Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Corelight

Corelight's enhanced threat detection: staying ahead of evasive threats

Oct 30, 2025 By Tim Chiu In Corelight
In today's rapidly evolving cybersecurity landscape, organizations face unprecedented challenges. Cyber threats are not only increasing in volume but are also becoming more sophisticated and evasive, using AI themselves to enhance their attacks. The attack surface has expanded dramatically, while Security Operations Centers (SOCs) are often left with fewer resources to combat these growing threats.
Read Post

Episode 1: Typhoon Season with Vincent Stoffer

Oct 30, 2025 By Corelight In Corelight
Richard Bejtlich sits down with Vince Stoffer, Corelight's Field CTO, to dive into the recent wave of cyberattacks attributed to Chinese threat actors, known as "Typhoon" groups. Vince unpacks the distinctions between "Volt Typhoon," targeting critical infrastructure sectors such as energy and transportation, and "Salt Typhoon," which is infiltrating telecommunications networks for espionage. The conversation explores the evolving tactics, techniques, and procedures (TTPs) used by these groups, including their exploitation of zero-day vulnerabilities and outdated infrastructure.
View Video
Corelight

Modernize threat detection and SOC efficiency with integrated Corelight Threat Intelligence

Oct 30, 2025 By Allen Marin In Corelight
In the ever-escalating battle against cyber threats, security teams are often caught in a deluge of alerts, struggling to distinguish real threats from the noise. The sheer volume of threat data can be overwhelming, leading to alert fatigue and, worse, missed detections. But what if you could really cut through the clutter and focus on what truly matters?
Read Post
Corelight

No PoCs? No problem. How to hunt for F5 exploitation even when details are sparse

Oct 28, 2025 By David Burkett In Corelight
Endpoint detection and response (EDR) tools, and the analysts using them, have become incredibly effective. They have become so good, in fact, that we're now seeing a clear shift in adversary behavior: attackers are being pushed off the endpoint and onto places where EDR cannot run. This isn't just a theory. As I was writing a separate blog about a recent Cisco exploit which spurred an immediate CISA emergency directive, news dropped about another major network edge vendor, F5.
Read Post
Corelight

Are you blind to the next big firewall exploit? Warning signs and lessons learned from the recent Cisco exploit

Oct 20, 2025 By David Burkett In Corelight
It feels like the security world is caught in a recurring cycle. We see a spike in strange scanning activity, file it away as internet background noise, and then weeks later, a major zero-day exploit drops, targeting the very technology that was being scanned. The recent Cisco ASA vulnerabilities were a textbook example of this pattern. A September 4, 2025, report from GreyNoise highlighted a massive surge in scanning, with over 25,000 unique IPs probing Cisco ASA devices.
Read Post
Corelight

Exposing Salt Typhoon on the network using the PEAK Threat Hunting Framework

Oct 20, 2025 By David Burkett In Corelight
How do you find an adversary who lives where you can't easily look? A recent CISA advisory on the state-sponsored actor "Salt Typhoon" highlights this exact challenge. These actors aren't just breaking in; they're moving in. They persist on network edge devices like routers and firewalls—critical infrastructure that often sits outside the view of traditional endpoint security. From this vantage point, they capture traffic, steal credentials, and plan their next move.
Read Post
Corelight

Corelight Named a Leader in NAV Solutions by Forrester

Oct 15, 2025 By Ashish Malpani In Corelight
We are proud to announce that Corelight has been recognized as a Leader in The Forrester Wave: Network Analysis And Visibility (NAV) Solutions, Q4 2025. We believe this recognition reflects our focused innovation and the expanding capabilities of our Open NDR platform.
Read Post
Corelight

Corelight reconnects visibility across the entire AWS cloud environment

Oct 14, 2025 By Muzzafer Pasha In Corelight
Today, we are pleased to announce the launch of Corelight’s new AWS Flow Monitoring Sensor, a new addition to Corelight’s flow monitoring capabilities. This new sensor was purpose-built to address the longstanding visibility challenges that have frustrated security teams running their most critical workloads in AWS. AWS provides one of the world’s most popular cloud platforms, hosting applications and sensitive data for some of the largest organizations.
Read Post
Corelight

It all comes down to the data: unlocking the potential of AI in the SOC

Oct 3, 2025 By Gregory Bell In Corelight
This is a fascinating moment. Whether you think Generative AI is over-hyped or not, our technology landscape has been shocked by capabilities we couldn’t imagine a few years ago. And I do mean shocked. What’s underway is too rapid and uncanny to describe in terms of evolution. We are living through something different.
Read Post

Detecting EDR Evasion with Corelight Open NDR

Sep 29, 2025 By Corelight In Corelight
This video walks through how Corelight Open NDR helps security teams detect EDR evasion by delivering complete visibility across all network assets. Using a real-world scenario, the video demonstrates how anomaly detection uncovers suspicious activity, mapping events directly to MITRE ATT&CK techniques. The investigation process highlights the detection of an anomalous user agent, which ultimately reveals a Linux privilege escalation toolkit.
View Video

Copyright © 2026 OpsMatters™. All rights reserved.