Welcome to the latest hunt from Corelight Labs! This blog continues our tradition of analyzing trending TTPs on Any.Run and writing detectors for them.
As organizations embrace digital transformation, security teams face growing challenges in maintaining visibility across diverse on-prem, cloud, and hybrid environments. With the rapid adoption of Secure Access Service Edge (SASE) and Security Service Edge (SSE) solutions, maintaining comprehensive visibility becomes even more critical.
This week, I’m excited to announce Cloud Enrichment for AWS, GCP, and Azure. These enhancements are designed to accelerate incident response and unlock threat hunting capabilities by automatically combining the insights of your cloud network with the native control plane data from your cloud service provider.
The cybersecurity landscape is evolving, and Network Detection and Response (NDR) solutions are becoming indispensable for consistent visibility across an increasing attack surface.
In the constantly evolving world of cybersecurity, staying ahead of emerging threats requires continuous vigilance and adaptation. Fortunately for those of us in the industry, we’ve been able to count on highly respected digital forensics and incident response specialists like Mandiant to publish annual research on the latest security trends seen first-hand by their global teams.
The Black Hat network is unlike an enterprise network. The network operations center (NOC), which Corelight helps to operate, sees traffic that would never be permissible on most enterprise networks. Still, in many ways the Black Hat network is a microcosm of many real-world environments, with similar challenges that require similar solutions.
Welcome to the latest from Corelight Labs! This blog continues our tradition of picking a popular malware family from Any.Run and writing a detector for it! Trending consistently at #1 on Any.Run’s malware trends list, Agent Tesla uses multiple protocols to communicate with its C2 infrastructure, making it more difficult to detect robustly than a malware sample utilizing only one network protocol for its C2.
Fresh from the recent.conf24 user conference in fabulous Las Vegas, I thought I’d share what I thought were some of the key points throughout the week. Along with admiring the traditional display of fezzes and capes throughout the week, we were excited about the great conversations with our customers, business partners, Splunkers, and, of course, the lovely Buttercup.
We are excited to announce a significant enhancement to our Entity Enrichment integration with CrowdStrike Falcon: the 1-Click Response action. This new feature empowers SOC analysts to isolate a host directly from Corelight Investigator, leveraging enriched context and point-in-time evidence to make informed, rapid decisions during security incidents.
Security operations centers (SOCs) play a vital role in detection, containment and mitigation of today’s advanced cyber attacks. SoC teams are also responsible for proactively hunting for threats, and improving the organization’s overall security posture. Modern SOC analysts struggle with alert fatigue.