%term

New Sliver C2 Detection Released - Redteam detected

May 4, 2023 By Corelight Labs Team In Corelight

We are excited to announce the release of a new detection package “Sliver”, which identifies and raises alerts related to the Sliver C2 framework. This new package joins our industrial-strength C2 Collection and uses a variety of techniques to detect Sliver, above and beyond our HTTP-C2 package’s existing Sliver coverage. In this blog we provide some basics about Sliver and how it works and then dive deep into the techniques we use to detect this popular and powerful tool.

Read Post

Corelight

Read more about New Sliver C2 Detection Released - Redteam detected

Microsoft Threat Detection and Response: Five Key Pitfalls (and How to Address Them)

May 3, 2023 By Rafael De Lima In Kroll

Organizations are increasingly turning to the cloud in their attempt to become more agile and efficient. Many will choose the Microsoft ecosystem and will need to become familiar with threat detection and response offered by this environment, how these technologies can be leveraged to their full potential, and what should be supplemented to avoid unnecessary risk.

Read Post

Kroll

Read more about Microsoft Threat Detection and Response: Five Key Pitfalls (and How to Address Them)

How SOCs can level up their PCAP game with Smart PCAP

May 3, 2023 By Roger Cheeks In Corelight

This blog post is the first in a 2 part series on Corelight Smart PCAP. Tune in next week for part two where we’ll take a deep dive look at Corelight’s PCAP functionality and workflows that accelerate security investigations.

Read Post

Corelight

Read more about How SOCs can level up their PCAP game with Smart PCAP

Machine Learning in Security: Detect Suspicious TXT Records Using Deep Learning

May 2, 2023 By Namratha Sreekanta In Splunk

There are about 90 DNS resource record types (RR) of which many of them are obsolete today. Of the RR’s used, DNS TXT record offers the most flexibility in content by allowing user defined text. The TXT record initially designed to hold descriptive text (RFC 1035) is widely used for email verification, spam prevention and domain ownership verification.

Read Post

Splunk

Read more about Machine Learning in Security: Detect Suspicious TXT Records Using Deep Learning

2023 SANS Threat Hunting Survey Focusing on the Hunters and How Best to Support Them

Apr 24, 2023 By Corelight In Corelight

As vendors develop new software or tools for threat hunting, we need to remember that threat hunting is predominantly a human-based activity in looking for incidents that our automated tools have not yet found, or cannot yet detect.

View Video

Corelight

Read more about 2023 SANS Threat Hunting Survey Focusing on the Hunters and How Best to Support Them

Stronger Together, RSAC 2023: Navigating security events with cyber partners

Apr 20, 2023 By Corelight In Corelight

Whether you’re attending RSA or not, one thing is for certain - attackers are always at work. Furthermore, attackers are always working together without red tape like we have within our corporate infrastructure. That’s why Mandiant/Google, Stairwell, SnapAttack, Nozomi Networks, SentinelOne, and Corelight are hosting a webinar before RSAC 2023 to show how Defenders are also Stronger Together. There is no silver bullet in the cybersecurity space, so come get the conversation started early in an executive panel as we explore how each executive/organization is addressing.

View Video

Corelight

Read more about Stronger Together, RSAC 2023: Navigating security events with cyber partners

Corelight Open NDR Now Helps Defend Black Hat Events

Apr 18, 2023 By John Gamble In Corelight

We are honored to announce that Corelight’s Open Network Detection and Response (NDR) solution has been chosen by the esteemed Black Hat Network Operations Center (NOC) to help defend their networks at Black Hat events worldwide. It’s a testament to the capabilities of our platform and the open source technologies that power it. We are honored to be among the distinguished vendors chosen to provide best of breed solutions for the NOC.

Read Post

Corelight

Read more about Corelight Open NDR Now Helps Defend Black Hat Events

Threat Hunting Fundamentals: Why Network Data Should Be At Core of Your Process

Apr 17, 2023 By Corelight In Corelight

Speakers: AJ Nurcombe (Corelight), Brandon Dunlop (ISC2) Threat hunting is a challenge to get right, with many potential pitfalls. There are twenty different definitions for threat hunting and ten different ways to do it. Organisations vary from having zero presence in their threat hunting program to multiple full-time hunters, but unfortunately, they often miss many critical pieces. This webinar will cover the common oversights that organisations fall foul of as well as emphasising the importance of network evidence in your threat hunting framework.

View Video

Corelight

Read more about Threat Hunting Fundamentals: Why Network Data Should Be At Core of Your Process

Why SOCs Need AI Threat Detection

Apr 12, 2023 By SenseOn In SenseOn

Getting the benefits of AI threat detection tools is becoming less of an option for security operation centres (SOCs). Last year, the UK experienced more cyber attacks than any other country in Europe. According to IBM’s X-Force Threat Intelligence Index report, nearly half (43%) of all cyber attacks in Europe targeted UK-based organisations.

Read Post

SenseOn

Read more about Why SOCs Need AI Threat Detection

Threat Detection and Response: 5 Log Management Best Practices

Apr 10, 2023 By The Graylog Team In Graylog

In a world where attackers can move fast, security teams need to move faster. According to SANS research from 2022, adversaries can perform intrusion actions within a five-hour window. While analysts need the Millennium Falcon of security technologies that enable threat detection and response in under twelve parsecs, increasingly complex IT environments make the 1-10-60 Framework feel unachievable.

Read Post