San Francisco, CA, USA
Oct 18, 2021   |  By Ed Smith
Looking for some threat hunting and incident response practice that's more game than work? Check out the new Capture the Flag (CTF) challenges from Corelight, now available on Splunk’s Boss of the SOC (BOTS) website - just in time for.conf! Our two on-demand BOTS modules will show you how Corelight data in Splunk can accelerate your processes and help analysts spend more time analyzing and less time fumbling with queries and gluing together data sources.
Oct 7, 2021   |  By Jean Schaffer
In case you missed the Office of Management and Budget (OMB) (memo M-21-31), Improving the Federal Government’s Investigative and Remediation Capabilities Related to Cybersecurity Incidents, let me provide you the information that you need to know if you are in the federal government.
Sep 21, 2021   |  By Paul Dokas
One of Zeek's greatest strengths is its ability to deeply inspect packet streams that are fed into it. It is adept not only at identifying network protocols but also parsing them to extract large amounts of useful information. There is another strength that is often overlooked: Zeek not only extracts information from individual packets of network sessions, it also provides a very flexible and useful way to track state across the lifetime of network sessions.
Sep 21, 2021   |  By Ben Reardon
Researchers at recently found a series of vulnerabilities in Windows Open Management Infrastructure (OMI) software, which is widely installed on cloud-based Azure Linux Agents. We have open-sourced a Zeek package for the most severe of these vulnerabilities, which we’ll discuss later in this blog. One of the four vulnerabilities found is a trivially exploitable unauthenticated remote code execution (RCE).
Sep 8, 2021   |  By Corelight
Corelight, provider of the industry's first open network detection and response (NDR) platform, welcomes Clint Sand as its new senior vice president of product. In this role, Sand will be responsible for all aspects of the Corelight product portfolio, including product management, product design, roadmap, and strategy.
Sep 2, 2021   |  By Corelight
Corelight, provider of the industry's first open network detection and response (NDR) platform, has raised $75 million in Series D investment led by Energy Impact Partners (EIP).
Aug 18, 2021   |  By Alex Kirk
The US federal government recently took an unprecedented step in the fight against cyber espionage, publishing detailed technical guidance on tactics and techniques used by Chinese state-sponsored actors. The NSA, CISA, and the FBI have done the security community a great favor by making this material public, mapping tactics and techniques to MITRE ATT&CK, and providing a breakdown of specific exploited vulnerabilities.
Aug 3, 2021   |  By John Gamble
I am thrilled to publicly launch Corelight software version 22, which introduces a transformative new security product, Smart PCAP, and also enables threat detection in the cloud by extending Corelight’s Open NDR support for Suricata across Corelight Cloud and Virtual Sensors.
Jul 28, 2021   |  By Yacin Nadji
Zeek’s Notice Framework enables network operators to specify how potentially interesting network findings can be reported. This decoupling of detection and reporting highlights Zeek’s flexibility: a notice-worthy event in network A may be run-of-the-mill in network B. Much like detections, reporting needs will likely differ between networks as well.
Jul 14, 2021   |  By Jean Schaffer
As the first National Cyber Director begins to settle into office, private industry is very hopeful that this will be one of the turning points to solidify a true private/public partnership for raising the cybersecurity posture of the U.S. As I mentioned in my previous post, Chris Inglis is perfectly positioned to establish the cybersecurity battle rhythm for our nation.
Sep 21, 2021   |  By Corelight
With increases in remote work, VPN and RDP services are prime targets for gaining unauthorized access to organizations. RDP services secured by passwords are subject to brute-force guessing and credential stuffing attacks, not to mention remote exploitation. Advisories are using RDP to gain initial access to organizations and then pivot to distribute and spread ransomware. In this technical training, we will take a deep dive look at threats to RDP services, adversarial TTP involving RDP, and explore how artifacts from encrypted RDP sessions are leveraged to build detections.
Aug 30, 2021   |  By Corelight
With the rise in distributed workforces both SSH and RDP connections have proliferated as remote employees connect to sensitive internal environments and machines to do their job. Unfortunately, these remote-friendly protocols are also prime attack targets and once compromised give adversaries a clear path to move laterally, deploy ransomware, and more.
Aug 27, 2021   |  By Corelight
Many organizations find that today’s security tools are not built for petabyte scale, long-term telemetry retention and are often cost prohibitive. Ingestion based pricing forces customers to limit what data is collected and retained, resulting in both more false positives and missed valid threats. Learn how enterprises can leverage all of their high-fidelity network data to gain a comprehensive, accurate and real-time understanding of your environment at any scale, on-prem or in the cloud.
Aug 27, 2021   |  By Corelight
Organizations are experiencing an increase in both threat volumes and complexity, leaving corporate security teams with the ongoing challenge of balancing workloads across a broader attack surface. IT and security teams struggle to identify all their endpoints and are often unable to install Endpoint Detection and Response (EDR) software on every known endpoint device, leaving security gaps that increase business risk. Network visibility is crucial for multi-layer defense and provides critical data to fill endpoint visibility gaps.
Aug 25, 2021   |  By Corelight
Give your security teams 10x the retention length at 50% the cost of full PCAP. Watch this webcast and you'll discover how to.
Aug 24, 2021   |  By Corelight
While the security industry spends a lot of time and energy getting more and/or better alerts, comparatively little investment has gone into helping analysts operationalize and contextualize those alerts. This webcast will discuss how a solid foundation of network telemetry can enable not only high-velocity, high-confidence processing of alerts of all stripes, but also a host of other critical security applications, from fundamentals like asset management to advanced techniques like proactive threat hunting. Real-world examples and code will be used throughout the talk, along with practical considerations for operating in an enterprise environment.
Aug 10, 2021   |  By Corelight
Discover the power of the world’s best network security monitor, Zeek, and how Corelight makes it much simpler to use. Find out why elite defenders have used the evidence Zeek produces to accelerate their investigations, amplify their threat hunting capabilities, speed up analytics and more in this short intro.
Aug 3, 2021   |  By Corelight
Security teams can save up to 10x the packet retention period at 50% the cost compared to full packet capture! Sounds too good to be true, right? It’s not! With powerful, yet easy-to-use pcap levers we let security teams capture just the packets needed for investigations, and correlate them with our alerts and logs, and make packets 1-click retrievable. With Smart PCAP you get months, not days' worth of packet visibility.
Jul 30, 2021   |  By Corelight
Attackers often hide their command and control (C2) activity using techniques like encryption, tunneling in noisy traffic like DNS, or domain generation algorithms to evade blacklists. Reliably spotting C2 traffic requires a comprehensive network security monitoring capability like open source Zeek that transforms packets into connection-linked protocol logs that let analysts make fast sense of traffic. Corelight’s commercial NDR solutions generate this Zeek network evidence and also provide dozens of proprietary C2 insights and detections.
Jul 30, 2021   |  By Corelight
In the SANS 2021 Top New Attacks and Threat Report, John Pescatore provides insight into the threats highlighted during the SANS panel discussion at the 2021 RSA Conference. This webcast will include practical advice from the paper, including insights from SANS instructors Ed Skoudis, Heather Mahalik, Johannes Ullrich, and Katie Nickels on the critical skills, processes and controls needed to protect their enterprises from these advanced attacks.

Corelight gives you the high ground—a commanding view of your network that lets you outsmart and outlast adversaries.

From the Acropolis to the edge of space, defenders have sought the high ground in order to see farther and turn back attacks. Corelight delivers a commanding view of your network so you can outsmart and outlast adversaries. We capture, interpret, and connect the data that means everything to defenders.

Corelight gives apex defenders the information and tools they need to successfully detect and respond to threats. Corelight is built on Zeek, an open-source, global standard technology. Zeek provides rich, structured, security-relevant data to your entire SOC, making everyone from Tier 1 analysts to seasoned threat hunters far more effective.

The Open NDR Platform:

  • Suricata: Suricata generates alerts that we embed directly into Zeek logs, putting every detection intocontext to save time, cut alert backlogs, and improve analytics.
  • Zeek: The Zeek open source network security monitor generates lightweight metadata and detections to enable threat hunting and speed incident response.
  • Smart PCAP: Smart PCAP links logs, extracted files, and insights with just the packets you need, to reduce storage costs while expanding retention times by a factor of 10.

Faster investigations, more effective threat hunts with the world's best network evidence.