Corelight DefeNDRs
Gain clear, actionable intelligence from Corelight's network defense experts. Corelight DefeNDRs translates complex cybersecurity detection challenges into concise, practical episodes designed to support faster, smarter decision-making across modern security teams.
All Episodes
Episode 8 - Enterprise Nervous System: Using Network Signal to Direct Business Strategy
In this episode of Corelight Defenders, I'm joined by Bernard Brantley, Chief Information Security Officer at Corelight, as we delve into the concept of the enterprise nervous system. Bernard shares insights from his extensive experience in network analysis, explaining how organizations can leverage their network traffic data to enhance security and drive business outcomes. We discuss the importance of understanding the interdependencies between assets, processes, and goals, and how security teams can position themselves as integral to business success rather than just risk mitigators. Join us as we explore how security can effectively align with business strategies, fostering a culture of proactive engagement and intelligence sharing.
Episode 7 - Practical AI for Zeek, MITRE, and Security Docs
In Episode 7 of Corelight DefeNDRs, join me, Richard Bejtlich, as I sit down with Dr. Keith Jones, Corelight's principal security researcher, to discuss the practical applications of AI in enhancing network security. We delve into how large language models (LLMs) can assist in cleaning up documentation and generating Zeek scripts, sharing insights from our extensive experience in incident response and coding. Keith reveals the challenges and successes he has encountered using LLMs to streamline processes, including their role in analyzing MITRE techniques. Whether you're a seasoned coder or new to the field, this episode offers valuable perspectives on leveraging AI tools to improve efficiency and effectiveness in security operations. Tune in for a thought-provoking conversation that bridges AI innovation with real-world cybersecurity challenges.
Episode 6 - Detecting DNS Covert Channels in the Wild (Part 2)
In Episode 6 of Corelight DefeNDRs, we delve deeper into the fascinating world of DNS covert channels with Vern Paxson, our chief scientist and co-founder. Continuing from our previous discussion, Vern shares his insights on techniques developed to detect these stealthy channels utilized by intruders to evade security measures. We explore the innovative approach of leveraging time series analysis of DNS lookups, how to distinguish benign traffic from potential threats, and the real-world implications of our findings across significant datasets. This episode is a must-listen for anyone interested in enhancing their understanding of network detection and response, as we uncover the delicate balance between legitimate data communication and covert malicious activity. Join me as we navigate these complex yet critical aspects of cybersecurity.
Episode 5 - Detecting DNS Covert Channels in the Wild (Part 1)
In Episode 5 of Corelight Defenders, I, Richard Bejtlich, engage with Corelight's co-founder and chief scientist, Vern Paxson, to delve into the intricate world of DNS covert channels. We explore how adversaries exploit DNS lookups to silently communicate within tightly controlled enterprise environments. Vern explains various methods attackers may use, from encoding data in seemingly benign domain names to manipulating the timing of requests. Our discussion highlights the challenges of detecting these covert channels, especially in the presence of network monitoring. Join us as we uncover the nuances of this critical cybersecurity issue and set the stage for part two, where Vern will share insights from his extensive research on detecting these covert channels in production networks. Stay tuned for more on the network.