Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

We are proud to announce that Corelight has been recognized as a Leader in The Forrester Wave: Network Analysis And Visibility (NAV) Solutions, Q4 2025. We believe this recognition reflects our focused innovation and the expanding capabilities of our Open NDR platform.

Today, we are pleased to announce the launch of Corelight’s new AWS Flow Monitoring Sensor, a new addition to Corelight’s flow monitoring capabilities. This new sensor was purpose-built to address the longstanding visibility challenges that have frustrated security teams running their most critical workloads in AWS. AWS provides one of the world’s most popular cloud platforms, hosting applications and sensitive data for some of the largest organizations.

This is a fascinating moment. Whether you think Generative AI is over-hyped or not, our technology landscape has been shocked by capabilities we couldn’t imagine a few years ago. And I do mean shocked. What’s underway is too rapid and uncanny to describe in terms of evolution. We are living through something different.

I’ve been to several Black Hat conferences (seven in the last two and a half years, alone) to be a threat hunter in the Network Operations Center (NOC), so I didn’t expect to be surprised by much at this year’s Black Hat USA.

Ben Reardon, Lead Researcher Corelight Labs / NOC crew I'm a researcher on the Labs team at Corelight and, for me, working in the Black Hat Network Operations Center (NOC) at the USA show in Las Vegas is up there as one of the most interesting and intense activities on the calendar.

How AI can transform even Microsoft's own documentation to meet its style standards.

Corelight has been an innovator and leader in AI and Large Language Model (LLM) adoption for almost 2 years. We introduced our first use of LLMs in our Open NDR platform Investigator in November of 2023. Since then, we have continued to push the boundaries of the possible by working with AI model builders on cybersecurity-specific training and expanding LLM use within Investigator to include data analysis and summaries.

Corelight’s GenAI Accelerator Pack features the industry's first Model Context Protocol (MCP) server, specifically designed to facilitate easier access to detailed network data and alerts for cybersecurity AI agents and enhance the analysis of network security information. The announcement comes at a pivotal moment for cybersecurity.

In today's complex network environments, ensuring complete visibility while optimizing resource utilization is paramount. Duplicate network traffic can overwhelm your monitoring infrastructure, create redundant alerts for SecOps, consume valuable storage, and obscure critical insights, making it harder for Network Detection and Response (NDR) solutions to spot genuine threats or anomalies. Network Packet Brokers often offer deduplication as a feature but it can add complexity and cost.

The Gordian knot of any detection strategy is knowing that two conflicting ideas are both true. On one hand, every SOC needs as much accurate detection coverage as they can get to find and disrupt attacks. On the other, the attackers you REALLY care about will find a way to bypass those detections so you need the ground truth of the attacker behavior on your network. The only answer is to have both: the absolute best data and the broadest detection suite possible on top of it.