Corelight Bright Ideas Blog

The Gordian knot of any detection strategy is knowing that two conflicting ideas are both true. On one hand, every SOC needs as much accurate detection coverage as they can get to find and disrupt attacks. On the other, the attackers you REALLY care... Read more »

Endpoint Detection and Response (EDR) and Security Information and Event Management (SIEM) have become integral to modern SecOps architecture and threat detection capabilities. However, the urgency of the situation is clear—attackers are deploying... Read more »

“Corelight's platform identifies sophisticated attacks that evade endpoint detection, provides comprehensive visibility from cloud to edge environments, and enables deep forensic investigations with its ability to store network evidence for up to... Read more »

Network Detection and Response (NDR) has emerged as a must-have capability of modern security operations (SecOps). NDR provides deep visibility, detection of advanced threats that evade other security tools, and rapid response capabilities to... Read more »

Want to hunt at Black Hat Asia? It was January 2025 and it was a new year at a new job. I had just started at Corelight as a member of the TME team and received an invitation to work Black Hat Asia as a threat hunter in the Black Hat Network... Read more »

I have been working in the cyber security space for over 25 years. I have spent time in security operations centers (SOCs) within the US Department of Defense, taught cyber warfare operators, secured large enterprise networks and, most recently,... Read more »

Black Hat Asia 2025 has come and gone, and it was another whirlwind of a conference. Thank you to our partners—Arista, Cisco, MyRepublic, and Palo Alto Networks—for making it a successful conference! It’s an exhilarating experience: sitting in the... Read more »

Whether they use custom implants for persistence, zero days for initial access, or live off the land (LOTL) to avoid detection, finding a state-sponsored adversary group can be a challenging proposition for defenders. This can be particularly true... Read more »

For every advancement in defense, attackers supply the equal and opposite adaptation. In the last few years EDRs have become so effective that adversaries have radically shifted gears. That shift shows up unmistakably in three heavyweight... Read more »

Let’s face it: The cloud has become the go-to platform for modern infrastructure—and for good reason. Scalability, flexibility, and speed are hard to beat. But as organizations increasingly rely on the cloud to run their critical operations, the... Read more »