Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Identity in the SOC: Why network visibility still matters in the age of the identity perimeter

Long gone are the days where usernames were all you needed to secure a network. The same is true for your Security Operations Center (SOC) analysts trying to investigate a threat. "Who is jdoe05 and why are they logging into this server?" is a critical question to answer during an investigation, one that neither NDR (Network Detection and Response) nor EDR (Endpoint Detection and Response) can answer directly. Enter the Identity Provider (IdP).

Provably better data

Every security vendor says their data is better. Corelight decided to test that claim directly. Using real nation-state attack scenarios, including Salt Typhoon-related activity, the same AI model was evaluated against multiple security data sources to measure investigation accuracy, threat visibility, and incident response coverage. The only variable was the data.

Bridging the gap: How Corelight and Crowdstrike Charlotte AI are redefining SOC investigations

For years, SOC analysts have lived in a world of swivel-chair analysis. When an alert fires in an endpoint tool, the next step is almost always a manual pivot to a network console to see if the network reality matches the host behavior. This manual back-and-forth isn't just tiring; it’s a window of opportunity for attackers. Corelight is excited to highlight a new integration with CrowdStrike Charlotte AI.

Aurora Mobile Threat Defense - Addressing Your HighestTrusted, Least Protected Endpoints

Mobile devices are becoming the highest‑trusted endpoints that are the least protected. They approve logins. They hold authentication apps. They carry email, collaboration, and business applications. And they travel everywhere your workforce travels: across corporate networks, home Wi‑Fi, airports, hotels, and cafés. That combination (high trust plus constant movement) is why mobile has become such a reliable entry point for credential theft and account takeover.

Corelight Brings Network Data to Cisco Cloud Control | Corelight

Corelight, a leader in fueling the AI SOC, today announced that it is providing industry-leading data to power AI investigations of emerging threats through an integration of Corelight Open NDR into Cloud Control Studio. Cloud Control Studio is the design space within Cisco Cloud Control, Cisco’s unified platform for agentic IT operations, where customers can build AI agents and connect them to non-Cisco tools.

How BlueVoyant's ASIM-First Strategy Simplifies Threat Detection in Microsoft Sentinel

Earlier this year, BlueVoyant adopted a new detection strategy built on the Advanced Security Information Model (ASIM). For those unfamiliar, ASIM is Microsoft's normalisation layer that standardises log data across products into consistent schemas. Our approach is simple: The result? Dramatically faster use case development and cleaner, more maintainable detection logic.

Why Your Detection Latency Budget Determines Blast Radius

Most teams buy detection on a single number. The datasheet says “millisecond detection,” the proof-of-concept fires the instant a test payload lands, and the box gets checked. Then a real AI agent incident runs in production, and the postmortem shows the attack completed its objective well before anyone contained it, even though the alert, technically, fired in milliseconds. The number was real. It just measured the wrong thing.

Tool Call Analysis for AI Attack Detection: Reading What Rides Inside the Call

A compromised agent doesn’t make a single call it isn’t allowed to make. It queries a table it’s authorized to read, calls a tool it’s authorized to use, sends to a domain that’s on the allowlist. Every call is legal. The attack is in the values it passes, and your tool-call log records all of it as a clean day’s work. A tool call has two layers. Almost every tool you run reads the first one: the call itself: which tool, in what order, at what rate.