Corelight Bright Ideas Blog

Featured Post

February 18, 2025

Corelight delivers data aggregation to reduce SIEM ingest by 50-80% compared to legacy network security monitoring tools

According to Forrester Research, “How do we reduce our SIEM ingest costs?” is one of the top inquiries they receive from clients. Many security organizations rely on SIEMs for their detection, investigation, and response workflows, ingesting critical security information and events to detect and respond to threats. However, the large volume of... Read more »

Additional Posts

Detecting Abuse of NetSupport Manager

By Tillson Galloway – September 11, 2024

Welcome to the latest hunt from Corelight Labs! This blog continues our tradition of analyzing trending TTPs on Any.Run and writing detectors for them. Read more »

Unparalleled Visibility and Threat Detection for SSE Environments

By Ed Smith – September 10, 2024

As organizations embrace digital transformation, security teams face growing challenges in maintaining visibility across diverse on-prem, cloud, and hybrid environments. With the rapid adoption of Secure Access Service Edge (SASE) and Security... Read more »

A few notes from a CISA anger translator

By Brian Dye – August 8, 2024

My weekly dose of Risky.biz led me to CISA’s advisory on SILENTSHIELD, which described their months-long red team exercise and resulting remediation at a federal agency. My browser backlog happened to have their APT40 advisory from just a few days... Read more »

Corelight Announces Cloud Enrichment for AWS, GCP, and Azure

By Todd Morneau – August 6, 2024

This week, I’m excited to announce Cloud Enrichment for AWS, GCP, and Azure. These enhancements are designed to accelerate incident response and unlock threat hunting capabilities by automatically combining the insights of your cloud network with... Read more »

Understanding the Latest Threat Landscape: Insights from Mandiant M-Trends

By Allen Marin – July 18, 2024

In the constantly evolving world of cybersecurity, staying ahead of emerging threats requires continuous vigilance and adaptation. Fortunately for those of us in the industry, we’ve been able to count on highly respected digital forensics and... Read more »

Corelight recognized for SaaS and Cloud Identity Applications Security in the Gartner Competitive Landscape Report*

By Alyssa Ideboen – July 18, 2024

The cybersecurity landscape is evolving, and Network Detection and Response (NDR) solutions are becoming indispensable for consistent visibility across an increasing attack surface. In the Competitive Landscape for NDR research, Gartner® claims that... Read more »

Black Hat NOC: Zero Trust…but Verify | Corelight

By Mark Overholser – July 8, 2024

Zero Trust…but Verify The Black Hat network is unlike an enterprise network. The network operations center (NOC), which Corelight helps to operate, sees traffic that would never be permissible on most enterprise networks. Still, in many ways the... Read more »

Detecting The Agent Tesla Malware Family

By Keith J. Jones – July 2, 2024

Welcome to the latest from Corelight Labs! This blog continues our tradition of picking a popular malware family from Any.Run and writing a detector for it! Trending consistently at #1 on Any.Run’s malware trends list, Agent Tesla uses multiple... Read more »

Splunk .conf24 reflections - Federated data, resilience, and a parade of fezzes

By Allen Marin – June 26, 2024

Fresh from the recent .conf24 user conference in fabulous Las Vegas, I thought I’d share what I thought were some of the key points throughout the week. Read more »

Simplify SOC analyst experience with the enhanced Corelight Splunk App

By Claudio Cruz – May 29, 2024

Security operations centers (SOCs) play a vital role in detection, containment and mitigation of today’s advanced cyber attacks. SoC teams are also responsible for proactively hunting for threats, and improving the organization’s overall security... Read more »

Load Older Posts