Threat Detection

Enhanced Network Evidence for the Modern SOC

Jun 7, 2022 By Corelight In Corelight

Security leaders protect their businesses by using analytics and insights to understand security needs, attack surfaces, and trends. Every company from ‘big box’ travel sites to powerhouse car manufacturers needs to optimize their SOCs, retain talent, and expand business opportunities securely.

View Video

Corelight

Read more about Enhanced Network Evidence for the Modern SOC

CrowdStrike Introduces CrowdStrike Asset Graph to Help Organizations Proactively Identify and Eliminate Blind Spots Across Attack Surface

Jun 6, 2022 By CrowdStrike In CrowdStrike

CrowdStrike Asset Graph provides unprecedented visibility of assets in an IT environment to optimize cyber defense strategies and manage risk.

Read Post

CrowdStrike

Read more about CrowdStrike Introduces CrowdStrike Asset Graph to Help Organizations Proactively Identify and Eliminate Blind Spots Across Attack Surface

CrowdStrike Adds Strategic Partners to CrowdXDR Alliance and Expands Falcon XDR Capabilities to Supercharge Threat Detection, Investigation, Response and Hunting

Jun 6, 2022 By CrowdStrike In CrowdStrike

New CrowdXDR Alliance partners include Menlo Security, Ping Identity and Vectra AI. New Falcon XDR capabilities include native integration with Falcon Fusion SOAR workflows to streamline and simplify security operations.

Read Post

CrowdStrike

Read more about CrowdStrike Adds Strategic Partners to CrowdXDR Alliance and Expands Falcon XDR Capabilities to Supercharge Threat Detection, Investigation, Response and Hunting

RSAC 2022: CrowdStrike Delivers Protection that Powers Productivity

Jun 6, 2022 By George Kurtz In CrowdStrike

The theme of RSA Conference 2022 succinctly captures the aftermath of the disruption we’ve all experienced over the last couple of years: Transform. Customers continue to transform and accelerate digital initiatives in response to the massive economic and technological shifts driven by the COVID-19 pandemic.

Read Post

CrowdStrike

Read more about RSAC 2022: CrowdStrike Delivers Protection that Powers Productivity

Forescout and Cysiv: Threat Detection Across Your Digital Terrain

Jun 6, 2022 By Ian Curry In Forescout

Today marks an exciting moment in time for our customers and partners. Today, Forescout announced its intent to acquire Cysiv, a company with deep expertise in data-powered threat detection and response.

Read Post

Forescout

Read more about Forescout and Cysiv: Threat Detection Across Your Digital Terrain

Enriching NDR logs with context

Jun 2, 2022 By Stan Kiefer In Corelight

In this post, we show how enriching Zeek® logs with cloud and container context makes it much faster to tie interesting activity to the container or cloud asset involved.In cloud or container environments, layer 3 networking is abstracted away from the higher-level tasks of running workloads or presenting data. Because of this abstraction, when Zeek logs are collected for cloud or container network environments, the attribution of a network flow to actual workload or application is difficult.

Read Post

Corelight

Read more about Enriching NDR logs with context

CrowdStrike Falcon Identity Threat Protection Added to GovCloud-1 to Help Meet Government Mandates for Identity Security and Zero Trust

Jun 1, 2022 By Andrew Harris In CrowdStrike

CrowdStrike recently announced the addition of Falcon Identity Threat Protection and Falcon Identity Threat Detection to its GovCloud-1 environment, making both available to U.S. public sector organizations that require Federal Risk and Authorization Management Program (FedRAMP) Moderate or Impact Level 4 (IL-4) authorization. This includes U.S. federal agencies, U.S. state and local governments and the Defense Industrial Base (DIB).

Read Post

CrowdStrike

Read more about CrowdStrike Falcon Identity Threat Protection Added to GovCloud-1 to Help Meet Government Mandates for Identity Security and Zero Trust

Real world use cases for NDR in the Cloud

May 31, 2022 By Corelight In Corelight

As we’ve learned from events like Sunburst and Log4Shell, network telemetry provides essential evidence for catching threats that other tools miss. Watch Senior Director of Product - Cloud Security - Vijit Nair dive into real world use cases from the research team at Corelight -- the creators and maintainers of Zeek. You'll learn how the collection and analysis of cloud network traffic leads to better threat detection and faster response.

View Video

Corelight

Read more about Real world use cases for NDR in the Cloud

Detecting CVE-2022-26937 with Zeek

May 26, 2022 By Corelight Labs Team In Corelight

This month, Microsoft announced a vulnerability in NFS. The exploit lies in how an attacker can force a victim NFS server to request an address from the attacker’s fake NFS server. The address returned will overflow memory on the victim NFS server and cause a crash. Through Microsoft’s MAPP program, Corelight Labs reviewed a proof-of-concept exploit for this vulnerability and wrote a Zeek®-based detection for it. You can find a PCAP of this exploit in our GitHub repository.

Read Post

Corelight

Read more about Detecting CVE-2022-26937 with Zeek

Detecting CVE-2022-23270 in PPTP

May 26, 2022 By Corelight Labs Team In Corelight

This month, Microsoft announced a vulnerability in PPTP, a part of the VPN remote access services on Windows systems that runs on port 1723/tcp. Through Microsoft’s MAPP program, Corelight Labs reviewed a proof of concept exploit for this vulnerability and wrote a Zeek®-based detection for it.

Read Post