By Richard Bejtlich, Principal Security Strategist, Corelight This post contains a warning and a solution for anyone using BPF syntax when filtering traffic for network security monitoring. Introduction I have been writing material for ... Read more »
Network Security Monitoring
Network Security Monitoring data: Types I, II, and III
By Richard Bejtlich, Principal Security Strategist, Corelight Some critics claim that ever growing encryption renders network security monitoring useless. This opinion is based on a dated understanding of the types and values of data collected and ... Read more »
DNS over TLS and DNS over HTTPS
By Jamie Brim, Corelight Security Researcher In this post, we'll explore DNS over TLS (DoT) and DNS over HTTPS (DoH). DoT and DoH were invented to address privacy concerns associated with cleartext DNS requests. By encrypting the DNS ... Read more »
Chocolate and peanut butter, Zeek and Suricata
By Brian Dye, Chief Product Officer, Corelight Some things just go well together. A privilege of working with very sophisticated defenders in the open source community is seeing the design patterns they use to secure their organizations - ... Read more »
The light shines even brighter: Updates to Corelight’s Encrypted Traffic Collection
By Vince Stoffer, Senior Director, Product Management, Corelight With Corelight’s latest software release, v19, we are excited to announce the expansion of our Encrypted Traffic Collection (ETC). The ETC was introduced in late 2019, but as a ... Read more »