Corelight Bright Ideas Blog

This is the Custom Rich Text module

Feel free to edit this text to reflect your unique voice and message. Tell visitors what you do, why you do it, and what sets you apart.

Stories by Richard

command and control

How Can Kill Webs Change Security Thinking?

Learn how the kill web concept can be applied to cybersecurity, and how it addresses some of the concerns with the kill chain.

Richard Bejtlich Sep 21, 2023

command and control

How Does the Kill Chain Apply to Network-Derived Evidence?

This article proposes ways that modern network-derived evidence applies to the kill chain.

Richard Bejtlich Sep 12, 2023

network detection response

Network evidence for defensible disclosure

What do I say if my team discovers a breach of our digital assets? This is a question that requires understanding “defensible disclosure.”

Richard Bejtlich May 5, 2022

Zeek

Mixed VLAN tags and BPF syntax

This post contains a warning and a solution for anyone using BPF syntax when filtering traffic for network security monitoring.

Richard Bejtlich Aug 27, 2020

Network Security Monitoring

Network Security Monitoring data: Types I, II, and III

This blog post explains three levels of analysis and how encryption has affected NSM, demonstrating that NSM remains relevant, despite encryption.

Richard Bejtlich Jul 8, 2020

Network Security Monitoring

The election is six months away. Now is the time to instrument election infrastructure.

Richard shared his thoughts on our blog on why the overarching role of the network and election infrastructure is worthy of a deep assessment right...

Richard Bejtlich May 7, 2020

Network Security Monitoring

Enabling SOHO Network Security Monitoring

Here's how to instrument and enable network security monitoring for a small office – home office (SOHO) environment.

Richard Bejtlich Apr 8, 2020

Zeek

Using Corelight and Zeek to support remote workers

Security teams would benefit from reviewing their NSM data to ensure that only authorized parties are interacting with their remote work...

Richard Bejtlich Mar 25, 2020

Zeek

Countering network resident threats

Anyone worrying about detecting and responding to network resident threats would benefit from the data that Corelight provides.

Richard Bejtlich Feb 20, 2020

Zeek

12 talks to see at RSA 2020

RSA 2020 is fast approaching. The speaker sessions seem to be of high quality overall, but here are the 12 talks you should consider attending.

Richard Bejtlich Feb 10, 2020

1 2

... 4

Secure your cloud.

Cloud enrichment for AWS, GCP,
and Azure

Corelight's
partner program

10 Considerations for Implementing an XDR Strategy

Don't trust. Verify with evidence

The Power of Open-Source Tools for Network Detection and Response

The Evolving Role
of NDR

Detecting 5 Current APTs without heavy lifting

Network Detection and Response

Corelight Bright Ideas Blog

This is the Custom Rich Text module

Stories by Richard

How Can Kill Webs Change Security Thinking?

How Does the Kill Chain Apply to Network-Derived Evidence?

Network evidence for defensible disclosure

Mixed VLAN tags and BPF syntax

Network Security Monitoring data: Types I, II, and III

The election is six months away. Now is the time to instrument election infrastructure.

Enabling SOHO Network Security Monitoring

Using Corelight and Zeek to support remote workers

Countering network resident threats

12 talks to see at RSA 2020

Have questions?

Sign up for our newsletter

We’re hiring!