Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

It feels like the security world is caught in a recurring cycle. We see a spike in strange scanning activity, file it away as internet background noise, and then weeks later, a major zero-day exploit drops, targeting the very technology that was being scanned. The recent Cisco ASA vulnerabilities were a textbook example of this pattern. A September 4, 2025, report from GreyNoise highlighted a massive surge in scanning, with over 25,000 unique IPs probing Cisco ASA devices.

How do you find an adversary who lives where you can't easily look? A recent CISA advisory on the state-sponsored actor "Salt Typhoon" highlights this exact challenge. These actors aren't just breaking in; they're moving in. They persist on network edge devices like routers and firewalls—critical infrastructure that often sits outside the view of traditional endpoint security. From this vantage point, they capture traffic, steal credentials, and plan their next move.

We are proud to announce that Corelight has been recognized as a Leader in The Forrester Wave: Network Analysis And Visibility (NAV) Solutions, Q4 2025. We believe this recognition reflects our focused innovation and the expanding capabilities of our Open NDR platform.

Today, we are pleased to announce the launch of Corelight’s new AWS Flow Monitoring Sensor, a new addition to Corelight’s flow monitoring capabilities. This new sensor was purpose-built to address the longstanding visibility challenges that have frustrated security teams running their most critical workloads in AWS. AWS provides one of the world’s most popular cloud platforms, hosting applications and sensitive data for some of the largest organizations.

This is a fascinating moment. Whether you think Generative AI is over-hyped or not, our technology landscape has been shocked by capabilities we couldn’t imagine a few years ago. And I do mean shocked. What’s underway is too rapid and uncanny to describe in terms of evolution. We are living through something different.

Ben Reardon, Lead Researcher Corelight Labs / NOC crew I'm a researcher on the Labs team at Corelight and, for me, working in the Black Hat Network Operations Center (NOC) at the USA show in Las Vegas is up there as one of the most interesting and intense activities on the calendar.

I’ve been to several Black Hat conferences (seven in the last two and a half years, alone) to be a threat hunter in the Network Operations Center (NOC), so I didn’t expect to be surprised by much at this year’s Black Hat USA.

How AI can transform even Microsoft's own documentation to meet its style standards.

Corelight has been an innovator and leader in AI and Large Language Model (LLM) adoption for almost 2 years. We introduced our first use of LLMs in our Open NDR platform Investigator in November of 2023. Since then, we have continued to push the boundaries of the possible by working with AI model builders on cybersecurity-specific training and expanding LLM use within Investigator to include data analysis and summaries.

Corelight’s GenAI Accelerator Pack features the industry's first Model Context Protocol (MCP) server, specifically designed to facilitate easier access to detailed network data and alerts for cybersecurity AI agents and enhance the analysis of network security information. The announcement comes at a pivotal moment for cybersecurity.