Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Threat Detection

Detecting the STRRAT Malware Family

In this edition of Corelight’s Hunt of the Month blog, we bring you a STRRAT malware detector. In recent months STRRAT has become one of the top malware families submitted to Any.Run’s malware sandbox: STRRAT is a Java-based remote access tool (RAT) that uses a plugin architecture to provide full remote access to an attacker, as well as credential stealing, key logging, and additional plugins.

Dynamic Bad Actor Scoring in Coralogix

Bad bots, hackers, and other malicious agents can be tracked by a huge volume of metrics – session activity, HTTP headers, response times, request volume & cadence, and more. This complexity has created a market for siloed, complex, and extremely expensive tools. In contrast, Coralogix can consume simplistic data, like CDN logs, and derive complex, dynamically changing scores. When coupled with built-in cost optimization and the wider platform features, this makes a very compelling case.

The Road to CTEM, Part 1: Breaking Down the 5 Phases

Continuous threat exposure management (CTEM) is a formal program to manage cyber risk that allows organizations to enhance and optimize their overall cybersecurity posture. As outlined by Gartner, CTEM offers a cyclical approach to finding and mitigating threat exposure—which is the accessibility and exploitability of digital and physical assets—in an ongoing, proactive, and prioritized way.

Next-Generation SIEM: Corelight is the Data of Choice

For years, the mantra for achieving visibility into potential threats has been the trio of EDR, NDR, and SIEM. These components form the foundation of a robust security posture, with EDR and NDR offering the depth and breadth needed to monitor activities across endpoints and networks.

Fuel for Security AI

The big idea behind Corelight has always been simple: ground truth is priceless. What really happened, both now and looking back in time. Whether it is used to detect attacks, investigate routine alerts, respond to new vulnerabilities or a full scale incident response, the constant is that ground truth makes everything in security better. We have no claim of authorship here. By contrast, we learn from the world’s most accomplished defenders through their use of Zeek® and Suricata®.

Webinar: Incorporating Digital Risk Exposure in Your Threat Detection Strategy

Watch as Kroll experts Wojcieszek and Scott Hanson outline the key benefits of incorporating surface, deep and dark web intelligence into your threat detection and response plans. During the session, they discuss the top use cases of digital risk protection and the best approaches to mapping out and reducing your digital risk across all areas of the internet. They also outline how security teams can use this external threat intelligence to improve their threat detection and response efforts and get wider visibility across the attack lifecycle.

Streamlining Incident Response: How CrowdStrike Falcon EDR integration enhances threat detection

In the ever-evolving landscape of cybersecurity threats, staying ahead requires more than just detection; it demands comprehensive correlation and analysis for informed decision-making. Understanding the context surrounding an alert is important to effectively mitigate risk. That's why we're thrilled to announce the integration of CrowdStrike Falcon EDR with Investigator, part of Corelight’s Open NDR Platform.