By Richard Bejtlich, Principal Security Strategist, Corelight Over the last six months, we’ve read in the security press about a variety of managed service providers (MSPs) being compromised by nation-state and criminal actors. Some e ... Read more »
Richard Bejtlich
Do you know your NSM data types?
By Richard Bejtlich, Principal Security Strategist, Corelight When I first began writing about network security monitoring in 2002, I based my understanding on my experience in the Air Force Computer Emergency Response Team (AFCERT) and the tools ... Read more »
Is IPS a feature or a product?
By Richard Bejtlich, Principal Security Strategist, Corelight This post is a departure from previous editions. It is inspired by discussions I’ve had recently with a few different online and in-person communities. I will present my view on the t ... Read more »
First, Do No Harm
By Richard Bejtlich, Principal Security Strategist, Corelight When we hear the phrase “first, do no harm,” most of us think of the Hippocratic Oath and its guidance for physicians. I was surprised to learn that the phrase as translated does no ... Read more »
Examining aspects of encrypted traffic through Zeek logs
By Richard Bejtlich, Principal Security Strategist, Corelight In my last post I introduced the idea that analysis of encrypted HTTP traffic requires different analytical models. If you wish to preserve the encryption (and not inspect it via a ... Read more »