We are excited to announce a significant enhancement to our Entity Enrichment integration with CrowdStrike Falcon: the 1-Click Response action. This new feature empowers SOC analysts to isolate a host directly from Corelight Investigator, leveraging enriched context and point-in-time evidence to make informed, rapid decisions during security incidents.

Security operations centers (SOCs) play a vital role in detection, containment and mitigation of today’s advanced cyber attacks. SoC teams are also responsible for proactively hunting for threats, and improving the organization’s overall security posture. Modern SOC analysts struggle with alert fatigue.

Being a security analyst tracking down threats can feel like being the Wile E. Coyote to an attacker’s Road Runner. You’re fast, but they’re faster. You set up alerts, but they still manage to get past your defenses. You’re monitoring systems, but they’re still able to hide their criminal activities.

Threat actors are constantly updating their tactics, techniques and procedures (TTPs). In response, security teams must also continue to evolve their ability to detect the latest threats to avoid exploitation of security gaps that can result in costly breaches. This process, called detection engineering, refers to the method of fine-tuning security technologies to better detect malicious activity.

In this edition of Corelight’s Hunt of the Month blog, we bring you a STRRAT malware detector. In recent months STRRAT has become one of the top malware families submitted to Any.Run’s malware sandbox: STRRAT is a Java-based remote access tool (RAT) that uses a plugin architecture to provide full remote access to an attacker, as well as credential stealing, key logging, and additional plugins.

In a typical security operations center (SOC), the threat detection and response teams have one key objective: identify and stop the bad guys. To do so, they invest in the best tools, recruit the best team members, and work tirelessly to stay ahead of any potential security incidents that might be on the horizon.

RSA 2024 is a wrap. After multiple conversations with security leaders and partners on the show floor and during different sessions and happy hours, it’s time to look back and reflect on the biggest takeaways from the conference.

Today’s threat landscape is as dangerous as it has ever been. Global unrest, emerging technologies, and economic downturn all contribute to persistently high cybercrime rates and a dire need for organizations of all types to improve their security posture.

Bad bots, hackers, and other malicious agents can be tracked by a huge volume of metrics – session activity, HTTP headers, response times, request volume & cadence, and more. This complexity has created a market for siloed, complex, and extremely expensive tools. In contrast, Coralogix can consume simplistic data, like CDN logs, and derive complex, dynamically changing scores. When coupled with built-in cost optimization and the wider platform features, this makes a very compelling case.

Continuous threat exposure management (CTEM) is a formal program to manage cyber risk that allows organizations to enhance and optimize their overall cybersecurity posture. As outlined by Gartner, CTEM offers a cyclical approach to finding and mitigating threat exposure—which is the accessibility and exploitability of digital and physical assets—in an ongoing, proactive, and prioritized way.