Detecting and preventing security threats is a lot easier than fixing already existing ones. With this in mind, you should set up alerts to detect security threats before they occur and do your best to prevent them from happening. There are many ways to set up security alerts. One way to set up alerts is to use a SIEM system such as LogSentinel SIEM, which will send you an alert if something suspicious happens. This way, for example, if you notice a potential security breach, you can turn off your system network in order to prevent the hacker from accessing your network.

Discover the power of the world’s best network security monitor, Zeek, and how Corelight makes it much simpler to use. Find out why elite defenders have used the evidence Zeek produces to accelerate their investigations, amplify their threat hunting capabilities, speed up analytics and more in this short intro.

Security teams can save up to 10x the packet retention period at 50% the cost compared to full packet capture! Sounds too good to be true, right? It’s not! With powerful, yet easy-to-use pcap levers we let security teams capture just the packets needed for investigations, and correlate them with our alerts and logs, and make packets 1-click retrievable. With Smart PCAP you get months, not days' worth of packet visibility.

Attackers often hide their command and control (C2) activity using techniques like encryption, tunneling in noisy traffic like DNS, or domain generation algorithms to evade blacklists. Reliably spotting C2 traffic requires a comprehensive network security monitoring capability like open source Zeek that transforms packets into connection-linked protocol logs that let analysts make fast sense of traffic. Corelight’s commercial NDR solutions generate this Zeek network evidence and also provide dozens of proprietary C2 insights and detections.

In the SANS 2021 Top New Attacks and Threat Report, John Pescatore provides insight into the threats highlighted during the SANS panel discussion at the 2021 RSA Conference. This webcast will include practical advice from the paper, including insights from SANS instructors Ed Skoudis, Heather Mahalik, Johannes Ullrich, and Katie Nickels on the critical skills, processes and controls needed to protect their enterprises from these advanced attacks.

Working with encrypted traffic is a common task in the SOC and one that many people think network monitoring solutions can't do anything about. The reality, however, is a bit less cut and dry than you might think. Corelight with Zeek can parse details about the certificate handshake and the SSL connection itself. See the cipher and elliptic curve in use, which are great for detecting vulnerabilities like CurveBall. Learn more about Corelight's Encrypted Traffic collection in this brief two minute video.

Watch this webcast to get the best network evidence for security threats and learn how to.

Poor Operational Technology (OT) security can lead to serious IT data breaches. Learn from experts at Splunk, Corelight, and ClearShark about the risks unsecured OT systems pose to IT networks, and how visibility into network traffic can enable accurate alerting to malicious behavior. You’ll learn key differences between OT and IT networks, about Corelight’s ability to understand and enhance OT protocols, and the value of Zeek wire data for both IT and OT security.