|
By Ed Smith
The halls of RSAC 2026 were buzzing with a singular question: "How do we defend an ecosystem that is moving faster than we can think?" During a featured session last week, Brian Dye (CEO, Corelight) talked with Deneen DeFiore (CISO, United Airlines) about the realities of protecting one of the world's most complex digital environments.
|
By Gregory Bell
The Department of Energy’s Office of Cybersecurity, Energy Security, and Emergency Response (CESER) has released its first five-year strategic plan, following the broader national cybersecurity strategy. It’s coming at a time when the energy cybersecurity landscape is changing quickly, in some cases faster than operators can realistically keep up.
|
By Ashish Malpani
Anthropic's Claude Mythos has demonstrated that AI can be leveraged to identify vulnerabilities and develop exploits faster than ever. Here is what that means for how you defend.
|
By Tim Chiu
Staying ahead of sophisticated attackers requires a security platform that evolves at the speed of the threat landscape. Today’s attackers are AI-enabled, increasing the number of attacks and targeting vulnerabilities more quickly than ever. That's why we are excited to announce the Corelight Sensor v.29 release, a significant step forward in our mission to provide critical detections backed by the world's best network evidence.
|
By Allen Marin
For SOC teams, the battle against cyber threats can feel like trying to solve a 3D jigsaw puzzle in a bouncy house with missing pieces and a timer blasting every few seconds. Despite the increase in security spending, most teams still struggle with inefficient investigations, alert fatigue, and the non-stop guessing game of prioritizing threats. That’s why we’re excited about our latest integration with Microsoft Security that we hope will help address these persistently common challenges.
|
By Cody Spooner
From hunting threats to solving complex problems to coding on a couch, adventures in the Black Hat NOC (Network Operations Center) are always interesting. Over the last few months and several shows, I’ve had the privilege of working with one of the other NOC partners, Cisco, to design and test our first integration between Corelight Investigator and Cisco XDR.
|
By Muzzafer Pasha
The cybersecurity landscape has fundamentally shifted in the last several years. Adversaries are no longer just using AI to draft phishing emails; they're deploying autonomous AI agents capable of executing end-to-end attack chains, from initial reconnaissance through lateral movement and data exfiltration. Anthropic's1 analysis of recent incidents indicates a rapid acceleration in attacker adoption of agentic workflows, dramatically shortening the time between initial access and impact.
|
By Vince Stoffer
When geopolitical tensions rise, cybersecurity quickly becomes part of the public conversation. Government agencies issue warnings. Security teams increase monitoring. Headlines start asking which organizations could become targets if cyber operations escalate alongside physical conflict. But geopolitical conflict does not suddenly create cyber risk. What it does increase is the likelihood that existing weaknesses will be tested and pre-existing risks could be exposed.
|
By Nacho Arnaldo
Working at the Black Hat Network Operations Center (NOC) as a data scientist makes me a bit of an outlier (pun intended) among network engineers and hard-core threat hunters.
|
By Mark Overholser
With the holiday season all wrapped up (pun definitely intended), I finally have time to sit down and digest what we saw in the network traffic at Black Hat Europe 2025 while working alongside the other Network Operations Center (NOC) partners: Arista, Cisco, Jamf, and Palo Alto Networks. As usual, there is a mix of the expected, a dash of the unexpected, and some lessons for newcomers and greybeards alike. Let’s get into it.
|
By Corelight
Richard Bejtlich sits down with Ali Islam to pull back the curtain on how a security research lab functions within a modern security company. Moving beyond the "ivory tower" of academia, Ali explains why researchers must be battle-hardened by real-world threat actor techniques to remain effective in the field. The conversation dives into Corelight’s unique commitment to the open source community through the direct funding of Zeek and Suricata developers, ensuring that community-driven tools can scale to meet massive enterprise traffic demands.
|
By Corelight
Richard Bejtlich sits down with Stan Kiefer, Corelight’s Senior Manager for Data Science, to discuss how AI serves as a vital "abstraction layer" and "knowledge multiplier" for security analysts. Stan explains that while AI can synthesize complex information, it remains untrustworthy without high-fidelity network data at its center to provide verifiable evidence. The episode explores the shift toward an "agentic ecosystem" and a tiered architecture where a central orchestrator manages specialized sub-agents to accelerate detection and investigation.
|
By Corelight
In this video, we introduce the basic features of Corelight's new Machine Learning and Anomaly Detection tools. We also dive into how you can optimize the machine learning settings to ensure your SOC remains focused on the most critical network threats. Check out this short video to see what these tools can do and to learn how they can help you in implementing your company's NDR plan.
|
By Corelight
Discover Corelight's Virtual Resident tool! This video provides an overview of our new feature that serves as an AI-powered SOC assistant. This platform orchestrates specialized agents to query your SIEM and then return descriptions of threats, network evidence, and suggested next steps while maintaining the highest security standards. We provide a firsthand look at how adaptive playbooks and automated triaging can uncover hidden threats across an entire attack life cycle.
|
By Corelight
Richard Bejtlich talks with Vijit Nair, VP of Product at Corelight, about the evolving "AI Maturity Journey" for modern security teams. Vijit outlines a three-level spectrum of AI adoption, moving from basic human-driven assistance to automated swarms of agents, and eventually toward fully autonomous systems. They discuss why high-quality, unopinionated data remains the essential foundation for building trust in AI and how technologies like the Model Context Protocol (MCP) are turning human language into the primary interface for tool integration.
|
By Corelight
Corelight is excited to introduce Agentic Triage! In this demo, you can see how Agentic Triage helps SOC analysts filter through alerts and respond quickly to active threats. We combine generative AI with our industry leading log framework to identify the detections and cases that truly matter. This video shows how you can use Agentic Triage to quickly perform deep dives into open detections and make confident decisions to secure your network.
|
By Corelight
Corelight is excited to introduce Agentic Triage! In this demo, you can see how Agentic Triage helps SOC analysts filter through alerts and respond quickly to active threats. We combine generative AI with our industry leading log framework to identify the detections and cases that truly matter. This video shows how you can use Agentic Triage to quickly perform deep dives into open detections and make confident decisions to secure your network.
|
By Corelight
Richard Bejtlich sits down with Jean Schaffer, Corelight’s Federal CTO, to discuss the unique hurdles facing government agencies in an era of escalating state-sponsored threats. Jean highlights the persistent challenge of legacy IT infrastructure and the "technical debt" that complicates modernization efforts across the Department of Defense, the intelligence community, and the civilian sector. The conversation explores the strategic shift toward cloud adoption as a means to decommission vulnerable on-premise hardware and the evolving "whole of nation" defense strategy that requires deeper public-private partnerships.
|
By Corelight
In this episode of Corelight Defenders, I’m joined by Bernard Brantley, Chief Information Security Officer at Corelight, as we delve into the concept of the enterprise nervous system. Bernard shares insights from his extensive experience in network analysis, explaining how organizations can leverage their network traffic data to enhance security and drive business outcomes. We discuss the importance of understanding the interdependencies between assets, processes, and goals, and how security teams can position themselves as integral to business success rather than just risk mitigators.
|
By Corelight
In Episode 7 of Corelight DefeNDRs, join me, Richard Bejtlich, as I sit down with Dr. Keith Jones, Corelight's principal security researcher, to discuss the practical applications of AI in enhancing network security. We delve into how large language models (LLMs) can assist in cleaning up documentation and generating Zeek scripts, sharing insights from our extensive experience in incident response and coding. Keith reveals the challenges and successes he has encountered using LLMs to streamline processes, including their role in analyzing MITRE techniques.
- April 2026 (8)
- March 2026 (7)
- February 2026 (5)
- January 2026 (3)
- December 2025 (6)
- November 2025 (1)
- October 2025 (9)
- September 2025 (6)
- August 2025 (3)
- July 2025 (6)
- June 2025 (6)
- May 2025 (4)
- April 2025 (5)
- March 2025 (4)
- February 2025 (4)
- January 2025 (1)
- December 2024 (6)
- November 2024 (2)
- October 2024 (1)
- September 2024 (6)
- August 2024 (1)
- July 2024 (4)
- June 2024 (1)
- May 2024 (5)
- April 2024 (3)
- March 2024 (3)
- February 2024 (1)
- January 2024 (1)
- December 2023 (1)
- November 2023 (4)
- October 2023 (6)
- September 2023 (5)
- August 2023 (3)
- July 2023 (3)
- June 2023 (4)
- May 2023 (5)
- April 2023 (4)
- March 2023 (2)
- February 2023 (2)
- January 2023 (3)
- December 2022 (4)
- November 2022 (3)
- October 2022 (5)
- September 2022 (4)
- August 2022 (7)
- July 2022 (3)
- June 2022 (3)
- May 2022 (11)
- April 2022 (8)
- March 2022 (6)
- February 2022 (7)
- January 2022 (1)
- December 2021 (7)
- November 2021 (7)
- October 2021 (3)
- September 2021 (3)
- August 2021 (7)
- July 2021 (7)
Corelight gives you the high ground—a commanding view of your network that lets you outsmart and outlast adversaries.
From the Acropolis to the edge of space, defenders have sought the high ground in order to see farther and turn back attacks. Corelight delivers a commanding view of your network so you can outsmart and outlast adversaries. We capture, interpret, and connect the data that means everything to defenders.
Corelight gives apex defenders the information and tools they need to successfully detect and respond to threats. Corelight is built on Zeek, an open-source, global standard technology. Zeek provides rich, structured, security-relevant data to your entire SOC, making everyone from Tier 1 analysts to seasoned threat hunters far more effective.
The Open NDR Platform:
- Suricata: Suricata generates alerts that we embed directly into Zeek logs, putting every detection into context to save time, cut alert backlogs, and improve analytics.
- Zeek: The Zeek open source network security monitor generates lightweight metadata and detections to enable threat hunting and speed incident response.
- Smart PCAP: Smart PCAP links logs, extracted files, and insights with just the packets you need, to reduce storage costs while expanding retention times by a factor of 10.
Faster investigations, more effective threat hunts with the world's best network evidence.