Corelight

Monitoring AWS networks at scale

May 12, 2022 By Vijit Nair In Corelight

Corelight is pleased to announce our integration with AWS’s Traffic Mirroring to Gateway Load Balancer (GWLB) Endpoint as a Target. This integration simplifies the monitoring of network traffic and generating Corelight data in massively scaled-out public cloud environments. When it comes to monitoring network traffic today, we see two primary deployment patterns, each with their own pain points.

Read Post

Corelight

Read more about Monitoring AWS networks at scale

Spotting Log4j traffic in Kubernetes environments

May 10, 2022 By Stan Kiefer In Corelight

Editor’s note: This is the latest in a series of posts we have planned over the next several weeks where we explore topics such as network monitoring in Kubernetes, using sidecars to sniff and tunnel traffic, show a real-world example of detecting malicious traffic between containers, and more! Please subscribe to the blog, or come back for more each week.

Read Post

Corelight

Read more about Spotting Log4j traffic in Kubernetes environments

Network evidence for defensible disclosure

May 5, 2022 By Richard Bejtlich In Corelight

What do I say if my team discovers a breach of our digital assets? This is a question that requires understanding “defensible disclosure,” a term first employed in the statistical, medical, legal, and financial communities.* Understanding what this term means and how to live up to its expectations is key in an age where organizations regularly handle intrusions and, sometimes, suffer breaches.

Read Post

Corelight

Read more about Network evidence for defensible disclosure

Unify endpoint and network evidence

Apr 29, 2022 By Corelight In Corelight

Unmanaged endpoints, vendor security appliances, cloud instances, and IoT devices often lack endpoint protection, creating hiding places that attackers exploit. Using Humio to correlate Falcon endpoint data with Corelight network evidence improves detection capabilities for all of your devices, and makes investigators and hunters faster.

View Video

Corelight

Read more about Unify endpoint and network evidence

What does XDR mean for your organization?

Apr 29, 2022 By Corelight In Corelight

As one of the hottest new buzzwords in the infosec space, XDR means many things to many people. This talk will discuss all of the possible components of an XDR solution through the lens of SOC operations, laying out the pros and cons of various approaches such as SaaS vs on-premise, specialized vs general tooling, etc. for organizations of different size, funding, and maturity levels. Best practice suggestions will be provided throughout, from general principles to specific integration code.

View Video

Corelight

Read more about What does XDR mean for your organization?

Sidecars for network monitoring

Apr 21, 2022 By Al Smith In Corelight

Monitoring container traffic and extracting rich security-centric metadata provides SOC analysts an inviolable source of truth for threat detection and incident investigation. This data complements the deep visibility provided by container agents and broad visibility through monitoring audit logs.

Read Post

Corelight

Read more about Sidecars for network monitoring

Detecting Windows NFS Portmap vulnerabilities

Apr 21, 2022 By Corelight Labs Team In Corelight

This month, Microsoft announced two vulnerabilities in portmap, which is part of ONC RPC, on Windows systems. This blog will discuss Zeek detection packages for CVE-2022-24491 and CVE-2022-24497 developed by Corelight Labs.

Read Post

Corelight

Read more about Detecting Windows NFS Portmap vulnerabilities

Network Evidence For XDR

Apr 20, 2022 By Corelight In Corelight

XDR - Extended detection and response - promises to integrate data from any source to stop today's sophisticated and often automated attacks. The key is: Which source? Register for this exclusive session for insights on why network evidence must be a key part of your XDR strategy. Topics to be discussed include how to: Walk away with new ideas on how to stay ahead of ever-changing attacks by using a data-first strategy for detection and response.

View Video

Corelight

Read more about Network Evidence For XDR

Explore Corelight evidence in Humio Community Edition

Apr 19, 2022 By Ed Smith In Corelight

Now available: A free and easy way to learn about Humio and Corelight. As part of our alliance partnership with CrowdStrike and Humio, Corelight is excited to announce a new collaboration that allows our customers and the community to experience the value of evidence.

Read Post

Corelight

Read more about Explore Corelight evidence in Humio Community Edition

Deeper visibility into Kubernetes environments with network monitoring

Apr 12, 2022 By Vijit Nair In Corelight

Network monitoring solutions can overcome the security visibility blind spots in Kubernetes environments, by providing a source of truth for SOC analysts. Container security solutions broadly span the spectrum of (a) prevention - securing the container image and ensuring the right policies are in place during runtime and (b) detection - monitoring runtime events for threat detection and investigation.

Read Post

Corelight

Read more about Deeper visibility into Kubernetes environments with network monitoring

Subscribe to Corelight

Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Corelight

Monitoring AWS networks at scale

Spotting Log4j traffic in Kubernetes environments

Network evidence for defensible disclosure

Unify endpoint and network evidence

What does XDR mean for your organization?

Sidecars for network monitoring

Detecting Windows NFS Portmap vulnerabilities

Network Evidence For XDR

Explore Corelight evidence in Humio Community Edition

Deeper visibility into Kubernetes environments with network monitoring

Monthly Archive

Follow Us