Corelight DefeNDRs
Gain clear, actionable intelligence from Corelight’s network defense experts. Corelight DefeNDRs translates complex cybersecurity detection challenges into concise, practical episodes designed to support faster, smarter decision-making across modern security teams.
All Episodes
Episode 6 - Detecting DNS Covert Channels in the Wild (Part 2)
In Episode 6 of Corelight DefeNDRs, we delve deeper into the fascinating world of DNS covert channels with Vern Paxson, our chief scientist and co-founder. Continuing from our previous discussion, Vern shares his insights on techniques developed to detect these stealthy channels utilized by intruders to evade security measures. We explore the innovative approach of leveraging time series analysis of DNS lookups, how to distinguish benign traffic from potential threats, and the real-world implications of our findings across significant datasets. This episode is a must-listen for anyone interested in enhancing their understanding of network detection and response, as we uncover the delicate balance between legitimate data communication and covert malicious activity. Join me as we navigate these complex yet critical aspects of cybersecurity.
Episode 5 - Detecting DNS Covert Channels in the Wild (Part 1)
In Episode 5 of Corelight Defenders, I, Richard Bejtlich, engage with Corelight's co-founder and chief scientist, Vern Paxson, to delve into the intricate world of DNS covert channels. We explore how adversaries exploit DNS lookups to silently communicate within tightly controlled enterprise environments. Vern explains various methods attackers may use, from encoding data in seemingly benign domain names to manipulating the timing of requests. Our discussion highlights the challenges of detecting these covert channels, especially in the presence of network monitoring. Join us as we uncover the nuances of this critical cybersecurity issue and set the stage for part two, where Vern will share insights from his extensive research on detecting these covert channels in production networks. Stay tuned for more on the network.
Episode 4 - Staying Curious: Lessons from 25 Years in Cybersecurity
In Episode 4 of Corelight Defenders, I sit down with Angela Loomis, Corelight's Director of Technical Account Management, to explore her remarkable 25-year journey in cybersecurity. Angela shares her unconventional entry into the field, starting from a background in television production to becoming a leader in security strategy. We delve into the importance of curiosity in cybersecurity, discussing how diverse experiences enrich the profession, and whether formal education might dampen that curiosity. Angela also reflects on her roles across various organizations, emphasizing the value of deep product understanding and customer engagement. Join us for an insightful conversation that highlights the evolving landscape of cybersecurity and the lessons learned from decades of experience.
Episode 3 - Network Visibility in the Cloud: Why Network Traffic Analysis Remains Critical
Richard Bejtlich discusses cloud security from a network-centric perspective with Corelight's cloud security researcher, David Burkett. They explore why monitoring network traffic remains essential in cloud environments, despite the presence of native security features offered by cloud providers. David highlights common threats such as container compromises, coin miners, and supply chain attacks, emphasizing the value of traffic visibility for detecting unusual behaviors and breaches. The episode delves into practical approaches like baselining cloud workloads, analyzing ingress and egress traffic, and the unique advantages of monitoring cloud infrastructure through network-based taps. Tune in to discover how organizations can enhance their cloud security strategies through proactive network visibility.