Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Corelight

Raspberry Pi Sensors for Home Networks

Aug 5, 2022 By Corelight In Corelight
Is your IoT dryer transferring 1GB+ of traffic daily? Does your Tesla phone home to the mothership? Is your employer monitoring you at home? Learn a quick, easy, free method for using a Raspberry Pi to gain visibility into your home network. We'll teach you to find out what your smart (and not-so-smart) devices are doing using ZeekⓇ logs and Suricata alerts–two flagship open-source technologies–skills transferable to your day job and enterprise environments.
View Video

Integrating Open NDR To Automate Alert Response Via Better Network Evidence

Aug 1, 2022 By Corelight In Corelight
Are you interested in context for your cloud or container environment when you investigate an event from last week, last month, or last year? Would it save you time to have IDS alerts that include the full context of the connection? Watch this SANSFIRE 2022 webcast and to see James Schweitzer demonstrate easy to understand, interlinked network evidence, available wherever you need it and which also enables orchestration.
View Video

SANS 2022 Threat Hunting Survey - Hunting for a Standard Methodology for Threat Hunting Teams

Jul 27, 2022 By Corelight In Corelight
We’ll also look at the past two years to see if global economic impacts have caused any industry changes that give us cause to rethink our approach to threat hunting.. Key topics will include operationalizing threat hunting, innovative threat hunting tactics and techniques, and new tools that can help threat hunting for both endpoints and networks.
View Video

Break Threat Patterns with Complete Visibility Across all Your Data

Jul 27, 2022 By Corelight In Corelight
Master threat hunting practices to resolve incidents before they impact mission critical assets Learn about threat hunting for all roles and skill levels from CrowdStrike, Humio and Corelight. Learn how modern log management helps quickly identify the root cause of an issue. Get tips on what to look for and best courses of action for prevention and remediation — resolving incidents before they impact your mission critical assets.
View Video
Corelight

The best cybersecurity defense is great evidence

Jul 19, 2022 By Jean Schaffer In Corelight

The saying “data is king” has been around for quite a while and we all know that the world operates and makes decisions on digital data 24x7x365. But, is data king in the field of cybersecurity? I believe that evidence - not data - is what is needed to speed defenders’ knowledge and response capabilities, so let's talk about both.

Read Post
Corelight

The evidence bank: leveraging security's most valuable asset

Jun 30, 2022 By Bernard Brantley In Corelight

Evidence is the currency cyber defenders use to pay down security debt, balancing the value equation between adversaries and the enterprise. Defenders can use evidence proactively, identifying and protecting structural risks within our zone of control. Evidence can also be used reactively by supporting detection (re)engineering, response, and recovery activities, guiding us back to identifying and protecting structural risks.

Read Post

Enhanced Network Evidence for the Modern SOC

Jun 7, 2022 By Corelight In Corelight
Security leaders protect their businesses by using analytics and insights to understand security needs, attack surfaces, and trends. Every company from ‘big box’ travel sites to powerhouse car manufacturers needs to optimize their SOCs, retain talent, and expand business opportunities securely.
View Video
Corelight

Enriching NDR logs with context

Jun 2, 2022 By Stan Kiefer In Corelight

In this post, we show how enriching Zeek® logs with cloud and container context makes it much faster to tie interesting activity to the container or cloud asset involved.In cloud or container environments, layer 3 networking is abstracted away from the higher-level tasks of running workloads or presenting data. Because of this abstraction, when Zeek logs are collected for cloud or container network environments, the attribution of a network flow to actual workload or application is difficult.

Read Post

Real world use cases for NDR in the Cloud

May 31, 2022 By Corelight In Corelight
As we’ve learned from events like Sunburst and Log4Shell, network telemetry provides essential evidence for catching threats that other tools miss. Watch Senior Director of Product - Cloud Security - Vijit Nair dive into real world use cases from the research team at Corelight -- the creators and maintainers of Zeek. You'll learn how the collection and analysis of cloud network traffic leads to better threat detection and faster response.
View Video
Corelight

Detecting CVE-2022-26937 with Zeek

May 26, 2022 By Corelight Labs Team In Corelight

This month, Microsoft announced a vulnerability in NFS. The exploit lies in how an attacker can force a victim NFS server to request an address from the attacker’s fake NFS server. The address returned will overflow memory on the victim NFS server and cause a crash. Through Microsoft’s MAPP program, Corelight Labs reviewed a proof-of-concept exploit for this vulnerability and wrote a Zeek®-based detection for it. You can find a PCAP of this exploit in our GitHub repository.

Read Post
Subscribe to Corelight

Copyright © 2024 OpsMatters™. All rights reserved.