By Richard Bejtlich, Principal Security Strategist, Corelight When we hear the phrase “first, do no harm,” most of us think of the Hippocratic Oath and its guidance for physicians. I was surprised to learn that the phrase as translated does no ... Read more
Richard Bejtlich
Examining aspects of encrypted traffic through Zeek logs
By Richard Bejtlich, Principal Security Strategist, Corelight In my last post I introduced the idea that analysis of encrypted HTTP traffic requires different analytical models. If you wish to preserve the encryption (and not inspect it via a ... Read more
Network security monitoring is dead, and encryption killed it.
By Richard Bejtlich, Principal Security Strategist, Corelight This post is part of a multi-part series on encryption and network security monitoring. This post covers a brief history of encryption on the web and investigates the security analysis ... Read more
Monitoring. Why Bother?
By Richard Bejtlich, Principal Security Strategist, Corelight In response to my previous article in this blog series, some readers asked “why monitor the network at all?” This question really struck me, as it relates to a core assumption of mine. In ... Read more
Network Security Monitoring: Your best next move
By Richard Bejtlich, Principal Security Strategist, Corelight Welcome to the first in a regular series of blog posts on network security monitoring (NSM). In 2002 Bamm Visscher and I defined NSM as “the collection, analysis, and escalation of i ... Read more