Corelight Bright Ideas Blog

Signature-based detections provide fast, effective defense against known attacks. But the threat landscape is rapidly changing: Attackers are utilizing novel, sophisticated techniques that can bypass traditional, signature-based detection methods... Read more »

In my security research role at Corelight, I often have to go through large, complex data sets to detect subtle anomalies and threats. It reminds me of a famous quote by Abraham Lincoln: Read more »

The financial industry is known for its rigorous and sometimes quirky data retention requirements that can challenge even the most seasoned security expert. Read more »

Financial institutions, such as banks and trading houses, have a strong interest in recording key transaction activity within their networks. In the face of daunting data storage requirements, many are finding that Corelight’s network... Read more »

Introduction In November 2024, I participated in SCinet with the Network Security team at SC24. My job was supporting Corelight sensors and threat hunting using the data the sensors produced. Read more »

Introduction Zeek® is a powerful open-source network analysis tool that allows users to monitor traffic and detect malicious activities. Users can write packages to detect cybersecurity events, like this GitHub repo that detects C2 from AgentTesla... Read more »

According to Forrester Research, “How do we reduce our SIEM ingest costs?” is one of the top inquiries they receive from clients. Many security organizations rely on SIEMs for their detection, investigation, and response workflows, ingesting... Read more »

What is MITRE Caldera? MITRE’s Caldera is a cybersecurity platform developed to simulate adversarial tactics, techniques, and procedures (TTPs). Built upon the MITRE ATT&CK framework, Caldera is an open-source tool designed to help cybersecurity... Read more »

How Corelight Open NDR secures cloud workloads beyond runtime security tools. Read more »