Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Corelight

Data quality defines a ceiling for SOC performance

May 13, 2026 By Gregory Bell In Corelight
Defenders have long known that richer evidence improves security outcomes by enabling faster triage, deeper analysis, and more complete investigation. Although Corelight was founded on this premise, it’s been hard for us to quantify the impact of better network data - until now. Recently, we built an agentic test harness to measure the success of frontier LLMs in responding to real-world attack scenarios, using a range of source data.
Read Post

How Corelight identified a years-old network issue in 30 minutes

May 11, 2026 By Corelight In Corelight
A global cruise line operating across maritime and resort environments was struggling with inconsistent detections, alert overload, and limited visibility from its existing NDR platform. In this customer story, Jay Miller from Corelight walks through how the organization evaluated its network visibility strategy, identified long-standing gaps in detection coverage, and improved investigation workflows across a complex environment with intermittent connectivity at sea.
View Video

Episode 14 - Harvest Now, Decrypt Later: The Shift to Post-Quantum Cryptography

May 7, 2026 By Corelight In Corelight
The emergence of quantum computing has introduced a definitive expiration date for classical encryption, fueling a "harvest now, decrypt later" strategy among sophisticated nation-state actors. In this episode, Vince Stoffer joins Richard Bejtlich to demystify Post-Quantum Cryptography (PQC) and explain why organizations must move beyond a "set it and forget it" mentality regarding their encryption standards.
View Video
Corelight

5 signs it is time to upgrade your DIY Zeek deployment

May 5, 2026 By Matt Ellison In Corelight
You already know the immense value of open-source Zeek. It provides the absolute gold standard of network evidence, giving you the deep visibility required to defend your organization. You have the right strategic foundation, but the operational workload of managing a do-it-yourself (DIY) deployment at scale is likely draining your energy.
Read Post
Corelight

The 7 sins killing your SOC efficacy (and why NDR is the cure)

Apr 30, 2026 By Josh Porto In Corelight
Network Detection and Response (NDR) is a glorious tool for spotting the stuff that slips past the velvet ropes. The weird lateral movement. The "why is Finance talking to a printer in Moldova" moment. The internal reconnaissance that looks harmless until it's suddenly not. What can't NDR do? Trick question. It can't walk the dog, run a marathon, or explain to leadership why "just block Russia" isn't a complete strategy. NDR is your truth serum.
Read Post
Corelight

From human-scale to AI-scale: Lessons in resilience from RSAC 2026

Apr 23, 2026 By Ed Smith In Corelight
The halls of RSAC 2026 were buzzing with a singular question: "How do we defend an ecosystem that is moving faster than we can think?" During a featured session last week, Brian Dye (CEO, Corelight) talked with Deneen DeFiore (CISO, United Airlines) about the realities of protecting one of the world's most complex digital environments.
Read Post

Episode 13 - Battle-Hardened Research: Navigating the Intersection of AI and Open Source

Apr 23, 2026 By Corelight In Corelight
Richard Bejtlich sits down with Ali Islam to pull back the curtain on how a security research lab functions within a modern security company. Moving beyond the "ivory tower" of academia, Ali explains why researchers must be battle-hardened by real-world threat actor techniques to remain effective in the field. The conversation dives into Corelight’s unique commitment to the open source community through the direct funding of Zeek and Suricata developers, ensuring that community-driven tools can scale to meet massive enterprise traffic demands.
View Video
Corelight

Defending energy infrastructure in the age of Mythos

Apr 17, 2026 By Gregory Bell In Corelight
The Department of Energy’s Office of Cybersecurity, Energy Security, and Emergency Response (CESER) has released its first five-year strategic plan, following the broader national cybersecurity strategy. It’s coming at a time when the energy cybersecurity landscape is changing quickly, in some cases faster than operators can realistically keep up.
Read Post

Episode 12 - The Agentic SOC: Upleveling Analysts with AI Knowledge Multipliers

Apr 9, 2026 By Corelight In Corelight
Richard Bejtlich sits down with Stan Kiefer, Corelight’s Senior Manager for Data Science, to discuss how AI serves as a vital "abstraction layer" and "knowledge multiplier" for security analysts. Stan explains that while AI can synthesize complex information, it remains untrustworthy without high-fidelity network data at its center to provide verifiable evidence. The episode explores the shift toward an "agentic ecosystem" and a tiered architecture where a central orchestrator manages specialized sub-agents to accelerate detection and investigation.
View Video

Copyright © 2026 OpsMatters™. All rights reserved.