Corelight

XDR: The Importance of Network Technology

Feb 2, 2022 By Corelight In Corelight

XDR is new to the marketplace, and there remains confusion about what it is - and is not. Alex Kirk of Corelight likes to dispel the myth that it's about endpoint security. "You've got to have the N," he says - network technology. In this interview, he dispels myths and expounds on possibilities. In this video interview with Information Security Media Group, Kirk discusses.

View Video

Corelight

Read more about XDR: The Importance of Network Technology

Government gets serious: deadlines for Zero Trust Architectures

Feb 2, 2022 By Jean Schaffer In Corelight

Since the 1990s, the federal government has been issuing guidelines and recommendations for security via their 800-Series Special Publications. While some of those guidelines became mandates, things have largely inched forward, instead of making any dramatic leaps. OMB’s new memorandum M-22-09, “Moving the U.S. Government Towards Zero Trust Cybersecurity Principles,” is changing this pattern, and setting deadlines for implementation across the government.

Read Post

Corelight

Read more about Government gets serious: deadlines for Zero Trust Architectures

Detecting CVE-2022-21907, an IIS HTTP Remote Code Execution vulnerability

Jan 26, 2022 By Corelight Labs Team In Corelight

In January 2022, Microsoft disclosed a remote code execution vulnerability for Internet Information Server (IIS) identified as CVE-2022-21907, which they have subsequently reported as wormable. Through Microsoft, Corelight Labs was able to review a proof of concept for an attack against the vulnerability. This blog presents an open source detection method that Corelight Labs is releasing to detect exploit attempts of CVE-2022-21907.

Read Post

Corelight

Read more about Detecting CVE-2022-21907, an IIS HTTP Remote Code Execution vulnerability

Security strategy for the next Log4Shell

Dec 22, 2021 By Brian Dye In Corelight

Last week I had the privilege to be in Washington, DC talking to a group of defenders. I heard a clear pattern of words: “data-driven,” “telemetry-first,” and “visibility”.

Read Post

Corelight

Read more about Security strategy for the next Log4Shell

Detecting Log4j exploits via Zeek when Java downloads Java

Dec 18, 2021 By Corelight Labs Team In Corelight

We have published an initial blog on the Log4j exploit and a followup blog with a second detection method for detecting the first stage of exploits occurring over LDAP. Today, we will discuss a third detection method, this one focused on the second-stage download that happens after the first stage completes. In this case, the JVM will download additional Java code payloads over HTTP.

Read Post

Corelight

Read more about Detecting Log4j exploits via Zeek when Java downloads Java

Detecting Log4j via Zeek & LDAP traffic

Dec 16, 2021 By Corelight Labs Team In Corelight

We recently discussed some methods for detecting the Log4j exploit, and we’ve now developed another method that everyone running Zeek® or a Corelight sensor can use. Our new approach is based on the rarity of legitimate downloads of Java via LDAP. Zeek does not currently have a native LDAP protocol analyzer (though one is available if you are running Spicy). This will not stop you from detecting this exploit downloading Java over LDAP, though. To see how, read on.

Read Post

Corelight

Read more about Detecting Log4j via Zeek & LDAP traffic

Simplifying detection of Log4Shell

Dec 14, 2021 By Corelight Labs Team In Corelight

Security workers across the world have been busy since last Friday dealing with CVE-2021-44228, the log4j 0-day known as Log4Shell, that is already being heavily exploited across the Internet. Given the huge number of systems that embed the vulnerable library, the myriad ways that attackers can exploit the vulnerability, and the fact that automated exploitation has already begun, defenders should expect to be dealing with it for the foreseeable future.

Read Post

Corelight

Read more about Simplifying detection of Log4Shell

Exploiting NDR to Cultivate Decision Advantage

Dec 9, 2021 By Corelight In Corelight

As defenders, we deploy or develop a number of policies, procedures, tools and technologies to support our risk management strategy while struggling to maintain situational awareness. The regular outputs of detection and response activities rarely cross functional boundaries and result in missed opportunities to translate learnings into institutional memory. With an ever-evolving threat landscape including the transformation to a hybrid work model; the power of decision and ultimately Decision Advantage is the most valuable tool in cyber-defense. In this webcast, Bernard Brantley CISO Corelight will discuss the exploitation of data-centric NDR as the coalescence point for tactical and operational outputs and as a pathway to cultivating strategic decision advantage.

View Video

Corelight

Read more about Exploiting NDR to Cultivate Decision Advantage

Zero Trust Architecture Solutions Forum - SANS + Corelight

Dec 9, 2021 By Corelight In Corelight

Security has always been one of the prime concerns for any growing business. In a world where technology is continually evolving, companies are constantly stumbling onto new vulnerabilities. One wrong move in the data management space and companies leave themselves vulnerable to shattering attacks. The increasingly multifaceted landscape means that more groups are turning towards a zero-trust security framework. This approach asks companies to take their security enforcement strategy to the next level and recognize that existing approaches don't offer enough defense.

View Video