Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Corelight has been an innovator and leader in AI and Large Language Model (LLM) adoption for almost 2 years. We introduced our first use of LLMs in our Open NDR platform Investigator in November of 2023. Since then, we have continued to push the boundaries of the possible by working with AI model builders on cybersecurity-specific training and expanding LLM use within Investigator to include data analysis and summaries.

Corelight’s GenAI Accelerator Pack features the industry's first Model Context Protocol (MCP) server, specifically designed to facilitate easier access to detailed network data and alerts for cybersecurity AI agents and enhance the analysis of network security information. The announcement comes at a pivotal moment for cybersecurity.

In today's complex network environments, ensuring complete visibility while optimizing resource utilization is paramount. Duplicate network traffic can overwhelm your monitoring infrastructure, create redundant alerts for SecOps, consume valuable storage, and obscure critical insights, making it harder for Network Detection and Response (NDR) solutions to spot genuine threats or anomalies. Network Packet Brokers often offer deduplication as a feature but it can add complexity and cost.

The Gordian knot of any detection strategy is knowing that two conflicting ideas are both true. On one hand, every SOC needs as much accurate detection coverage as they can get to find and disrupt attacks. On the other, the attackers you REALLY care about will find a way to bypass those detections so you need the ground truth of the attacker behavior on your network. The only answer is to have both: the absolute best data and the broadest detection suite possible on top of it.

In the rapidly evolving landscape of large language models (LLMs), the ability to access and synthesize vast amounts of information is paramount. While LLMs excel at generating creative text and understanding complex prompts, their knowledge is often limited to the data used during their training. This is where knowledge bases (a.k.a.