Collaborate Disseminate
By Christian Kreibich, Principal Engineer, Corelight The past few weeks have seen several developments around Community ID, our open standard for rendering network traffic flow tuples into a concise textual representation. I’d like to summarize them in… Continue reading Community ID support for Wireshark
By Christian Kreibich, Principal Engineer, Corelight The past few weeks have seen several developments around Community ID, our open standard for rendering network traffic flow tuples into a concise textual representation. I’d like to summarize them in… Continue reading Community ID support for Wireshark
When it comes to advancements in cybersecurity, rule-based systems are holding the industry back. Relying on humans to constantly input and label rules in order to detect and stay ahead of threats is a bottleneck process that is setting security teams … Continue reading 3 Reasons Why a Rule-Based Cybersecurity Platform Will Always Fail
By Roger Cheeks, US-East Sales Engineer, Corelight Corelight is a powerful network traffic analysis tool that enables network detection and response (NDR) for AWS Cloud workloads by receiving packets from an AWS Virtual Private Cloud (VPC) traffic mirr… Continue reading NDR for AWS Well-Architected
Most SIEM vendors acknowledge the value of network traffic data for leading indicators of attacks, anomaly detection, and user behavior analysis as being far more useful than log data. Ironically, network traffic data is often expressly excluded from S… Continue reading NTA and NDR: The Missing Piece
One of the most prevalent issues impacting the effectiveness of security teams who use SIEM as their primary means of threat detection and remediation is the fact that data logs are an attractive medium for modern hackers to exploit.
The post The Probl… Continue reading The Problem with Relying on Log Data for Cybersecurity
Traditional security vendors offering solutions like SIEM (Security Information and Event Management) are overpromising on analytics while also requiring massive spend on basic log storage, incremental analytics, maintenance costs, and supporting resou… Continue reading Guide: The Next Generation SOC Tool Stack – The Convergence of SIEM, NDR, and NTA
Traditional security vendors offering solutions like SIEM (Security Information and Event Management) are overpromising on analytics while also requiring massive spend on basic log storage, incremental analytics, maintenance costs, and supporting resou… Continue reading Guide: The Next Generation SOC Tool Stack – The Convergence of SIEM, NDR, and NTA
By Alex Kirk, Corelight Global Principal for Suricata Corelight recently teamed up with SOC Prime, creators of advanced cyber analytics platforms, to add support for the entire Zeek data set into Sigma, the only generic signature language that enables … Continue reading Zeek & Sigma: Fully Compatible for Cross-SIEM Detections
By Alex Kirk, Corelight Global Principal for Suricata Corelight recently teamed up with SOC Prime, creators of advanced cyber analytics platforms, to add support for the entire Zeek data set into Sigma, the only generic signature language that enables … Continue reading Zeek & Sigma: Fully Compatible for Cross-SIEM Detections