Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Richard Bejtlich sits down with Ali Islam to pull back the curtain on how a security research lab functions within a modern security company. Moving beyond the "ivory tower" of academia, Ali explains why researchers must be battle-hardened by real-world threat actor techniques to remain effective in the field. The conversation dives into Corelight’s unique commitment to the open source community through the direct funding of Zeek and Suricata developers, ensuring that community-driven tools can scale to meet massive enterprise traffic demands.

Richard Bejtlich sits down with Stan Kiefer, Corelight’s Senior Manager for Data Science, to discuss how AI serves as a vital "abstraction layer" and "knowledge multiplier" for security analysts. Stan explains that while AI can synthesize complex information, it remains untrustworthy without high-fidelity network data at its center to provide verifiable evidence. The episode explores the shift toward an "agentic ecosystem" and a tiered architecture where a central orchestrator manages specialized sub-agents to accelerate detection and investigation.

In this video, we introduce the basic features of Corelight's new Machine Learning and Anomaly Detection tools. We also dive into how you can optimize the machine learning settings to ensure your SOC remains focused on the most critical network threats. Check out this short video to see what these tools can do and to learn how they can help you in implementing your company's NDR plan.

Discover Corelight's Virtual Resident tool! This video provides an overview of our new feature that serves as an AI-powered SOC assistant. This platform orchestrates specialized agents to query your SIEM and then return descriptions of threats, network evidence, and suggested next steps while maintaining the highest security standards. We provide a firsthand look at how adaptive playbooks and automated triaging can uncover hidden threats across an entire attack life cycle.

Richard Bejtlich talks with Vijit Nair, VP of Product at Corelight, about the evolving "AI Maturity Journey" for modern security teams. Vijit outlines a three-level spectrum of AI adoption, moving from basic human-driven assistance to automated swarms of agents, and eventually toward fully autonomous systems. They discuss why high-quality, unopinionated data remains the essential foundation for building trust in AI and how technologies like the Model Context Protocol (MCP) are turning human language into the primary interface for tool integration.

Corelight is excited to introduce Agentic Triage! In this demo, you can see how Agentic Triage helps SOC analysts filter through alerts and respond quickly to active threats. We combine generative AI with our industry leading log framework to identify the detections and cases that truly matter. This video shows how you can use Agentic Triage to quickly perform deep dives into open detections and make confident decisions to secure your network.

Corelight is excited to introduce Agentic Triage! In this demo, you can see how Agentic Triage helps SOC analysts filter through alerts and respond quickly to active threats. We combine generative AI with our industry leading log framework to identify the detections and cases that truly matter. This video shows how you can use Agentic Triage to quickly perform deep dives into open detections and make confident decisions to secure your network.

Richard Bejtlich sits down with Jean Schaffer, Corelight’s Federal CTO, to discuss the unique hurdles facing government agencies in an era of escalating state-sponsored threats. Jean highlights the persistent challenge of legacy IT infrastructure and the "technical debt" that complicates modernization efforts across the Department of Defense, the intelligence community, and the civilian sector. The conversation explores the strategic shift toward cloud adoption as a means to decommission vulnerable on-premise hardware and the evolving "whole of nation" defense strategy that requires deeper public-private partnerships.

In this episode of Corelight Defenders, I’m joined by Bernard Brantley, Chief Information Security Officer at Corelight, as we delve into the concept of the enterprise nervous system. Bernard shares insights from his extensive experience in network analysis, explaining how organizations can leverage their network traffic data to enhance security and drive business outcomes. We discuss the importance of understanding the interdependencies between assets, processes, and goals, and how security teams can position themselves as integral to business success rather than just risk mitigators.

In Episode 7 of Corelight DefeNDRs, join me, Richard Bejtlich, as I sit down with Dr. Keith Jones, Corelight's principal security researcher, to discuss the practical applications of AI in enhancing network security. We delve into how large language models (LLMs) can assist in cleaning up documentation and generating Zeek scripts, sharing insights from our extensive experience in incident response and coding. Keith reveals the challenges and successes he has encountered using LLMs to streamline processes, including their role in analyzing MITRE techniques.