Corelight Bright Ideas Blog: NDR & Threat Hunting Blog

Deeper visibility into Kubernetes environments with network monitoring

By Vijit Nair – April 12, 2022

Editor’s note: This is the first in a series of posts we have planned over the next several weeks. We will explore topics such as network monitoring in Kubernetes, using sidecars to sniff and tunnel traffic, show a real-world example of detecting... Read more »

Application Layer Infrastructure Visibility in IaaS

By Ricky Lin – February 10, 2022

The migration to cloud provides faster time to deployment and elasticity, but often at some cost and complexity to infrastructure control and visibility. A concrete example we can use is a deployment of web servers with rational security group... Read more »

Security strategy for the next Log4Shell

By Brian Dye – December 22, 2021

Last week I had the privilege to be in Washington, DC talking to a group of defenders. I heard a clear pattern of words: “data-driven,” “telemetry-first,” and “visibility”. The defenders were focused on having the right telemetry to investigate both... Read more »

Corelight & Microsoft Defender for IoT: Through an XDR lens

By Brian Dye – November 16, 2021

What is the XDR paradox? It’s the hottest term in security but there is no consensus yet on the right definition. Why is that? Many organizations have deployed EDR and are benefiting from it, but also looking to the gaps that EDR can’t address such... Read more »

Detecting CVE-2021-42292

By Corelight Labs Team – November 10, 2021

On its surface, CVE-2021-42292 doesn’t look like the kind of vulnerability that a network-based tool can find reliably. Marked by Microsoft as a local file format vulnerability, security veterans would expect that between encryption and encoding,... Read more »

Expanded Suricata detections with Dtection.io

By Alex Kirk – November 4, 2021

One of the most common questions that Corelight customers and prospects who are using our Suricata integration ask is “what signatures should I run?” While our answer has always started with the industry-standard Emerging Threats Pro feed, we... Read more »

Microsoft + Corelight partner to stop IoT attacks

By Ed Smith – November 2, 2021

When you hear the term “Internet of Things,” (IoT) do you picture home devices like lightbulbs, smart assistants, and wifi-connected refrigerators? Perhaps you think of enterprise devices like video conferencing systems, smart sensors, or security... Read more »

Smart PCAP and threat detection in the cloud

By John Gamble – August 3, 2021

I am thrilled to publicly launch Corelight software version 22, which introduces a transformative new security product, Smart PCAP, and also enables threat detection in the cloud by extending Corelight’s Open NDR support for Suricata across... Read more »

PrintNightmare, SMB3 encryption, and your network

By Corelight Labs Team – July 7, 2021

CVE-2021-1675, also tracked in CVE-2021-34527, is a remote code execution vulnerability that targets the Windows Print Spooler service. In a nutshell, there is a Distributed Computing Environment / Remote Procedure Call (DCE/RPC) that allows... Read more »

CrowdStrike + Corelight partner to reach new heights

By Lana Knop – April 21, 2021

Through our newly announced partnership with CrowdStrike, Corelight customers will be able to incorporate CrowdStrike’s best-in-class threat intelligence into Corelight Sensors to generate actionable alerts and network evidence. In addition, by... Read more »