Corelight Bright Ideas Blog: NDR & Threat Hunting Blog

Splunk .conf24 reflections - Federated data, resilience, and a parade of fezzes

By Allen Marin – June 26, 2024

Fresh from the recent .conf24 user conference in fabulous Las Vegas, I thought I’d share what I thought were some of the key points throughout the week. Read more »

Simplify SOC analyst experience with the enhanced Corelight Splunk App

By Claudio Cruz – May 29, 2024

Security operations centers (SOCs) play a vital role in detection, containment and mitigation of today’s advanced cyber attacks. SoC teams are also responsible for proactively hunting for threats, and improving the organization’s overall security... Read more »

Takeaways from RSA 2024

By Ashish Malpani – May 15, 2024

RSA 2024 is a wrap. After multiple conversations with security leaders and partners on the show floor and during different sessions and happy hours, it’s time to look back and reflect on the biggest takeaways from the conference. Read more »

Fuel for Security AI

By Brian Dye – April 30, 2024

The big idea behind Corelight has always been simple: ground truth is priceless. What really happened, both now and looking back in time. Whether it is used to detect attacks, investigate routine alerts, respond to new vulnerabilities or a full... Read more »

Streamlining Incident Response: How CrowdStrike Falcon EDR integration enhances threat detection

By Sahidya Devadoss – April 24, 2024

In the ever-evolving landscape of cybersecurity threats, staying ahead requires more than just threat detection; it demands comprehensive correlation and analysis for informed decision-making. Understanding the context surrounding an alert is... Read more »

Dual Defenses: 9 Reasons Why Open NDR Is Essential Alongside NGFW

By Ed Smith – March 1, 2024

Securing a network against the myriad of evolving cyber threats requires more than just a robust firewall or endpoint protection platform; it demands a multifaceted approach. Corelight’s Open Network Detection and Response (NDR) Platform complements... Read more »

Inside the Mind of a Cybersecurity Threat Hunter Part 2: Identifying Persistence Techniques

By Allen Marin – February 26, 2024

In this second post of our threat hunting with Corelight and CrowdStrike blog series we dive into Persistence, which is one the many tactical categories outlined in the MITRE ATT&CK framework. In our previous blog, we reviewed some of the common... Read more »

Dual Defenses: 10 Reasons Why NDR Is Essential Alongside EDR

By Ed Smith – January 10, 2024

Over the last few years, the evolution of cybersecurity strategies has seen a significant shift toward a more layered, nuanced, and, in many cases, advanced approach. Among these advancements, Network Detection and Response (NDR) has emerged as a... Read more »

Black Hat NOC USA 2023: Leveraging Corelight’s Open NDR Platform for Network Operations (NetOps)

By Eldon Koyle – December 4, 2023

In this blog, I’ll share a few NetOps observations of the Black Hat network that I made during my time serving in the Black Hat Network Operations Center (NOC). My hope in doing so is to spark some ideas on how you can use an existing tool like Zeek... Read more »

How Corelight Uses AI to Empower SOC Teams

By Vince Stoffer – November 15, 2023

The explosion of interest in artificial intelligence (AI) and specifically large language models (LLMs) has recently taken the world by storm. The duality of the power and risks that this technology holds is especially pertinent to cybersecurity. On... Read more »