Corelight

San Francisco, CA, USA
2013
  |  By Tillson Galloway
Welcome to Corelight Labs' latest hunt! This blog continues our tradition of analyzing trending threat groups and TTPs on Any.Run and writing detectors for them, providing the community with open-source threat intelligence, and acting as a tutorial in engineering threat detections with Zeek Script.
  |  By David Getman
Security Operations Centers (SOCs) are under immense pressure to ensure no attack goes unnoticed. At Corelight, we’re being approached daily to help bring in network visibility. For many though, visibility isn’t enough. SOCs are already overloaded and Tier 1 Analysts often lack network expertise. Modern network visibility has to be easy to use and designed for maximizing SOC efficiency. For that, we built Guided Triage.
  |  By Allen Marin
In today’s threat landscape, security teams face mounting challenges in maintaining a robust security posture. Legacy tools often fall short of defending against increasingly sophisticated adversaries, especially with the complexity of modern, multi-cloud environments. Corelight’s latest integration with the SentinelOne Singularity Platform brings a fresh approach to overcoming these challenges, unifying network and endpoint visibility while simplifying and accelerating threat investigations.
  |  By Vince Stoffer
Corelight has strengthened the Suricata integration within its Open NDR Platform, empowering customers with a custom ruleset, the Corelight Feed, designed to swiftly detect and help respond to emerging threats. With a new monthly update cycle, Corelight ensures that organizations stay ahead of the latest vulnerabilities and enhance their network security posture effortlessly.
  |  By Mark Overholser
In the Black Hat Network Operations Center (NOC), the conference’s leadership team must assemble best-in-class technologies that complement each other to build and harden an enterprise-grade network in just a few days. Then, the NOC must continuously monitor and adapt the network throughout the course of the conference before dismantling it after the conference concludes.
  |  By Allen Marin
At Corelight, we’re thrilled when a respected cybersecurity leader like Mandiant introduces a new offering based on our solution. This week, Mandiant Managed Defense unveiled support for Corelight Open NDR, a move that strengthens our existing relationship and integration across the Google Cloud Security portfolio.
  |  By Lisa Karas
Accelerate Your Hybrid Cloud Security with Corelight Open NDR, now in the VMware Marketplace Corelight’s Open NDR platform has achieved VMware Ready for Telco Cloud Infrastructure (TCI) certification and is now active in the VMware Marketplace.
  |  By Corelight Labs Team
Welcome to the latest hunt from Corelight Labs! This blog continues our tradition of analyzing trending TTPs on Any.Run and writing detectors for them.
  |  By Ed Smith
As organizations embrace digital transformation, security teams face growing challenges in maintaining visibility across diverse on-prem, cloud, and hybrid environments. With the rapid adoption of Secure Access Service Edge (SASE) and Security Service Edge (SSE) solutions, maintaining comprehensive visibility becomes even more critical.
  |  By Todd Morneau
This week, I’m excited to announce Cloud Enrichment for AWS, GCP, and Azure. These enhancements are designed to accelerate incident response and unlock threat hunting capabilities by automatically combining the insights of your cloud network with the native control plane data from your cloud service provider.
  |  By Corelight
See how the integration between Corelight's Open NDR platform and ServiceNow allows analysts to send specified detections to ServiceNow, enabling efficient case management for in-depth analysis. Send selected detections with contextual information to ServiceNow with a few clicks, and easily jump from ServiceNow to view detection-related details in Corelight, resulting in faster time to case resolution/MTTR.
  |  By Corelight
  |  By Corelight
Detection engineering has evolved into an art, contributing to the success rates of endpoint and network detection and response tooling capabilities. Used to effectively counter the increasing complexity of today’s cyber threat actors, high-fidelity detections can help an organization discover threats earlier, neutralizing them before further damage can occur.
  |  By Corelight
Defenders face numerous challenges in their complex, ever-expanding environments. Good data or network truth shouldn't be one of them. As Corelight is the standard in the NDR market, we will explore how to pivot from NDR to several EDR tools. The demo will showcase popular tools and give analyst workflow examples and use cases. Speaker: Steven Swaim (Principal Federal Sales Engineer, Corelight)
  |  By Corelight
What is network detection and response, how is it fundamental to #cybersecurity, and why should #investors and #security leaders be investing in the #NDR space? Watch as Corelight CEO Brian Dye shares the answers to these questions and more in a new interview with NYSE.
  |  By Corelight
Speakers: Matt Bromiley (SANS), Tim Nolen, Sr. Sales Engineer (Corelight), Jean Schaffer, Federal CTO (Corelight)
  |  By Corelight
Want to know how to get a commanding view of all devices that log onto your network? Let’s ask ChatGPT! Watch as Corelight's James Pope leverages his AI assistant to explain the power of Zeek®—the open-source technology behind Corelight’s network evidence—and the detailed logs of network activity it produces, including protocols such as HTTP, DNS, and SSL. In the video he also shares how Zeek®’s open standard easily integrates with Suricata, SecurityOnion, Molok, Elk, CrowdStrike EDR logs, and more.
  |  By Corelight
Speakers: John Gamble (Corelight), Domenica Crognale, Heather Mahalik, David Smalley.
  |  By Corelight
As vendors develop new software or tools for threat hunting, we need to remember that threat hunting is predominantly a human-based activity in looking for incidents that our automated tools have not yet found, or cannot yet detect.
  |  By Corelight
Whether you’re attending RSA or not, one thing is for certain - attackers are always at work. Furthermore, attackers are always working together without red tape like we have within our corporate infrastructure. That’s why Mandiant/Google, Stairwell, SnapAttack, Nozomi Networks, SentinelOne, and Corelight are hosting a webinar before RSAC 2023 to show how Defenders are also Stronger Together. There is no silver bullet in the cybersecurity space, so come get the conversation started early in an executive panel as we explore how each executive/organization is addressing.

Corelight gives you the high ground—a commanding view of your network that lets you outsmart and outlast adversaries.

From the Acropolis to the edge of space, defenders have sought the high ground in order to see farther and turn back attacks. Corelight delivers a commanding view of your network so you can outsmart and outlast adversaries. We capture, interpret, and connect the data that means everything to defenders.

Corelight gives apex defenders the information and tools they need to successfully detect and respond to threats. Corelight is built on Zeek, an open-source, global standard technology. Zeek provides rich, structured, security-relevant data to your entire SOC, making everyone from Tier 1 analysts to seasoned threat hunters far more effective.

The Open NDR Platform:

  • Suricata: Suricata generates alerts that we embed directly into Zeek logs, putting every detection into context to save time, cut alert backlogs, and improve analytics.
  • Zeek: The Zeek open source network security monitor generates lightweight metadata and detections to enable threat hunting and speed incident response.
  • Smart PCAP: Smart PCAP links logs, extracted files, and insights with just the packets you need, to reduce storage costs while expanding retention times by a factor of 10.

Faster investigations, more effective threat hunts with the world's best network evidence.