|
By Vijit Nair
If there’s one thing I love more than delivering great products, it’s delivering great food. The holidays are my time to channel my inner celebrity chef: I’ll burn a few cookies, over-spice a roast, and then miraculously pull it all together for a meal that leaves everyone asking for seconds (or at least not asking for the takeout menu).
|
By Christopher Sather
Malicious files continue to be a significant threat to organizations; SonicWall reported more than six billion malware attacks in 2023. To help organizations prepare for and stay ahead of these threats, we’re introducing an integration with YARA that offers a deeper level of inspection for files across enterprise networks while helping security teams consolidate their toolset in the process.
|
By Cynthia Gonzalez
The Verizon 2024 Data Breach Investigations Report found that system intrusion is the leading attack pattern for the third consecutive year, accounting for 36% of breaches. System intrusion largely consists of a threat actor using hacking techniques and malware to infiltrate the victim organization. Following a successful intrusion, the attacker continues on a multi-stage process: The longer an attacker remains undetected, the greater their opportunity to find a target and extract data.
|
By Vince Stoffer
Over the past year, several sophisticated cyber-espionage campaigns have grabbed the attention of our industry and challenged defenders and vendors alike with advanced tactics, techniques, and procedures (TTPs). One of the most visible campaigns is Volt Typhoon, named by the Microsoft threat intelligence team in May 2023 and attributed to Chinese state-sponsored threat actors.
|
By Tillson Galloway
Welcome to Corelight Labs' latest hunt! This blog continues our tradition of analyzing trending threat groups and TTPs on Any.Run and writing detectors for them, providing the community with open-source threat intelligence, and acting as a tutorial in engineering threat detections with Zeek Script.
|
By David Getman
Security Operations Centers (SOCs) are under immense pressure to ensure no attack goes unnoticed. At Corelight, we’re being approached daily to help bring in network visibility. For many though, visibility isn’t enough. SOCs are already overloaded and Tier 1 Analysts often lack network expertise. Modern network visibility has to be easy to use and designed for maximizing SOC efficiency. For that, we built Guided Triage.
|
By Allen Marin
In today’s threat landscape, security teams face mounting challenges in maintaining a robust security posture. Legacy tools often fall short of defending against increasingly sophisticated adversaries, especially with the complexity of modern, multi-cloud environments. Corelight’s latest integration with the SentinelOne Singularity Platform brings a fresh approach to overcoming these challenges, unifying network and endpoint visibility while simplifying and accelerating threat investigations.
|
By Vince Stoffer
Corelight has strengthened the Suricata integration within its Open NDR Platform, empowering customers with a custom ruleset, the Corelight Feed, designed to swiftly detect and help respond to emerging threats. With a new monthly update cycle, Corelight ensures that organizations stay ahead of the latest vulnerabilities and enhance their network security posture effortlessly.
|
By Mark Overholser
In the Black Hat Network Operations Center (NOC), the conference’s leadership team must assemble best-in-class technologies that complement each other to build and harden an enterprise-grade network in just a few days. Then, the NOC must continuously monitor and adapt the network throughout the course of the conference before dismantling it after the conference concludes.
|
By Allen Marin
At Corelight, we’re thrilled when a respected cybersecurity leader like Mandiant introduces a new offering based on our solution. This week, Mandiant Managed Defense unveiled support for Corelight Open NDR, a move that strengthens our existing relationship and integration across the Google Cloud Security portfolio.
|
By Corelight
The SOC Visibility Triad was defined by Dr. Anton Chuvakin at Gartner almost 10 years ago when the cloud was in its early stages. As the shift to highly dynamic, multicloud environments became mainstream over the last few years, some have argued that the “Triad” should be put to rest since it no longer can ensure the visibility needed to maintain effective security across these modern architectures.
|
By Corelight
Enhance utility of evidence Identify malicious files from network activity and derive the right context without increasing false positives Improve detection coverage Analyze large volumes of files for detecting threats that can be missed by EDR Drive tool consolidation Consolidate tools and eliminate the need for file extraction, storage and custom scripts.
|
By Corelight
See how the integration between Corelight's Open NDR platform and ServiceNow allows analysts to send specified detections to ServiceNow, enabling efficient case management for in-depth analysis. Send selected detections with contextual information to ServiceNow with a few clicks, and easily jump from ServiceNow to view detection-related details in Corelight, resulting in faster time to case resolution/MTTR.
|
By Corelight
Detection engineering has evolved into an art, contributing to the success rates of endpoint and network detection and response tooling capabilities. Used to effectively counter the increasing complexity of today’s cyber threat actors, high-fidelity detections can help an organization discover threats earlier, neutralizing them before further damage can occur.
|
By Corelight
Defenders face numerous challenges in their complex, ever-expanding environments. Good data or network truth shouldn't be one of them. As Corelight is the standard in the NDR market, we will explore how to pivot from NDR to several EDR tools. The demo will showcase popular tools and give analyst workflow examples and use cases. Speaker: Steven Swaim (Principal Federal Sales Engineer, Corelight)
|
By Corelight
What is network detection and response, how is it fundamental to #cybersecurity, and why should #investors and #security leaders be investing in the #NDR space? Watch as Corelight CEO Brian Dye shares the answers to these questions and more in a new interview with NYSE.
|
By Corelight
Speakers: Matt Bromiley (SANS), Tim Nolen, Sr. Sales Engineer (Corelight), Jean Schaffer, Federal CTO (Corelight)
|
By Corelight
Want to know how to get a commanding view of all devices that log onto your network? Let’s ask ChatGPT! Watch as Corelight's James Pope leverages his AI assistant to explain the power of Zeek®—the open-source technology behind Corelight’s network evidence—and the detailed logs of network activity it produces, including protocols such as HTTP, DNS, and SSL. In the video he also shares how Zeek®’s open standard easily integrates with Suricata, SecurityOnion, Molok, Elk, CrowdStrike EDR logs, and more.
|
By Corelight
Speakers: John Gamble (Corelight), Domenica Crognale, Heather Mahalik, David Smalley.
- December 2024 (6)
- November 2024 (2)
- October 2024 (1)
- September 2024 (6)
- August 2024 (1)
- July 2024 (4)
- June 2024 (1)
- May 2024 (5)
- April 2024 (3)
- March 2024 (3)
- February 2024 (1)
- January 2024 (1)
- December 2023 (1)
- November 2023 (4)
- October 2023 (6)
- September 2023 (5)
- August 2023 (3)
- July 2023 (3)
- June 2023 (4)
- May 2023 (5)
- April 2023 (4)
- March 2023 (2)
- February 2023 (2)
- January 2023 (3)
- December 2022 (4)
- November 2022 (3)
- October 2022 (5)
- September 2022 (4)
- August 2022 (7)
- July 2022 (3)
- June 2022 (3)
- May 2022 (11)
- April 2022 (8)
- March 2022 (6)
- February 2022 (7)
- January 2022 (1)
- December 2021 (7)
- November 2021 (7)
- October 2021 (3)
- September 2021 (3)
- August 2021 (7)
- July 2021 (7)
Corelight gives you the high ground—a commanding view of your network that lets you outsmart and outlast adversaries.
From the Acropolis to the edge of space, defenders have sought the high ground in order to see farther and turn back attacks. Corelight delivers a commanding view of your network so you can outsmart and outlast adversaries. We capture, interpret, and connect the data that means everything to defenders.
Corelight gives apex defenders the information and tools they need to successfully detect and respond to threats. Corelight is built on Zeek, an open-source, global standard technology. Zeek provides rich, structured, security-relevant data to your entire SOC, making everyone from Tier 1 analysts to seasoned threat hunters far more effective.
The Open NDR Platform:
- Suricata: Suricata generates alerts that we embed directly into Zeek logs, putting every detection into context to save time, cut alert backlogs, and improve analytics.
- Zeek: The Zeek open source network security monitor generates lightweight metadata and detections to enable threat hunting and speed incident response.
- Smart PCAP: Smart PCAP links logs, extracted files, and insights with just the packets you need, to reduce storage costs while expanding retention times by a factor of 10.
Faster investigations, more effective threat hunts with the world's best network evidence.