Corelight Bright Ideas Blog

Network Security

What makes evidence uniquely valuable?

Editor's note: This is the third in a series of Corelight blog posts focusing on evidence-based security strategy. Catch up on all of the  posts here. American novelist F. Scott Fitzgerald famously wrote that “the test of a first-rate intelligence... Read more »

Another day, another DCE/RPC RCE

CVE-2022-26809 was patched in Microsoft’s previous Patch Tuesday (April 12) and it’s a doozy: remote code execution on affected versions of DCE/RPC hosts. The vulnerability attracted a lot of attention in the security community, both because of its... Read more »

Monitoring AWS networks at scale

Corelight is pleased to announce our integration with AWS’s Traffic Mirroring to Gateway Load Balancer (GWLB) Endpoint as a Target. This integration simplifies the monitoring of network traffic and generating Corelight data in massively scaled-out... Read more »

Spotting Log4j traffic in Kubernetes environments

Editor’s note: This is the latest in a series of posts we have planned over the next several weeks where we explore topics such as network monitoring in Kubernetes, using sidecars to sniff and tunnel traffic, show a real-world example of detecting... Read more »

Network evidence for defensible disclosure

Editor's note: This is the second in a series of Corelight blog posts focusing on evidence-based security strategy. Catch up on all of the posts here. Read more »

Sidecars for network monitoring

Editor’s note: This is the second in a series of posts we have planned over the next several weeks where we explore topics such as network monitoring in Kubernetes, using sidecars to sniff and tunnel traffic, show a real-world example of detecting... Read more »

Deeper visibility into Kubernetes environments with network monitoring

Editor’s note: This is the first in a series of posts we have planned over the next several weeks. We will explore topics such as network monitoring in Kubernetes, using sidecars to sniff and tunnel traffic, show a real-world example of detecting... Read more »

Don’t trust. Verify with evidence.

Editor's note: This is the first in a series of Corelight blog posts focusing on evidence-based security strategy. Catch up on all of the posts here. What matters most in a criminal trial? Evidence. Everything depends on the quality and depth of... Read more »

VPNs are increasingly common - how much can you see?

New VPN Insights package shines the light on a growing blindspot VPN tunnels are like shipping containers in that they are widely used (especially as the pandemic has moved more of the workforce to remote work), and they can be used to carry traffic... Read more »

Know your environment: Tenable/Corelight integration for prioritized IDS alerts

One of the major causes of alert fatigue for SOCs is a class of alerts that fall in between false positives and useful detections: when an actual attack has been launched, and the detection is working correctly, but the host on the receiving end is... Read more »

Search

    Recent Posts