Bright Ideas Blog

Featured

The evidence bank: leveraging security's most valuable asset

The evidence bank: leveraging security's most valuable asset

Editor's note: This is the fourth in a series of Corelight blog posts focusing on evidence-based security strategy. Catch up on the previous posts here. Read more »

Acting on CISA’s advice for detecting Russian cyberattacks

Given that active cyber warfare has broken out alongside Russia’s active invasion of Ukraine - from Russian wiper malware to Anonymous hacking Russian state TV - CISA’s recent “Shields Up” memo is a timely insight into some of the TTPs defenders of... Read more »

Detecting Log4j via Zeek & LDAP traffic

We recently discussed some methods for detecting the Log4j exploit, and we’ve now developed another method that everyone running Zeek® or a Corelight sensor can use. Our new approach is based on the rarity of legitimate downloads of Java via LDAP.... Read more »

Simplifying detection of Log4Shell

Simplifying detection of Log4Shell

Security workers across the world have been busy since last Friday dealing with CVE-2021-44228, the log4j 0-day known as Log4Shell, that is already being heavily exploited across the Internet. Given the huge number of systems that embed the... Read more »

Corelight & Microsoft Defender for IoT: Through an XDR lens

What is the XDR paradox? It’s the hottest term in security but there is no consensus yet on the right definition. Why is that? Many organizations have deployed EDR and are benefiting from it, but also looking to the gaps that EDR can’t address such... Read more »

Detecting CVE-2021-42292

On its surface, CVE-2021-42292 doesn’t look like the kind of vulnerability that a network-based tool can find reliably. Marked by Microsoft as a local file format vulnerability, security veterans would expect that between encryption and encoding,... Read more »

Microsoft + Corelight partner to stop IoT attacks

Microsoft + Corelight partner to stop IoT attacks

When you hear the term “Internet of Things,” (IoT) do you picture home devices like lightbulbs, smart assistants, and wifi-connected refrigerators? Perhaps you think of enterprise devices like video conferencing systems, smart sensors, or security... Read more »

Smart PCAP and threat detection in the cloud

I am thrilled to publicly launch Corelight software version 22, which introduces a transformative new security product, Smart PCAP, and also enables threat detection in the cloud by extending Corelight’s Open NDR support for Suricata across... Read more »

Maximize your Splunk ES investment with Corelight

Maximize your Splunk ES investment with Corelight

Are you looking to threat hunt but lack sufficient network and IDS data? Have you tried to accelerate your incident response process with better data, but run into dead ends that require data scientists or significant data model modification? Maybe... Read more »

Small, fast and easy. Pick any three.

Small, fast and easy. Pick any three.

Zeek has been the darling of security defenders looking to get deep visibility into network traffic. Over the last two decades, Zeek has become a household name – widely used by enterprise organizations, educational institutions and government... Read more »

Search

    Recent Posts