Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

The threat is coming from inside the organization. It is coming from a laptop farm three states over, routed through a proxy, and operated by a threat actor sitting on the other side of the globe. We are witnessing a massive shift in how adversaries breach organizations. They no longer need to spend weeks probing your external firewalls or crafting the perfect zero-day exploit. Instead, they simply update their resumes, pass your interview process, and your IT department ships them a corporate device.

Long gone are the days where usernames were all you needed to secure a network. The same is true for your Security Operations Center (SOC) analysts trying to investigate a threat. "Who is jdoe05 and why are they logging into this server?" is a critical question to answer during an investigation, one that neither NDR (Network Detection and Response) nor EDR (Endpoint Detection and Response) can answer directly. Enter the Identity Provider (IdP).

For years, SOC analysts have lived in a world of swivel-chair analysis. When an alert fires in an endpoint tool, the next step is almost always a manual pivot to a network console to see if the network reality matches the host behavior. This manual back-and-forth isn't just tiring; it’s a window of opportunity for attackers. Corelight is excited to highlight a new integration with CrowdStrike Charlotte AI.

Corelight, a leader in fueling the AI SOC, today announced that it is providing industry-leading data to power AI investigations of emerging threats through an integration of Corelight Open NDR into Cloud Control Studio. Cloud Control Studio is the design space within Cisco Cloud Control, Cisco’s unified platform for agentic IT operations, where customers can build AI agents and connect them to non-Cisco tools.

Defenders have long known that richer evidence improves security outcomes by enabling faster triage, deeper analysis, and more complete investigation. Although Corelight was founded on this premise, it’s been hard for us to quantify the impact of better network data - until now. Recently, we built an agentic test harness to measure the success of frontier LLMs in responding to real-world attack scenarios, using a range of source data.

You already know the immense value of open-source Zeek. It provides the absolute gold standard of network evidence, giving you the deep visibility required to defend your organization. You have the right strategic foundation, but the operational workload of managing a do-it-yourself (DIY) deployment at scale is likely draining your energy.

Network Detection and Response (NDR) is a glorious tool for spotting the stuff that slips past the velvet ropes. The weird lateral movement. The "why is Finance talking to a printer in Moldova" moment. The internal reconnaissance that looks harmless until it's suddenly not. What can't NDR do? Trick question. It can't walk the dog, run a marathon, or explain to leadership why "just block Russia" isn't a complete strategy. NDR is your truth serum.

The halls of RSAC 2026 were buzzing with a singular question: "How do we defend an ecosystem that is moving faster than we can think?" During a featured session last week, Brian Dye (CEO, Corelight) talked with Deneen DeFiore (CISO, United Airlines) about the realities of protecting one of the world's most complex digital environments.

The Department of Energy’s Office of Cybersecurity, Energy Security, and Emergency Response (CESER) has released its first five-year strategic plan, following the broader national cybersecurity strategy. It’s coming at a time when the energy cybersecurity landscape is changing quickly, in some cases faster than operators can realistically keep up.

Anthropic's Claude Mythos has demonstrated that AI can be leveraged to identify vulnerabilities and develop exploits faster than ever. Here is what that means for how you defend.