A Network Engineer in a Zeek Week World

By Sarah Banks, Senior Director of Product Management, Corelight With almost two decades of networking experience, I recently made my first foray into a security-centric user conference at Zeek Week, an annual conference for the user community of the open source network security monitoring platform known as Zeek (formerly Bro) held last month in Seattle. […]

Using Corelight To Monitor and Identify Exploited VPNs

By Richard Bejtlich, Principal Security Strategist, Corelight Network and security infrastructure, such as routers, switches, firewalls, virtual private network concentrators, and other equipment, are designed to provide a stable and secure communications experience for client and server computers and their users. Many of us take these devices for granted, expecting that once properly configured they […]

The Sun Sets on TLS 1.0

By Johanna Amann, Software Engineer, Corelight Editor’s note: This post is the result of the author’s work at the International Computer Science Institute where she works as a senior researcher. In the last months, the major web browsers (Safari, Firefox, Edge, Chrome) announced their intent to disable support for TLS 1.0 and TLS 1.1 in […]

Profiling Whonix

By Richard Bejtlich, Principal Security Strategist, Corelight Introduction This week I read a story announcing that the latest edition of Whonix had been released. I had heard of Whonix, but had never tried it. I knew it was a Linux distribution that tried to make it as easy and safe as possible to anonymize online […]

Investigating the Effects of TLS 1.3 on Corelight Logs, Part 3

By Richard Bejtlich, Principal Security Strategist, Corelight Introduction Welcome to part 3 of my three-part series on TLS. In the previous two articles I briefly introduced TLS, and showed how Corelight would produce logs for a clear-text HTTP session. I then performed the same transaction using TLS 1.2, and compared the logs with those seen […]

Investigating the Effects of TLS 1.3 on Corelight Logs, Part 2

By Richard Bejtlich, Principal Security Strategist, Corelight Introduction Welcome to part 2 of my three-part series on TLS. In the previous article I briefly introduced TLS, and showed how Corelight would produce logs for a clear-text HTTP session. In this article I will perform the same transaction using TLS 1.2, and compare the logs with […]

Investigating the Effects of TLS 1.3 on Corelight Logs, Part 1

By Richard Bejtlich, Principal Security Strategist, Corelight Introduction I’ve written previously about Corelight data and encryption. I wanted to know how TLS 1.3 would appear in Corelight data, and compare the same network conversation over clear-text HTTP, TLS 1.2, and TLS 1.3. In this first of three parts, I will introduce TLS and demonstrate a […]

How we decide what Bro capabilities to include in our Sensor

By Seth Hall, Co-Founder & Chief Evangelist at Corelight We started Corelight to bring the power of Bro network monitoring to an audience that is interested in security, stability, and long-term sustainability. Even though we created and built Bro over the last 20 years, when we developed our commercial product we made some design decisions […]

Securing the Corelight Sensor

By Steve Smoot, VP Customer Success @ Corelight Have you ever considered how security tools can be a source of risk? They process untrusted data 24/7, have access to sensitive flows, and (like everything on the Internet) can be exploited if not patched regularly.   At Corelight, we want our products to be a source […]