Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Corelight

Strengthening modern detection with Open NDR and integrated threat intelligence

Jun 26, 2026 By Allen Marin In Corelight
Adversaries are evolving faster than defenders can respond, and they're weaponizing AI to accelerate their attacks. We’ve seen “living-off-the-land”, lateral movement, and the abuse of legitimate administrator tools enable hackers to hide in plain sight, diluting the effectiveness of traditional detection methods. Meanwhile, defenders are nervously trying to keep up with the accelerating pace of AI-empowered threats hitting them at machine speed.
Read Post

Episode 17 - Home Labs and Tinted Windows: Why Network Visibility Starts at Your Front Door

Jun 22, 2026 By Corelight In Corelight
In this episode, host Richard Bejtlich and guest Ricky Lin explore the practical—and often personal—side of network defense: monitoring the home network. Ricky shares how he uses Corelight and Zeek to track everything from his children's YouTube habits to the constant chatter of IoT devices like Tesla vehicles and smart appliances. They delve into the "tinted windows" analogy to explain why visibility into encrypted traffic is still possible through network metadata, even when the contents are hidden.
View Video

Performance and Asset Visibility Walkthrough

Jun 17, 2026 By Corelight In Corelight
Network security depends on clear visibility across every digital asset. This detailed walkthrough covers Corelight's new Network Performance and Asset Classification logs. You will learn about these two logs, how to configure them, and how to use them during cyber investigations. Network Performance and Asset Visibility logs are available as part of the Sensor v29.1 general availability release to customers with Sensor and Investigator Bundle licenses.
View Video

Performance and Asset Visibility Demo

Jun 17, 2026 By Corelight In Corelight
Network security depends on clear visibility across every digital asset. In this brief demo, we will see how Corelight's new Network Performance and Asset Classification logs can be referenced when doing a threat hunt. You will learn about the logs and what information they contain. Network Performance and Asset Visibility logs are available as part of the Sensor v29.1 general availability release to customers with Sensor and Investigator Bundle licenses.
View Video
Corelight

Corelight Sensor v29.1 release highlights: Network evidence powers network operations

Jun 17, 2026 By Cynthia Gonzalez In Corelight
Corelight Sensor v29.1 and Fleet Manager v29.1.1 fundamentally expand what a Corelight Sensor delivers. The release turns existing network evidence into a shared source of truth for SecOps, NetOps, triage, and forensic investigation. Network performance monitoring and asset classification unlock new value from traffic you're already collecting.
Read Post
Corelight

Extending the value of network evidence: Introducing Performance and Asset Visibility

Jun 17, 2026 By Tyler Hill In Corelight
Every packet flowing through a Corelight sensor contains both security-relevant data and performance-relevant data. Until now, Corelight has focused exclusively on extracting security value from network traffic: connection logs, protocol analysis, and threat detections. But the same traffic that reveals lateral movement also reveals TCP latency. The same DNS queries that surface potential C2 channels also reveal resolution timing.
Read Post
Corelight

Black Hat Asia 2026: Everything from cat feeders to solar farms

Jun 10, 2026 By Ben Reardon In Corelight
There is a saying you will hear from veterans in the Black Hat Network Operations Center (NOC): “Threat hunting on the Black Hat network is like trying to find a needle in a stack of needles." With dozens of training classes running live exploit chains, capture-the-flag traffic, and researchers probing every corner of the internet, our Corelight sensors generate a rich set of Zeek logs, many of which can look suspicious in varying degrees.
Read Post
Corelight

The North Korean IT worker scam: Defending against the modern insider threat

Jun 8, 2026 By Tim Chiu In Corelight
The threat is coming from inside the organization. It is coming from a laptop farm three states over, routed through a proxy, and operated by a threat actor sitting on the other side of the globe. We are witnessing a massive shift in how adversaries breach organizations. They no longer need to spend weeks probing your external firewalls or crafting the perfect zero-day exploit. Instead, they simply update their resumes, pass your interview process, and your IT department ships them a corporate device.
Read Post

Episode 16 - Beyond the Black Box: Solving Data Overload with Agentic Triage

Jun 4, 2026 By Corelight In Corelight
In this episode, host Richard Bejtlich sits down with Dave Getman to discuss the evolution of Corelight Investigator and the paradigm shift from delivering raw sensor data to providing agentic triage. They explore how AI can synthesize millions of log lines into concise, actionable determinations—categorizing activity as malicious or benign—while maintaining transparency by "bringing the receipts" of raw evidence. Dave explains why the security pendulum is swinging back toward network detection to counter sophisticated EDR evasion and shares a roadmap for the future of auto-containment.
View Video
Corelight

Identity in the SOC: Why network visibility still matters in the age of the identity perimeter

Jun 4, 2026 By Richard Petrie In Corelight
Long gone are the days where usernames were all you needed to secure a network. The same is true for your Security Operations Center (SOC) analysts trying to investigate a threat. "Who is jdoe05 and why are they logging into this server?" is a critical question to answer during an investigation, one that neither NDR (Network Detection and Response) nor EDR (Endpoint Detection and Response) can answer directly. Enter the Identity Provider (IdP).
Read Post

Provably better data

Jun 3, 2026 By Corelight In Corelight
Every security vendor says their data is better. Corelight decided to test that claim directly. Using real nation-state attack scenarios, including Salt Typhoon-related activity, the same AI model was evaluated against multiple security data sources to measure investigation accuracy, threat visibility, and incident response coverage. The only variable was the data.
View Video
Corelight

Bridging the gap: How Corelight and Crowdstrike Charlotte AI are redefining SOC investigations

Jun 3, 2026 By Adam Pumphrey In Corelight
For years, SOC analysts have lived in a world of swivel-chair analysis. When an alert fires in an endpoint tool, the next step is almost always a manual pivot to a network console to see if the network reality matches the host behavior. This manual back-and-forth isn't just tiring; it’s a window of opportunity for attackers. Corelight is excited to highlight a new integration with CrowdStrike Charlotte AI.
Read Post
Corelight

Corelight Brings Network Data to Cisco Cloud Control | Corelight

Jun 2, 2026 By Corelight In Corelight
Corelight, a leader in fueling the AI SOC, today announced that it is providing industry-leading data to power AI investigations of emerging threats through an integration of Corelight Open NDR into Cloud Control Studio. Cloud Control Studio is the design space within Cisco Cloud Control, Cisco’s unified platform for agentic IT operations, where customers can build AI agents and connect them to non-Cisco tools.
Read Post

Copyright © 2026 OpsMatters™. All rights reserved.