|
By Corelight
The cybersecurity landscape is evolving, and Network Detection and Response (NDR) solutions are becoming indispensable for consistent visibility across an increasing attack surface.
|
By Allen Marin
In the constantly evolving world of cybersecurity, staying ahead of emerging threats requires continuous vigilance and adaptation. Fortunately for those of us in the industry, we’ve been able to count on highly respected digital forensics and incident response specialists like Mandiant to publish annual research on the latest security trends seen first-hand by their global teams.
|
By Mark Overholser
The Black Hat network is unlike an enterprise network. The network operations center (NOC), which Corelight helps to operate, sees traffic that would never be permissible on most enterprise networks. Still, in many ways the Black Hat network is a microcosm of many real-world environments, with similar challenges that require similar solutions.
|
By Keith J. Jones
Welcome to the latest from Corelight Labs! This blog continues our tradition of picking a popular malware family from Any.Run and writing a detector for it! Trending consistently at #1 on Any.Run’s malware trends list, Agent Tesla uses multiple protocols to communicate with its C2 infrastructure, making it more difficult to detect robustly than a malware sample utilizing only one network protocol for its C2.
|
By Allen Marin
Fresh from the recent.conf24 user conference in fabulous Las Vegas, I thought I’d share what I thought were some of the key points throughout the week. Along with admiring the traditional display of fezzes and capes throughout the week, we were excited about the great conversations with our customers, business partners, Splunkers, and, of course, the lovely Buttercup.
|
By Sahidya Devadoss
We are excited to announce a significant enhancement to our Entity Enrichment integration with CrowdStrike Falcon: the 1-Click Response action. This new feature empowers SOC analysts to isolate a host directly from Corelight Investigator, leveraging enriched context and point-in-time evidence to make informed, rapid decisions during security incidents.
|
By Claudio Cruz
Security operations centers (SOCs) play a vital role in detection, containment and mitigation of today’s advanced cyber attacks. SoC teams are also responsible for proactively hunting for threats, and improving the organization’s overall security posture. Modern SOC analysts struggle with alert fatigue.
|
By Corelight Labs Team
In this edition of Corelight’s Hunt of the Month blog, we bring you a STRRAT malware detector. In recent months STRRAT has become one of the top malware families submitted to Any.Run’s malware sandbox: STRRAT is a Java-based remote access tool (RAT) that uses a plugin architecture to provide full remote access to an attacker, as well as credential stealing, key logging, and additional plugins.
|
By Ashish Malpani
RSA 2024 is a wrap. After multiple conversations with security leaders and partners on the show floor and during different sessions and happy hours, it’s time to look back and reflect on the biggest takeaways from the conference.
|
By Todd Wingler
For years, the mantra for achieving visibility into potential threats has been the trio of EDR, NDR, and SIEM. These components form the foundation of a robust security posture, with EDR and NDR offering the depth and breadth needed to monitor activities across endpoints and networks.
|
By Corelight
See how the integration between Corelight's Open NDR platform and ServiceNow allows analysts to send specified detections to ServiceNow, enabling efficient case management for in-depth analysis. Send selected detections with contextual information to ServiceNow with a few clicks, and easily jump from ServiceNow to view detection-related details in Corelight, resulting in faster time to case resolution/MTTR.
|
By Corelight
Detection engineering has evolved into an art, contributing to the success rates of endpoint and network detection and response tooling capabilities. Used to effectively counter the increasing complexity of today’s cyber threat actors, high-fidelity detections can help an organization discover threats earlier, neutralizing them before further damage can occur.
|
By Corelight
Defenders face numerous challenges in their complex, ever-expanding environments. Good data or network truth shouldn't be one of them. As Corelight is the standard in the NDR market, we will explore how to pivot from NDR to several EDR tools. The demo will showcase popular tools and give analyst workflow examples and use cases. Speaker: Steven Swaim (Principal Federal Sales Engineer, Corelight)
|
By Corelight
What is network detection and response, how is it fundamental to #cybersecurity, and why should #investors and #security leaders be investing in the #NDR space? Watch as Corelight CEO Brian Dye shares the answers to these questions and more in a new interview with NYSE.
|
By Corelight
Speakers: Matt Bromiley (SANS), Tim Nolen, Sr. Sales Engineer (Corelight), Jean Schaffer, Federal CTO (Corelight)
|
By Corelight
Want to know how to get a commanding view of all devices that log onto your network? Let’s ask ChatGPT! Watch as Corelight's James Pope leverages his AI assistant to explain the power of Zeek®—the open-source technology behind Corelight’s network evidence—and the detailed logs of network activity it produces, including protocols such as HTTP, DNS, and SSL. In the video he also shares how Zeek®’s open standard easily integrates with Suricata, SecurityOnion, Molok, Elk, CrowdStrike EDR logs, and more.
|
By Corelight
Speakers: John Gamble (Corelight), Domenica Crognale, Heather Mahalik, David Smalley.
|
By Corelight
As vendors develop new software or tools for threat hunting, we need to remember that threat hunting is predominantly a human-based activity in looking for incidents that our automated tools have not yet found, or cannot yet detect.
|
By Corelight
Whether you’re attending RSA or not, one thing is for certain - attackers are always at work. Furthermore, attackers are always working together without red tape like we have within our corporate infrastructure. That’s why Mandiant/Google, Stairwell, SnapAttack, Nozomi Networks, SentinelOne, and Corelight are hosting a webinar before RSAC 2023 to show how Defenders are also Stronger Together. There is no silver bullet in the cybersecurity space, so come get the conversation started early in an executive panel as we explore how each executive/organization is addressing.
- July 2024 (4)
- June 2024 (1)
- May 2024 (5)
- April 2024 (3)
- March 2024 (3)
- February 2024 (1)
- January 2024 (1)
- December 2023 (1)
- November 2023 (4)
- October 2023 (6)
- September 2023 (5)
- August 2023 (3)
- July 2023 (3)
- June 2023 (4)
- May 2023 (5)
- April 2023 (4)
- March 2023 (2)
- February 2023 (2)
- January 2023 (3)
- December 2022 (4)
- November 2022 (3)
- October 2022 (5)
- September 2022 (4)
- August 2022 (7)
- July 2022 (3)
- June 2022 (3)
- May 2022 (11)
- April 2022 (8)
- March 2022 (6)
- February 2022 (7)
- January 2022 (1)
- December 2021 (7)
- November 2021 (7)
- October 2021 (3)
- September 2021 (3)
- August 2021 (7)
- July 2021 (7)
Corelight gives you the high ground—a commanding view of your network that lets you outsmart and outlast adversaries.
From the Acropolis to the edge of space, defenders have sought the high ground in order to see farther and turn back attacks. Corelight delivers a commanding view of your network so you can outsmart and outlast adversaries. We capture, interpret, and connect the data that means everything to defenders.
Corelight gives apex defenders the information and tools they need to successfully detect and respond to threats. Corelight is built on Zeek, an open-source, global standard technology. Zeek provides rich, structured, security-relevant data to your entire SOC, making everyone from Tier 1 analysts to seasoned threat hunters far more effective.
The Open NDR Platform:
- Suricata: Suricata generates alerts that we embed directly into Zeek logs, putting every detection into context to save time, cut alert backlogs, and improve analytics.
- Zeek: The Zeek open source network security monitor generates lightweight metadata and detections to enable threat hunting and speed incident response.
- Smart PCAP: Smart PCAP links logs, extracted files, and insights with just the packets you need, to reduce storage costs while expanding retention times by a factor of 10.
Faster investigations, more effective threat hunts with the world's best network evidence.