CONTACT US
forrester wave report 2023

Close your ransomware case with Open NDR

SEE HOW

ad-nav-crowdstrike

Corelight now powers CrowdStrike solutions and services

READ MORE

ad-images-nav_0013_IDS

Alerts, meet evidence.

LEARN MORE ABOUT OUR IDS SOLUTION

ad-images-nav_white-paper

5 Ways Corelight Data Helps Investigators Win

READ WHITE PAPER

glossary-icon

10 Considerations for Implementing an XDR Strategy

READ NOW

ad-images-nav_0006_Blog

Don't trust. Verify with evidence

READ BLOG

video

The Power of Open-Source Tools for Network Detection and Response

WATCH THE WEBCAST

ad-nav-ESG

The Evolving Role of NDR

DOWNLOAD THE REPORT

ad-images-nav_0006_Blog

Detecting 5 Current APTs without heavy lifting

READ BLOG

g2-medal-best-support-spring-2024

Network Detection and Response

SUPPORT OVERVIEW

 

CORELIGHT LABS

RESEARCH

corelight-labs-research

 

From detecting attacks to profiling behavior, Corelight Labs creates new ways to deepen network insight and strengthen enterprise security. We work in close partnership with other innovators at Corelight, and we take pride in the robust, deeply technical capabilities we create.

Mission and team
Polaris program

Recent Research

Network Detection of Interactive SSH Impostors Using Deep Learning

Impostors who have stolen a user's SSH login credentials can inflict significant harm to the systems to which the user has remote access. We consider the problem of identifying such imposters when they conduct interactive SSH logins by detecting discrepancies in the timing and sizes of the client-side data packets, which generally reflect the typing dynamics of the person sending keystrokes over the connection.

Read More

GGFAST: Automating Generation of Flexible Network Traffic Classifiers

When employing supervised machine learning to analyze network traffic, the heart of the task often lies in developing effective features for the ML to leverage. We develop GGFAST, a unified, automated framework that can build powerful classifiers for specific network traffic analysis tasks, built on interpretable features. The framework uses only packet sizes, directionality, and sequencing, facilitating analysis in a payload-agnostic fashion that remains applicable in the presence of encryption.

Read More

The explosion of interest in artificial intelligence (AI) and specifically large language models (LLMs) has recently taken the world by storm. The...

Read More

Zeek® is the world’s most widely used network security monitoring platform and is the foundation for Corelight network evidence. In this blog I share...

Read More

This article was originally featured in TechBeacon.

Read More

Over the past few months, ransomware targeting healthcare organizations has been on the rise. While ransomware is nothing new, targeting healthcare...

Read More

During Black Hat 2023 in Las Vegas, our Corelight team worked effectively and speedily with our first-rate Black Hat NOC partners Arista, Cisco,...

Read More

As a principal security researcher on Corelight’s Labs team, I help to solve difficult network security research problems at scale. Corelight’s...

Read More

Increasingly, security teams are tasked with identifying, understanding, and managing risk around devices that may live outside the traditional IT...

Read More

To learn more about Corelight Labs, contact our team.

Get our research the minute it's published

Sign up for Corelight Labs news.


Have questions?

Talk with one of our experts today.

CONTACT US