Don’t Delay – Corelight Today!

By Richard Bejtlich, Principal Security Strategist, Corelight Introduction Recently I heard that a company interested in Corelight was considering delaying their evaluation because of questions about SIEM technology. They currently have two SIEMs and are evaluating a third, possibly to replace the first two. They believed that they needed better clarity about SIEMs as a […]

What did I just see? Detection, Inference, and Identification

By Richard Bejtlich, Principal Security Strategist, Corelight In the course of my network security monitoring work at Corelight, I’ve encountered the terms  detection, inference, and identification. In this post I will examine what these terms mean, and how they can help you describe the work you do when investigating normal, suspicious, and malicious activity in […]

Profiling Whonix

By Richard Bejtlich, Principal Security Strategist, Corelight Introduction This week I read a story announcing that the latest edition of Whonix had been released. I had heard of Whonix, but had never tried it. I knew it was a Linux distribution that tried to make it as easy and safe as possible to anonymize online […]

Bring Network Security Monitoring to the Cloud with Corelight and Amazon VPC Traffic Mirroring

John Gamble, Director of Product Marketing, Corelight Corelight Sensors transform network traffic into comprehensive logs, extracted files, and custom insights via Zeek, a powerful, open-source network security monitoring framework used by thousands of organizations worldwide to accelerate incident response and unlock new threat hunting capabilities. While the sensors we’ve released to date have supported physical […]

Investigating the Effects of TLS 1.3 on Corelight Logs, Part 3

By Richard Bejtlich, Principal Security Strategist, Corelight Introduction Welcome to part 3 of my three-part series on TLS. In the previous two articles I briefly introduced TLS, and showed how Corelight would produce logs for a clear-text HTTP session. I then performed the same transaction using TLS 1.2, and compared the logs with those seen […]

Investigating the Effects of TLS 1.3 on Corelight Logs, Part 2

By Richard Bejtlich, Principal Security Strategist, Corelight Introduction Welcome to part 2 of my three-part series on TLS. In the previous article I briefly introduced TLS, and showed how Corelight would produce logs for a clear-text HTTP session. In this article I will perform the same transaction using TLS 1.2, and compare the logs with […]

Investigating the Effects of TLS 1.3 on Corelight Logs, Part 1

By Richard Bejtlich, Principal Security Strategist, Corelight Introduction I’ve written previously about Corelight data and encryption. I wanted to know how TLS 1.3 would appear in Corelight data, and compare the same network conversation over clear-text HTTP, TLS 1.2, and TLS 1.3. In this first of three parts, I will introduce TLS and demonstrate a […]

Network Security Monitoring, a Requirement for Managed Service Providers?

By Richard Bejtlich, Principal Security Strategist, Corelight Over the last six months, we’ve read in the security press about a variety of managed service providers (MSPs) being compromised by nation-state and criminal actors. Some examples: December 2018 – The United States Department of Justice indicted two individuals associated with APT10 for their role in compromising […]

Is IPS a feature or a product?

By Richard Bejtlich, Principal Security Strategist, Corelight This post is a departure from previous editions. It is inspired by discussions I’ve had recently with a few different online and in-person communities. I will present my view on the topic, but I’m more interested in hearing what readers think! I’ve had a few conversations during the […]

Corelight + Chronicle Backstory: Technology integration brings all the right data at the right time for customers

By Allen Male, Director of Strategic Alliances At the recent RSA Conference, Chronicle launched Backstory, a new security analytics platform, and we are pleased to share that Corelight is part of the Chronicle Index Partner program. Chronicle Backstory is a global platform designed to help enterprise customers analyze the massive amounts of security telemetry they generate […]