CONTACT US
forrester wave report 2023

Close your ransomware case with Open NDR

SEE HOW

Download our free guide to find hidden attackers.

Find hidden attackers with Open NDR

SEE HOW

cloud-network

Corelight announces cloud enrichment for AWS, GCP, and Azure

READ MORE

corelight partner programe guide

Corelight's partner program

VIEW PROGRAM

glossary-icon

10 Considerations for Implementing an XDR Strategy

READ NOW

ad-images-nav_0006_Blog

Don't trust. Verify with evidence

READ BLOG

video

The Power of Open-Source Tools for Network Detection and Response

WATCH THE WEBCAST

ad-nav-ESG

The Evolving Role of NDR

DOWNLOAD THE REPORT

ad-images-nav_0006_Blog

Detecting 5 Current APTs without heavy lifting

READ BLOG

g2-medal-best-support-spring-2024

Network Detection and Response

SUPPORT OVERVIEW

 

Cybersecurity

Focus Terrapin patching efforts with Zeek

In this blog, we will demonstrate how Zeek’s metadata approach can help focus patching efforts related to the recent SSH “Terrapin” attack. One of the interesting aspects to bear in mind as you read this is that Zeek provides visibility of the... Read more »

Dual Defenses: 9 Reasons Why Open NDR Is Essential Alongside NGFW

Dual Defenses: 9 Reasons Why Open NDR Is Essential Alongside NGFW

Securing a network against the myriad of evolving cyber threats requires more than just a robust firewall or endpoint protection platform; it demands a multifaceted approach. Corelight’s Open Network Detection and Response (NDR) Platform complements... Read more »

Inside the Mind of a Cybersecurity Threat Hunter Part 2: Identifying Persistence Techniques

In this second post of our threat hunting with Corelight and CrowdStrike blog series we dive into Persistence, which is one the many tactical categories outlined in the MITRE ATT&CK framework. In our previous blog, we reviewed some of the common... Read more »

Detections and Findings using Corelight in the Black Hat Asia NOC

As promised, we wanted to dedicate a blog to detections and findings from the network operations center (NOC) at Black Hat Asia 2023 as a follow up to our Lessons Learned blog. Some of these discoveries may not surprise the seasoned analyst or... Read more »

Detecting Storm-0558 using Corelight evidence

While there have been many intrusions, compromises, breaches, and incidents that have made news in the IT and InfoSec industries throughout 2022 and into this year, when events or threats like Storm-0558 gain coverage by mainstream media, we often... Read more »

The evidence bank: leveraging security's most valuable asset

Editor's note: This is the fourth in a series of Corelight blog posts focusing on evidence-based security strategy. Catch up on all of the posts here. Read more »

Don’t trust. Verify with evidence.

Editor's note: This is the first in a series of Corelight blog posts focusing on evidence-based security strategy. Catch up on all of the posts here. What matters most in a criminal trial? Evidence. Everything depends on the quality and depth of... Read more »

VPNs are increasingly common - how much can you see?

New VPN Insights package shines the light on a growing blindspot VPN tunnels are like shipping containers in that they are widely used (especially as the pandemic has moved more of the workforce to remote work), and they can be used to carry traffic... Read more »

Know your environment: Tenable/Corelight integration for prioritized IDS alerts

One of the major causes of alert fatigue for SOCs is a class of alerts that fall in between false positives and useful detections: when an actual attack has been launched, and the detection is working correctly, but the host on the receiving end is... Read more »

One SIEM is not enough?

The idea behind the SIEM (and now XDR!) technologies was to provide a single engine at the heart of the SOC, aggregating data, enabling analytics and powering workflow automation. The SIEM would act as one place to train analysts and integrate a... Read more »