By Richard Bejtlich, Principal Security Strategist, Corelight Introduction I’ve written previously about Corelight data and encryption. I wanted to know how TLS 1.3 would appear in Corelight data, and compare the same network conversation over c ... Read more »
Richard Bejtlich
How to use Corelight and Zeek logs to mitigate RDS/RDP vulnerabilities
By Richard Bejtlich, Principal Security Strategist, Corelight Introduction On May 14 Microsoft released patches for, and details about, a remote code execution vulnerability in Remote Desktop Services (RDS), the graphical interactive desktop ... Read more »
Network Security Monitoring, a requirement for Managed Service Providers?
By Richard Bejtlich, Principal Security Strategist, Corelight Over the last six months, we’ve read in the security press about a variety of managed service providers (MSPs) being compromised by nation-state and criminal actors. Some e ... Read more »
Do you know your NSM data types?
By Richard Bejtlich, Principal Security Strategist, Corelight When I first began writing about network security monitoring in 2002, I based my understanding on my experience in the Air Force Computer Emergency Response Team (AFCERT) and the tools ... Read more »
Is IPS a feature or a product?
By Richard Bejtlich, Principal Security Strategist, Corelight This post is a departure from previous editions. It is inspired by discussions I’ve had recently with a few different online and in-person communities. I will present my view on the t ... Read more »