Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Corelight delivers data aggregation to reduce SIEM ingest by 50-80% compared to legacy network security monitoring tools

According to Forrester Research, “How do we reduce our SIEM ingest costs?” is one of the top inquiries they receive from clients. Many security organizations rely on SIEMs for their detection, investigation, and response workflows, ingesting critical security information and events to detect and respond to threats.

The Ultimate Guide to Sigma Rules

In cybersecurity as in sports, teamwork makes the dream work. In a world where security analysts can feel constantly bombarded by threat actors, banding together to share information and strategies is increasingly important. Over the last few years, security operations center (SOC) analysts started sharing open source Sigma rules to create and share detections that help them level the playing field.

Understand and detect MITRE Caldera with Zeek

MITRE’s Caldera is a cybersecurity platform developed to simulate adversarial tactics, techniques, and procedures (TTPs). Built upon the MITRE ATT&CK framework, Caldera is an open-source tool designed to help cybersecurity professionals and organizations assess their defenses, uncover vulnerabilities, and enhance their overall security posture. By emulating real-world cyber threats, Caldera enables blue teams to test detection and response mechanisms under realistic conditions.

Best Practices for Securing Web Applications Against Modern Threats

Application programming interfaces (APIs) are critical in modern software development. APIs define rules and protocols that enable applications to communicate and share data with other systems. This communication enables developers to leverage the functionality of existing applications rather than recreating those functions and services from scratch. As a result, APIs accelerate software development and enable innovation, collaboration, and automation.

Top 5 Strategies to Reduce Dwell Time with XDR: Accelerating Threat Detection and Response

Cyber adversaries operate with one goal in mind—stealth. The longer they go undetected in an environment, the more damage they can cause. Dwell time is the total amount of time that a threat remains unnoticed in a system, from initial compromise to discovery. According to the most recent threat reports, the average dwell time for undetected breaches has reduced but remains at 10-15 days, providing attackers enough time to exfiltrate data, launch ransomware, or establish persistent access.

Adventures in monitoring a hostile network: Black Hat Europe 2024

Working in the network operating center (NOC) at Black Hat Europe, we’re never quite sure what we’re going to see. The anxiousness I feel there is similar to what I’d experience when I was blue-teaming for a corporate network. I could prepare all I wanted, read all the blogs about the current threat trends people and companies were tracking on the Internet, and review all the red team and vulnerability scanner reports to identify likely targets.