This post will discuss four dimensions of not having network taps in place and offer advice on making the best of available visibility options.
Network and security devices operate with vulnerabilities that can be exploited. Here's how to use Corelight to monitor and identify exploited VPNs.
This true story illustrates how Corelight could have assisted with the realization that activity is not suspicious or malicious, but is in fact...
Here are the three most important decisions Gary Reiner, former CIO of General Electric, made with respect to the success of GE-CIRT.
While I have used log collection and SIEM platforms to review Zeek transaction logs, it is not necessary to wait for a SIEM before collecting...
Discover what the terms detection, inference, and identification mean, and how they can help you when investigating activity in your environment.
I downloaded Whonix version 15, in which two virtual machines work together to detect activity in a clever way.
We reproduce our experiment using TLS 1.3. Remember that we have been visiting the Web site enabled.tls13.com, first without encryption, then with...
In part 1, I showed how Corelight would produce logs for a clear-text HTTP session. In part 2, I perform the same transaction using TLS 1.2.