Over the last few years, the evolution of cybersecurity strategies has seen a significant shift toward a more layered, nuanced, and, in many cases, advanced approach. Among these advancements, Network Detection and Response (NDR) has emerged as a critical component that continues to become more widely recognized and accepted across the industry for its efficacy in bolstering cybersecurity defenses.
In this blog, I’ll share a few NetOps observations of the Black Hat network that I made during my time serving in the Black Hat Network Operations Center (NOC). My hope in doing so is to spark some ideas on how you can use an existing tool like Zeek for a new purpose. These insights were particularly revealing, despite not being linked to any security incidents.
At Corelight, we’re always striving to make the life of threat hunters and security analysts a little easier. It’s the reason we developed our Open NDR Platform that provides comprehensive, correlated network data and forensic evidence about everything happening on the network. If you’re familiar with Corelight, you probably already know that.