Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Latest Posts

Fuel for Security AI

The big idea behind Corelight has always been simple: ground truth is priceless. What really happened, both now and looking back in time. Whether it is used to detect attacks, investigate routine alerts, respond to new vulnerabilities or a full scale incident response, the constant is that ground truth makes everything in security better. We have no claim of authorship here. By contrast, we learn from the world’s most accomplished defenders through their use of Zeek® and Suricata®.

Streamlining Incident Response: How CrowdStrike Falcon EDR integration enhances threat detection

In the ever-evolving landscape of cybersecurity threats, staying ahead requires more than just detection; it demands comprehensive correlation and analysis for informed decision-making. Understanding the context surrounding an alert is important to effectively mitigate risk. That's why we're thrilled to announce the integration of CrowdStrike Falcon EDR with Investigator, part of Corelight’s Open NDR Platform.

Blackhat NOC: Findings from Europe & thoughts for Asia 2024

How quickly a year passes. 2023 was Corelight’s first year participating in the Black Hat Network Operations Center (NOC). It was a tremendous opportunity and responsibility in which we collaborated with teams from Cisco, Palo Alto Networks, Arista, Lumen, and NetWitness to keep events in Asia, Europe, and the US safe and functional for all attendees. As we speak, our team is gearing up for a repeat for Black Hat Asia 2024 in Singapore.

Hunt of the Month: Detecting AsyncRAT Malware Over HTTPS

Malware often hides communications with its command and control (C2) server over HTTPS. The encryption in HTTPS usually conceals the compromise long enough for the malware to accomplish its goal. This makes detecting malware that uses HTTPS challenging, but once in a while, you will catch a break, as in the case here with AsyncRAT, a Windows remote access tool that has been deployed over the past year to target organizations that manage critical infrastructure in the United States.

Focus Terrapin patching efforts with Zeek

In this blog, we will demonstrate how Zeek’s metadata approach can help focus patching efforts related to the recent SSH “Terrapin” attack. One of the interesting aspects to bear in mind as you read this is that Zeek provides visibility of the vulnerable elements of this encrypted protocol, and thus serves as a reminder that network monitoring is still very much relevant, even in a heavily encrypted world.

Dual Defenses: 9 Reasons Why Open NDR Is Essential Alongside NGFW

Securing a network against the myriad of evolving cyber threats requires more than just a robust firewall or endpoint protection platform; it demands a multifaceted approach. Corelight’s Open Network Detection and Response (NDR) Platform complements and significantly enhances the effectiveness of next-generation firewalls (NGFWs). Here are 9 reasons why adding Corelight to your cybersecurity arsenal, alongside existing NGFWs, is not just an upgrade but a strategic necessity.

Inside the Mind of a Cybersecurity Threat Hunter Part 2: Identifying Persistence Techniques

In this second post of our threat hunting with Corelight and CrowdStrike blog series we dive into Persistence, which is one the many tactical categories outlined in the MITRE ATT&CK framework. In our previous blog, we reviewed some of the common techniques in the Initial Access category, like Drive-By Compromise and Spearphishing. In this post, we examine and provide some useful threat hunting tips on some of the common tactics attackers use to maintain long-term access to a target's environment.

Dual Defenses: 10 Reasons Why NDR Is Essential Alongside EDR

Over the last few years, the evolution of cybersecurity strategies has seen a significant shift toward a more layered, nuanced, and, in many cases, advanced approach. Among these advancements, Network Detection and Response (NDR) has emerged as a critical component that continues to become more widely recognized and accepted across the industry for its efficacy in bolstering cybersecurity defenses.

Black Hat NOC USA 2023: Leveraging Corelight's Open NDR Platform for Network Operations (NetOps)

In this blog, I’ll share a few NetOps observations of the Black Hat network that I made during my time serving in the Black Hat Network Operations Center (NOC). My hope in doing so is to spark some ideas on how you can use an existing tool like Zeek for a new purpose. These insights were particularly revealing, despite not being linked to any security incidents.

Inside the Mind of a Cybersecurity Threat Hunter Part 1: Confronting Initial Access Techniques

At Corelight, we’re always striving to make the life of threat hunters and security analysts a little easier. It’s the reason we developed our Open NDR Platform that provides comprehensive, correlated network data and forensic evidence about everything happening on the network. If you’re familiar with Corelight, you probably already know that.