Over the past two decades we have seen a major shift in working patterns and models at organisations around the world. Intertwined—driven by those workforce changes as well as enabling them—we have also seen a complete rearchitecting of the IT systems that underpin our corporations. Both of these change agents have driven spiralling network costs in the name of maintaining and improving the performance of the essential applications for hybrid workforces.

Remote workforces need network detection and response tools (NDR), but deploying an NDR that works with remote and hybrid environments is another story. Most NDRs are designed for on-premises networks. Unfortunately, that couldn’t be further from what the typical modern environment looks like.

Whether or not you made it to RSA 2023, here are two key themes we saw throughout this year’s conference.

The Open Systems Interconnection (OSI) model is a conceptual framework developed by the International Standards Organization (ISO). It has been in use for over 40 years, and is cited in every computer network book. It is also a favorite resource for just about every cybersecurity exam. The OSI model is represented in seven layers that help us understand how communications between computer systems occur.

If you are wondering whether your firm needs network detection and response (NDR), ask yourself this question: How often did your team come into the office in the last week? Probably more than they did last year, but almost certainly daily. This is what work now looks like for most people. And if this describes your organisation, you need an extra layer of defence inside your network perimeter. To see why, just look at what has happened to the network perimeter itself.

We are excited to announce the release of a new detection package “Sliver”, which identifies and raises alerts related to the Sliver C2 framework. This new package joins our industrial-strength C2 Collection and uses a variety of techniques to detect Sliver, above and beyond our HTTP-C2 package’s existing Sliver coverage. In this blog we provide some basics about Sliver and how it works and then dive deep into the techniques we use to detect this popular and powerful tool.

Businesses should patch their TP-Link routers as soon as possible, after the revelation that a legendary IoT botnet is targeting them for recruitment. The notorious Mirai botnet, which hijacks control of vulnerable IoT devices, is now exploiting TP-Link Archer AX21 routers to launch distributed denial-of-service (DDoS) attacks.

This blog post is the first in a 2 part series on Corelight Smart PCAP. Tune in next week for part two where we’ll take a deep dive look at Corelight’s PCAP functionality and workflows that accelerate security investigations.