Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Corelight reconnects visibility across the entire AWS cloud environment

Today, we are pleased to announce the launch of Corelight’s new AWS Flow Monitoring Sensor, a new addition to Corelight’s flow monitoring capabilities. This new sensor was purpose-built to address the longstanding visibility challenges that have frustrated security teams running their most critical workloads in AWS. AWS provides one of the world’s most popular cloud platforms, hosting applications and sensitive data for some of the largest organizations.

It all comes down to the data: unlocking the potential of AI in the SOC

This is a fascinating moment. Whether you think Generative AI is over-hyped or not, our technology landscape has been shocked by capabilities we couldn’t imagine a few years ago. And I do mean shocked. What’s underway is too rapid and uncanny to describe in terms of evolution. We are living through something different.

CTEM Solutions Explained How to Build a Stack

Vulnerability numbers are spiraling. Compliance checklists and point scans cannot keep pace. Continuous Threat Exposure Management (CTEM) provides security leaders with a practical approach to identify and mitigate real attack paths in real-time. This article explains what CTEM is, the solutions that enable it, and how to build a stack that actually shrinks exposure instead of counting it. CTEM solves the eternal problem of vulnerability management (too many vulnerabilities to ever fix) with a continuous program to find, validate, and reduce exposures before adversaries can use them.

Detecting EDR Evasion with Corelight Open NDR

This video walks through how Corelight Open NDR helps security teams detect EDR evasion by delivering complete visibility across all network assets. Using a real-world scenario, the video demonstrates how anomaly detection uncovers suspicious activity, mapping events directly to MITRE ATT&CK techniques. The investigation process highlights the detection of an anomalous user agent, which ultimately reveals a Linux privilege escalation toolkit.

Hunting GTPDOOR: The case of the "Black Hat Positive"

Ben Reardon, Lead Researcher Corelight Labs / NOC crew I'm a researcher on the Labs team at Corelight and, for me, working in the Black Hat Network Operations Center (NOC) at the USA show in Las Vegas is up there as one of the most interesting and intense activities on the calendar.

The Network Detection & Response (NDR) platform trusted by top cybersecurity teams

Proven in the world’s most demanding environments, Corelight’s Open NDR Platform illuminates network blind spots and uncovers hidden threats to disrupt attacks before they escalate. Get unified visibility, multi-layered AI-driven threat detections, AI-powered triage workflows, and industry-leading forensic capabilities in one unified platform. Elite defense, now within reach of the enterprise.

How Does Fidelis NDR Use Machine Learning to Detect Threats Earlier and Respond Faster?

You face more signals than your SOC can triage and more lateral movement than your legacy rules can see. Signature-only controls miss new techniques, while manual triage slows response. The gap between “alert created” and “incident contained” widens when you can’t separate real risk from noise. Adversaries exploit encrypted channels, low-and-slow exfiltration, and living-off-the-land tools that look like normal activity. Missed weak signals become major incidents.

Real-Time & Historical Threat Detection with Datadog Cloud SIEM

See how Datadog’s Cloud SIEM empowers security teams with powerful, real-time and retrospective detection capabilities. In this demo, we walk through: Datadog Cloud SIEM gives your SOC high-context, actionable security signals—out of the box and fully customizable—helping you detect, investigate, and respond to threats faster.