Corelight Bright Ideas Blog: NDR & Threat Hunting Blog

Know your environment: Tenable/Corelight integration for prioritized IDS alerts

By Alex Kirk – March 10, 2022

One of the major causes of alert fatigue for SOCs is a class of alerts that fall in between false positives and useful detections: when an actual attack has been launched, and the detection is working correctly, but the host on the receiving end is... Read more »

One SIEM is not enough?

By Brian Dye – March 3, 2022

The idea behind the SIEM (and now XDR!) technologies was to provide a single engine at the heart of the SOC, aggregating data, enabling analytics and powering workflow automation. The SIEM would act as one place to train analysts and integrate a... Read more »

Acting on CISA’s advice for detecting Russian cyberattacks

By Alex Kirk – February 28, 2022

Given that active cyber warfare has broken out alongside Russia’s active invasion of Ukraine - from Russian wiper malware to Anonymous hacking Russian state TV - CISA’s recent “Shields Up” memo is a timely insight into some of the TTPs defenders of... Read more »

Government gets serious: deadlines for Zero Trust Architectures

By Jean Schaffer – February 2, 2022

Since the 1990s, the federal government has been issuing guidelines and recommendations for security via their 800-Series Special Publications. While some of those guidelines became mandates, things have largely inched forward, instead of making any... Read more »

Microsoft + Corelight partner to stop IoT attacks

By Ed Smith – November 2, 2021

When you hear the term “Internet of Things,” (IoT) do you picture home devices like lightbulbs, smart assistants, and wifi-connected refrigerators? Perhaps you think of enterprise devices like video conferencing systems, smart sensors, or security... Read more »

What’s next for the National Cyber Director?

By Jean Schaffer – July 14, 2021

As the first National Cyber Director begins to settle into office, private industry is very hopeful that this will be one of the turning points to solidify a true private/public partnership for raising the cybersecurity posture of the U.S. As I... Read more »

What the Cyber EO means for federal agencies

By Jean Schaffer – May 24, 2021

For those of us who have spent our careers working in cybersecurity, President Biden’s recent “Executive Order on Improving the Nation’s Cybersecurity,” (EO) held no surprises. However, it is a step toward accelerating the modernization of public... Read more »

The election is six months away. Now is the time to instrument election infrastructure.

By Richard Bejtlich – May 6, 2020

Editor’s Note: Richard recently shared his thoughts on our blog which are now included in an article contributed to StateTech on why the overarching role of the network and election infrastructure is worthy of a deep assessment right now. If state... Read more »

Don’t delay – Corelight today!

By Richard Bejtlich – July 31, 2019

Introduction Recently I heard that a company interested in Corelight was considering delaying their evaluation because of questions about SIEM technology. They currently have two SIEMs and are evaluating a third, possibly to replace the first two.... Read more »

Corelight + Chronicle Backstory: Technology integration brings all the right data at the right time for customers

By Allen Male – March 25, 2019

At the recent RSA Conference, Chronicle launched Backstory, a new security analytics platform, and we are pleased to share that Corelight is part of the Chronicle Index Partner program. Read more »