Bright Ideas Blog

Black Hat Asia 2026: From Cat Feeders to Solar Farms | Corelight

Ben Reardon — Wed, 10 Jun 2026 16:49:40 GMT

There is a saying you will hear from veterans in the Black Hat Network Operations Center (NOC): “Threat hunting on the Black Hat network is like trying to find a needle in a stack of needles." With dozens of training classes running live exploit chains, capture-the-flag traffic, and researchers probing every corner of the internet, our Corelight sensors generate a rich set of Zeek logs, many of which can look suspicious in varying degrees.

The North Korean IT worker threat: A modern insider risk | Corelight

Tim Chiu — Mon, 08 Jun 2026 21:33:47 GMT

The threat is coming from inside the organization. It is coming from a laptop farm three states over, routed through a proxy, and operated by a threat actor sitting on the other side of the globe.

Identify in the SOC: Why Network Visibility Still Matters | Corelight

Richard Petrie — Thu, 04 Jun 2026 16:46:36 GMT

Long gone are the days where usernames were all you needed to secure a network. The same is true for your Security Operations Center (SOC) analysts trying to investigate a threat. "Who is jdoe05 and why are they logging into this server?" is a critical question to answer during an investigation, one that neither NDR (Network Detection and Response) nor EDR (Endpoint Detection and Response) can answer directly. Enter the Identity Provider (IdP).

Corelight & CrowdStrike Charlotte AI SOC Integration

Adam Pumphrey — Wed, 03 Jun 2026 22:09:53 GMT

For years, SOC analysts have lived in a world of swivel-chair analysis. When an alert fires in an endpoint tool, the next step is almost always a manual pivot to a network console to see if the network reality matches the host behavior.

Corelight brings unique network data into Cisco Cloud Control

Corelight — Tue, 02 Jun 2026 18:05:00 GMT

Integration provides vital data and detections so AI agents investigating security issues can understand the breach, risk, and required mitigation

Corelight, a leader in fueling the AI SOC, today announced that it is providing industry-leading data to power AI investigations of emerging threats through an integration of Corelight Open NDR into Cloud Control Studio. Cloud Control Studio is the design space within Cisco Cloud Control, Cisco’s unified platform for agentic IT operations, where customers can build AI agents and connect them to non-Cisco tools. This integration will provide security teams and the AI agents they employ in AI Canvas with detections and uniquely powerful data to effectively investigate security issues, improving the speed and accuracy of agentic security workflows.

How Data Quality Limits AI SOC Performance | Corelight

Gregory Bell — Wed, 13 May 2026 21:49:28 GMT

Low-quality data will prevent successful AI SOC transformation

Defenders have long known that richer evidence improves security outcomes by enabling faster triage, deeper analysis, and more complete investigation. Although Corelight was founded on this premise, it’s been hard for us to quantify the impact of better network data - until now.

5 Signs You Need to Upgrade Your Zeek Deployment | Corelight

Matt Ellison — Tue, 05 May 2026 17:11:05 GMT

You already know the immense value of open-source Zeek. It provides the absolute gold standard of network evidence, giving you the deep visibility required to defend your organization. You have the right strategic foundation, but the operational workload of managing a do-it-yourself (DIY) deployment at scale is likely draining your energy.

The 7 Sins Killing Your SOC Efficacy (And Why NDR is the Cure) | Corelight

Josh Porto — Thu, 30 Apr 2026 17:58:17 GMT

Network Detection and Response (NDR) is a glorious tool for spotting the stuff that slips past the velvet ropes. The weird lateral movement. The "why is Finance talking to a printer in Moldova" moment. The internal reconnaissance that looks harmless until it's suddenly not.

RSAC 2026: Lessons in Cyber Resilience | Corelight

Ed Smith — Thu, 23 Apr 2026 22:33:31 GMT

The halls of RSAC 2026 were buzzing with a singular question: "How do we defend an ecosystem that is moving faster than we can think?"

Energy Cybersecurity in the Age of Claude Mythos | Corelight

Gregory Bell — Fri, 17 Apr 2026 20:36:34 GMT

The Department of Energy’s Office of Cybersecurity, Energy Security, and Emergency Response (CESER) has released its first five-year strategic plan, following the broader national cybersecurity strategy. It’s coming at a time when the energy cybersecurity landscape is changing quickly, in some cases faster than operators can realistically keep up.