.[1][2] Pivotal moments include its global adoption, vibrant open-source community, and the 2022 Microsoft integration, cementing its status after decades as a defender-powered staple.[1][4]
(Note: Unrelated entities like Zeektek, an IT staffing firm founded in 2016, share the name but are distinct.[3][6][7])
Zeek rides the wave of rising cyber threats, zero-trust architectures, and cloud-native security, where traditional tools fall short on visibility into encrypted or IoT traffic—its timing aligns with surging demand for open-source NSM amid SIEM evolution and advanced persistent threats.[1][2][4] Market forces like regulatory compliance (e.g., audits), hybrid cloud proliferation, and talent shortages favor its passive, analyst-empowering model, which integrates seamlessly with tools like Microsoft Defender.[1][5]
It influences the ecosystem by powering 10,000+ deployments, fostering a defender community, and inspiring commercial extensions like Corelight's NDR, democratizing high-end network forensics while advancing federally rooted R&D into enterprise-grade defense.[1][4]
Zeek's trajectory points to deeper AI/ML integrations for automated threat analytics, expanded cloud/IoT support, and broader ecosystem partnerships (e.g., more SIEM/EDR tie-ins), fueled by Corelight's backing and community momentum.[1][2] Trends like ransomware proliferation and edge computing will amplify its role in proactive hunting, potentially evolving its influence toward hybrid open-core dominance in NDR. As network complexity grows, Zeek remains the trusted foundation for visibility, turning traffic chaos into actionable security intelligence.
Zeek has raised $13.0M across 2 funding rounds. Most recently, it raised $10.0M Series B in July 2016.
| Date | Round | Lead Investors | Other Investors |
|---|---|---|---|
| Jul 1, 2016 | $10.0M Series B | All Iron Ventures, Ataria Ventures, B Capital Group, Blockchange Ventures, Engie, FJ Labs, Forerunner Ventures, Giza Polish Ventures | |
| May 1, 2015 | $3.0M Series A | Engie |
