Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Corelight

Expand visibility around authentication and application anomalies with Corelight's new LDAP analyzer

Comprehensive visibility into network protocols is a hallmark of Zeek (and therefore Corelight) data. That's why we are very happy to announce that with our v27.2 release we are supporting a new analyzer for the LDAP protocol. You likely know LDAP as a workhorse for carrying directory information across the network. While it's an open standard, it's most often seen as part of several server implementations, especially Microsoft's Active Directory, OpenLDAP, and others.

Entity Collection Overview

The current tempo in information security is getting increasingly faster. We continue to chase quicker detections and faster responses. But does that align with reality? Troves of data is being ingested at wire speed w/filtering, comparing, correlating, identifying, and other transform operations in the event lifecycle. This comes with an increased risk of missed events/alerts, indiscernible log activity from various origins, and the potential for analysis paralysis/desensitization/burnout…

From Noise to Signal: Enrichment and Routing with Corelight, Cribl, and Elastic

Monitoring network traffic is essential to SecOps. Security teams need to streamline network detection, data routing, and analysis for faster incident response. Corelight, Cribl, and Elastic combine to provide a unique solution that transforms the noise of network traffic into effectively routed, optimized data.

Corelight Investigator introduces new Machine Learning Models

Corelight Investigator furthers its commitment to delivering next-level analytics through the expansion of its machine learning models. Security teams are now enabled with additional supervised and deep learning models, including: We continue to provide complete transparency behind our evidence -- showing the logic behind our machine learning models and detections, allowing analysts to quickly and easily validate the alerts.

Corelight for the everywhere cloud

Editor's note: This is the first in five-part series authored by Ed Amoroso, founder and CEO of TAG Cyber, which will focuses on how the Corelight platform reduces network security risks to the so-called Everywhere Cloud (EC). Such security protection addresses threats to devices and assets on any type of network, including both perimeter and zero-trust based.

Is Network Evidence Really Needed for Security Operations?

Networks are the transport fabric for all IT however in the modern world they have become harder to access and monitor. Attackers inevitably leave traces on the network, and for this reason defenders understand the value of high-quality network evidence. But given the rise of encryption, digital transformation, Zero Trust architectures, and SASE… is it even feasible to collect network evidence anymore? Maybe we should throw in the towel and do without it?

Corelight launches the Entity Collection

Corelight Labs, our amazing research team, has been hard at work on another content collection which we are excited to introduce: the Corelight Entity Collection. Corelight evidence is powerful and comprehensive. So comprehensive, in fact, that it can sometimes be hard to know where to start. Providing customers faster ways to find meaningful context in our data was the driving force behind the creation of the Entity Collection.

SANS 2022 Multicloud Survey Exploring the World of Multicloud

SANS research has shown that more organizations are using multiple cloud providers. Multicloud adoption can be driven by a variety of factors, such as competitive differentiation, mergers and acquisitions, and more. This event explores various results from the SANS 2022 Multicloud Survey, including multicloud adoption trends, how adoption decisions are made, and—most importantly—what cybersecurity teams are doing to cope with the onslaught of challenges brought about by so much change, complexity, and variation in the cloud services marketplace.

Zeek on Windows

As we shared at ZeekWeek 2022 in October, we’re thrilled to announce emerging support for Zeek on Windows, thanks to an open-source contribution from Microsoft. Part of its integration of Zeek into its Defender for Endpoint security platform, this contribution provides fully-native build support for Windows platforms and opens up a range of future technical possibilities in this vast ecosystem.