Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Inside the SectorCERT Denmark Attack: How Corelight Helped Stop a Coordinated Campaign

Corelight CEO Brian Dye recounts how Corelight supported SectorCERT—an alliance of energy companies in Denmark—during one of the most advanced attack sequences he’s seen. The coordinated campaign targeted a shared firewall vulnerability across nearly a dozen organizations. Corelight provided the critical visibility and detection that helped defenders stop the first wave—and stay ahead of a second, modified attack just weeks later. The incident became a model of collaboration and response across national infrastructure.

How Corelight Helped a Customer Reject a $10M Ransomware Demand

Corelight CEO Brian Dye shares the high-stakes story of a customer under a $10 million ransomware attack. The attackers claimed to have stolen sensitive IP—but with Corelight, the customer had the network visibility to verify exactly what was taken. The result? They confirmed the stolen data was limited and non-critical, enabling them to confidently deny the ransom demand. This powerful story illustrates the difference between “I think” and “I know”—and how that clarity can drive executive confidence, legal defensibility, and real-world savings.

Corelight Recognized as a Leader in the 2025 Gartner Magic Quadrant for Network Detection and Response

Network Detection and Response (NDR) has emerged as a must-have capability of modern security operations (SecOps). NDR provides deep visibility, detection of advanced threats that evade other security tools, and rapid response capabilities to address the SecOps challenges of incomplete visibility, detection gaps, high SIEM and storage costs, and tool sprawl that impact accuracy, speed, and efficiency.

How to Threat Hunt for Volt Typhoon Using NDR

Whether they use custom implants for persistence, zero days for initial access, or live off the land (LOTL) to avoid detection, finding a state-sponsored adversary group can be a challenging proposition for defenders. This can be particularly true for adversaries that are sponsored by the People’s Republic of China (PRC). Historically, their focus has been on espionage and intellectual property theft.

Edge exploits, EDR blind spots, 51-second breakouts

For every advancement in defense, attackers supply the equal and opposite adaptation. In the last few years EDRs have become so effective that adversaries have radically shifted gears. That shift shows up unmistakably in three heavyweight reports—Verizon’s DBIR, Mandiant’s M-Trends, and CrowdStrike’s Global Threat Report. Here’s how I’m stitching their data together.

Cloud your way: Expanding threat visibility to meet the unique needs of your business

Let’s face it: The cloud has become the go-to platform for modern infrastructure—and for good reason. Scalability, flexibility, and speed are hard to beat. But as organizations increasingly rely on the cloud to run their critical operations, the threat landscape is evolving just as fast. And attackers? They’re getting smarter, stealthier, and more cloud-savvy by the day. That’s why monitoring cloud network traffic is no longer optional—it’s essential.

Your Network Evidence, Your SIEM, your way: Corelight's open SIEM strategy empowers SOCs with a unified experience

Security operations centers (SOCs) are under constant pressure to keep their organizations secure, while battling alert fatigue, tool sprawl, and ever-rising demands for speed and precision. Analysts today face an overwhelming landscape where context is thin, telemetry is inconsistent, and critical signals are buried in noise. At Corelight, we’re focused on one simple idea: Your network evidence should work wherever your SOC team does.

Corelight's Vincent Stoffer on Why Enterprises Can't Rely Only on Endpoint Security

The cybersecurity industry's heavy reliance on endpoint detection and response tools has created significant vulnerabilities, particularly around IoT devices and operational technology that cannot be monitored using traditional security tools, according to Vincent Stoffer, field CTO at Corelight. This growing attack surface, combined with sophisticated threat actors who exploit any available entry point, has pushed organizations to reevaluate their security strategies and consider more comprehensive network monitoring approaches.