CONTACT US
forrester wave report 2023

Close your ransomware case with Open NDR

SEE HOW

Download our free guide to find hidden attackers.

Find hidden attackers with Open NDR

SEE HOW

cloud-network

Corelight announces cloud enrichment for AWS, GCP, and Azure

READ MORE

corelight partner programe guide

Corelight's partner program

VIEW PROGRAM

glossary-icon

10 Considerations for Implementing an XDR Strategy

READ NOW

ad-images-nav_0006_Blog

Don't trust. Verify with evidence

READ BLOG

video

The Power of Open-Source Tools for Network Detection and Response

WATCH THE WEBCAST

ad-nav-ESG

The Evolving Role of NDR

DOWNLOAD THE REPORT

ad-images-nav_0006_Blog

Detecting 5 Current APTs without heavy lifting

READ BLOG

g2-medal-best-support-spring-2024

Network Detection and Response

SUPPORT OVERVIEW

 

Richard Bejtlich

Introducing RDP Inferences

Corelight recently released a new package, focused on RDP inferences, as part of our Encrypted Traffic Collection. This package runs on Corelight Sensors and provides network traffic analysis (NTA) inferences on live RDP traffic. Read more »

Mixed VLAN tags and BPF syntax

This post contains a warning and a solution for anyone using BPF syntax when filtering traffic for network security monitoring. Read more »

Network Security Monitoring data: Types I, II, and III

Some critics claim that ever growing encryption renders network security monitoring useless. This opinion is based on a dated understanding of the types and values of data collected and analyzed by computer incident response teams (CIRTs) that... Read more »

The election is six months away. Now is the time to instrument election infrastructure.

Editor’s Note: Richard recently shared his thoughts on our blog which are now included in an article contributed to StateTech on why the overarching role of the network and election infrastructure is worthy of a deep assessment right now. If state... Read more »

Enabling SOHO Network Security Monitoring

One of the most popular and regularly occurring questions I see in network security monitoring forums involves how to instrument a small office – home office (SOHO) environment. There are ways to accomplish this goal. For example, I instrument my... Read more »

Using Corelight and Zeek to support remote workers

Due to the tragic Covid-19 pandemic, as we are all experiencing first hand, most governments and health officials are either mandating or encouraging those who can work from home to do so, as part of widespread “social distancing” measures. Remote... Read more »

Countering network resident threats

Vendors often claim that their products or services counter, mitigate, or otherwise affect “nation state threats.” When I worked as a director of incident response at one company, and as a chief security officer at another, claims like these made no... Read more »

12 talks to see at RSA 2020

RSA 2020 is fast approaching, and a colleague asked what talks I planned to attend. As I am not attending RSA, I thought I would answer her question anyway, with the hopes that those participating in the conference might benefit from my review of... Read more »

Day 1 detection: CVE-2020-0601, a community, and 40 lines of code

On Tuesday, Jan. 14, 2020, the world learned of the vulnerability du jour, CVE-2020-0601. As explained by Microsoft, “a spoofing vulnerability exists in the way Windows CryptoAPI (Crypt32.dll) validates Elliptic Curve Cryptography (ECC)... Read more »

No tap? No problem!

Recently a fan of network security monitoring (NSM) asked me for advice on his current instrumentation situation. He said his organization was new to NSM and was interested in pursuing solutions with Corelight. However, the company did not have any... Read more »