By Richard Bejtlich, Principal Security Strategist, Corelight When we hear the phrase “first, do no harm,” most of us think of the Hippocratic Oath and its guidance for physicians. I was surprised to learn that the phrase as translated does not actually appear in the Greek, and that the origins are more modern, dating from the […]
Tag Archives: NSM
Astronomers and Chemists
By Brian Dye, Chief Product Officer, Corelight Scale is a great word, because its meaning is truly in the eye of the beholder. To an astronomer, it might mean millions of light years. To a chemist, nanometers. In the network security monitoring (NSM) world, Corelight is enabling scale in two different senses of the word: management […]
Examining aspects of encrypted traffic through Zeek logs
By Richard Bejtlich, Principal Security Strategist, Corelight In my last post I introduced the idea that analysis of encrypted HTTP traffic requires different analytical models. If you wish to preserve the encryption (and not inspect it via a middlebox), you have to abandon direct inspection of HTTP payloads to identify normal, malicious, and suspicious activity. […]
Network security monitoring is dead, and encryption killed it.
By Richard Bejtlich, Principal Security Strategist, Corelight This post is part of a multi-part series on encryption and network security monitoring. This post covers a brief history of encryption on the web and investigates the security analysis challenges that have developed as a result. I’ve been hearing this message since the late-2000s, and wrote a […]
Monitoring. Why Bother?
By Richard Bejtlich, Principal Security Strategist, Corelight In response to my previous article in this blog series, some readers asked “why monitor the network at all?” This question really struck me, as it relates to a core assumption of mine. In this post I will offer a few reasons why network owners have a responsibility […]
Network Security Monitoring: Your best next move
By Richard Bejtlich, Principal Security Strategist, Corelight Welcome to the first in a regular series of blog posts on network security monitoring (NSM). In 2002 Bamm Visscher and I defined NSM as “the collection, analysis, and escalation of indications and warnings to detect and respond to intrusions.” We were inspired by our work in the […]
Network security monitoring vs supply chain backdoors
By Richard Bejtlich, Principal Security Strategist, Corelight On October 4, 2018, Bloomberg published a story titled “The Big Hack: How China Used a Tiny Chip to Infiltrate U.S. Companies,” with a subtitle “The attack by Chinese spies reached almost 30 U.S. companies, including Amazon and Apple, by compromising America’s technology supply chain, according to extensive […]
Twenty years of network security monitoring: from the AFCERT to Corelight
By Richard Bejtlich, Principal Security Strategist, Corelight I am really fired up to join Corelight. I’ve had to keep my involvement with the team a secret since officially starting on July 20th. Why was I so excited about this company? Let me step backwards to help explain my present situation, and forecast the future. Twenty […]