Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

In this episode, host Richard Bejtlich and guest Ricky Lin explore the practical—and often personal—side of network defense: monitoring the home network. Ricky shares how he uses Corelight and Zeek to track everything from his children's YouTube habits to the constant chatter of IoT devices like Tesla vehicles and smart appliances. They delve into the "tinted windows" analogy to explain why visibility into encrypted traffic is still possible through network metadata, even when the contents are hidden.

Network security depends on clear visibility across every digital asset. This detailed walkthrough covers Corelight's new Network Performance and Asset Classification logs. You will learn about these two logs, how to configure them, and how to use them during cyber investigations. Network Performance and Asset Visibility logs are available as part of the Sensor v29.1 general availability release to customers with Sensor and Investigator Bundle licenses.

Network security depends on clear visibility across every digital asset. In this brief demo, we will see how Corelight's new Network Performance and Asset Classification logs can be referenced when doing a threat hunt. You will learn about the logs and what information they contain. Network Performance and Asset Visibility logs are available as part of the Sensor v29.1 general availability release to customers with Sensor and Investigator Bundle licenses.

In this episode, host Richard Bejtlich sits down with Dave Getman to discuss the evolution of Corelight Investigator and the paradigm shift from delivering raw sensor data to providing agentic triage. They explore how AI can synthesize millions of log lines into concise, actionable determinations—categorizing activity as malicious or benign—while maintaining transparency by "bringing the receipts" of raw evidence. Dave explains why the security pendulum is swinging back toward network detection to counter sophisticated EDR evasion and shares a roadmap for the future of auto-containment.

Every security vendor says their data is better. Corelight decided to test that claim directly. Using real nation-state attack scenarios, including Salt Typhoon-related activity, the same AI model was evaluated against multiple security data sources to measure investigation accuracy, threat visibility, and incident response coverage. The only variable was the data.

Modern SOCs face a difficult reality: attackers are moving faster while analysts are being asked to investigate more alerts than ever. Learn how agentic triage helps security teams move from alert overload to evidence-backed investigations. Rather than relying on opaque AI outputs, the approach uses expert-written playbooks and exposes the underlying queries and evidence so analysts can verify conclusions against raw network data.

The emergence of advanced large language models like Anthropic's Mythos represents an epochal shift in cybersecurity, fundamentally altering how zero-day vulnerabilities are surfaced and remediated. In this episode, host Richard Bejtlich sits down with Corelight Co-founder Greg Bell to analyze the security implications of this AI-driven bug explosion, highlighting recent AI-assisted vulnerability discoveries across infrastructure mainstays like FreeBSD and Firefox.

Every security vendor says their data is better. Corelight decided to test that claim directly. Using real nation-state attack scenarios, including Salt Typhoon-related activity, the same AI model was evaluated against multiple security data sources to measure investigation accuracy, threat visibility, and incident response coverage. The only variable was the data.

A global cruise line operating across maritime and resort environments was struggling with inconsistent detections, alert overload, and limited visibility from its existing NDR platform. In this customer story, Jay Miller from Corelight walks through how the organization evaluated its network visibility strategy, identified long-standing gaps in detection coverage, and improved investigation workflows across a complex environment with intermittent connectivity at sea.

The emergence of quantum computing has introduced a definitive expiration date for classical encryption, fueling a "harvest now, decrypt later" strategy among sophisticated nation-state actors. In this episode, Vince Stoffer joins Richard Bejtlich to demystify Post-Quantum Cryptography (PQC) and explain why organizations must move beyond a "set it and forget it" mentality regarding their encryption standards.