Corelight Bright Ideas Blog: NDR & Threat Hunting Blog

Small, fast and easy. Pick any three.

By Seth Hall – November 17, 2020

Zeek has been the darling of security defenders looking to get deep visibility into network traffic. Over the last two decades, Zeek has become a household name – widely used by enterprise organizations, educational institutions and government... Read more »

What did I just see? Detection, inference, and identification

By Richard Bejtlich – July 29, 2019

In the course of my network security monitoring work at Corelight, I’ve encountered the terms detection, inference, and identification. In this post I will examine what these terms mean, and how they can help you describe the work you do when... Read more »

Hello, my name is??

By Vince Stoffer – June 10, 2019

Corelight just released our v17 software release and it’s packed with a number of cool new features including the Input Framework, Community ID, and MITRE’s BZAR collection of detections for lateral movement. Let me share a few details about how... Read more »

How to use Corelight and Zeek logs to mitigate RDS/RDP vulnerabilities

By Richard Bejtlich – May 22, 2019

Introduction On May 14 Microsoft released patches for, and details about, a remote code execution vulnerability in Remote Desktop Services (RDS), the graphical interactive desktop offered with most Windows operating system platforms. This... Read more »

Network Security Monitoring, a requirement for Managed Service Providers?

By Richard Bejtlich – May 20, 2019

Over the last six months, we’ve read in the security press about a variety of managed service providers (MSPs) being compromised by nation-state and criminal actors. Some examples: Read more »

Corelight + Chronicle Backstory: Technology integration brings all the right data at the right time for customers

By Allen Male – March 25, 2019

At the recent RSA Conference, Chronicle launched Backstory, a new security analytics platform, and we are pleased to share that Corelight is part of the Chronicle Index Partner program. Read more »

First, Do No Harm

By Richard Bejtlich – March 13, 2019

When we hear the phrase “first, do no harm,” most of us think of the Hippocratic Oath and its guidance for physicians. I was surprised to learn that the phrase as translated does not actually appear in the Greek, and that the origins are more... Read more »

Corelight: #winning in Network Security

By Alan Saldich – March 4, 2019

2018 was undoubtedly a banner year for Corelight. We closed out 2018 with many successes under our belt that reflect the hard work of our people: We more than quadrupled our sales year-over-year and more than doubled our customer base and employee... Read more »

Astronomers and Chemists

By Brian Dye – February 27, 2019

Scale is a great word, because its meaning is truly in the eye of the beholder. To an astronomer, it might mean millions of light years. To a chemist, nanometers. In the network security monitoring (NSM) world, Corelight is enabling scale in two... Read more »

Network security monitoring is dead, and encryption killed it.

By Richard Bejtlich – January 28, 2019

This post is part of a multi-part series on encryption and network security monitoring. This post covers a brief history of encryption on the web and investigates the security analysis challenges that have developed as a result. I’ve been hearing... Read more »