Get The Forrester Wave™: Network Analysis And Visibility, Q2 2023 Report

Get The Forrester Wave™: Network Analysis And Visibility, Q2 2023 Report

CONTACT US
forrester wave report 2023

Forrester rates Corelight a strong performer

GET THE REPORT

ad-nav-crowdstrike

Corelight now powers CrowdStrike solutions and services

READ MORE

ad-images-nav_0013_IDS

Alerts, meet evidence.

LEARN MORE ABOUT OUR IDS SOLUTION

ad-images-nav_white-paper

5 Ways Corelight Data Helps Investigators Win

READ WHITE PAPER

video

WEBINAR: Amplifying Security Insights with Corelight and Cribl

WATCH NOW

ad-images-nav_0006_Blog

Don't trust. Verify with evidence

READ BLOG

ad-nav-NDR-for-dummies

NDR for Dummies

GET THE WHITE PAPER

video

The Power of Open-Source Tools for Network Detection and Response

WATCH THE WEBCAST

ad-nav-ESG

The Evolving Role of NDR

DOWNLOAD THE REPORT

ad-images-nav_0006_Blog

Detecting 5 Current APTs without heavy lifting

READ BLOG

Corelight Bright Ideas Blog

Featured Post

September 15, 2023

Black Hat NOC USA 2023: A tale of sharp needles in a stack of dull needles

During Black Hat 2023 in Las Vegas, our Corelight team worked effectively and speedily with our first-rate Black Hat NOC partners Arista, Cisco, Lumen, NetWitness and Palo Alto Networks. I was fortunate enough to be a member of the NOC team at the show, helping to defend the Black Hat network. In this blog, I’ll share my experience within the... Read more »

Additional Posts

Using Corelight to Identify Ransomware Blast Radius

Over the past few months, ransomware targeting healthcare organizations has been on the rise. While ransomware is nothing new, targeting healthcare organizations, at the extreme, can impact an organization’s ability to engage in anything from... Read more »

How Can Kill Webs Change Security Thinking?

In my previous article, I proposed ways that modern network-derived evidence applies to the cyber kill chain—a concept created by Eric Hutchins, Michael Cloppert, and Rohan Amin that changed how security teams approach defending their digital... Read more »

Black Hat NOC USA 2023: A tale of sharp needles in a stack of dull needles

During Black Hat 2023 in Las Vegas, our Corelight team worked effectively and speedily with our first-rate Black Hat NOC partners Arista, Cisco, Lumen, NetWitness and Palo Alto Networks. I was fortunate enough to be a member of the NOC team at the... Read more »

How Does the Kill Chain Apply to Network-Derived Evidence?

When Eric M. Hutchins, Michael J. Cloppert, and Rohan M. Amin published their paper “Intelligence-Driven Computer Network Defense Informed by Analysis of Adversary Campaigns and Intrusion Kill Chains” in late 2010, they changed the way security... Read more »

Detecting Gozi Banking Malware

As a principal security researcher on Corelight’s Labs team, I help to solve difficult network security research problems at scale. Corelight’s customers might recognize some of my work if you see the packages “VPN Insights” or “App ID” on your... Read more »

Detections and Findings using Corelight in the Black Hat Asia NOC

As promised, we wanted to dedicate a blog to detections and findings from the network operations center (NOC) at Black Hat Asia 2023 as a follow up to our Lessons Learned blog. Some of these discoveries may not surprise the seasoned analyst or... Read more »

Detecting Storm-0558 using Corelight evidence

While there have been many intrusions, compromises, breaches, and incidents that have made news in the IT and InfoSec industries throughout 2022 and into this year, when events or threats like Storm-0558 gain coverage by mainstream media, we often... Read more »

I have trust issues and so does my CISO

Trust is hard to earn but necessary for any successful relationship. As organizations build the systems to support Zero Trust, they find themselves balancing security and functionality across their operations. Incident Response and Network... Read more »

How SOCs can level up their PCAP game with Smart PCAP (Part 2)

This is the second in a 2 part series on Corelight Smart PCAP. If you missed Part 1, you can find it here. In terms of unencrypted traffic, several highly used protocols lend themselves to logging and can significantly reduce the burden of packet... Read more »

Extending visibility through our new ICS/OT collection

Increasingly, security teams are tasked with identifying, understanding, and managing risk around devices that may live outside the traditional IT umbrella. Operational Technology (OT) refers to computing systems that are used to manage and process... Read more »

Recent Posts