Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Enhance your search experience within Splunk by using the Corelight App

The Corelight App for Splunk provides the foundation for organizations to boost SOC effectiveness and productivity by using Corelight data in Splunk. In this blog, I’ll walk through how the Corelight App leverages Splunk’s Common Information Model (CIM) to enhance users' search experience when they are using Corelight data.

The Importance of NDR Detection-in-Depth

Detection engineering has evolved into an art, contributing to the success rates of endpoint and network detection and response tooling capabilities. Used to effectively counter the increasing complexity of today’s cyber threat actors, high-fidelity detections can help an organization discover threats earlier, neutralizing them before further damage can occur.

Detection Engineering Explained

Safeguarding an organization’s virtual realms has never been more important. Today, connectivity and data are the new currency. Yet, as technology advances, so do the malicious actors and their methods, constantly devising more unique and covert ways to breach defenses. Herein lies the role of detection engineering. Acting as the digital watchtower for organizations, detection engineering responds to known threats and continuously scans the horizon for the slightest hint of a potential breach.

Best practices for creating custom detection rules with Datadog Cloud SIEM

In Part 1 of this series, we talked about some challenges with building sufficient coverage for detecting security threats. We also discussed how telemetry sources like logs are invaluable for detecting potential threats to your environment because they provide crucial details about who is accessing service resources, why they are accessing them, and whether any changes have been made.

Cyber Threat Modelling

Do you model Cyber Threats, depict likely attack scenarios via Attack Trees and provide those findings back in a succinct manner to those responsible for the risk(s)? Surely that’s for the proviso of large companies, with big budgets and oodles of staff? I hear you say… Perhaps, but any organisation large or small can start to model their Cyber Threats. Why?

Using Corelight to Identify Ransomware Blast Radius

Over the past few months, ransomware targeting healthcare organizations has been on the rise. While ransomware is nothing new, targeting healthcare organizations, at the extreme, can impact an organization’s ability to engage in anything from routine office visits to life-or-death diagnoses, treatments, and patient care.

Shira Rubinoff at Blackhat with Israel Mazin, CEO and Chairman of Memcyco

Amidst the electric atmosphere of the Black Hat conference, where cybersecurity luminaries converge to explore cutting-edge innovations, a spotlight shone on Memcyco's CEO, Israel Mazin. In a recent interview captured on film, Israel Mazin engaged in a dialogue with tech influencer and member of our advisory board, Shira Rubinoff. Together, they delved deep into Memcyco's paradigm-shifting product solutions that are challenging the status quo of the threat intelligence landscape.

How Can Kill Webs Change Security Thinking?

In my previous article, I proposed ways that modern network-derived evidence applies to the cyber kill chain—a concept created by Eric Hutchins, Michael Cloppert, and Rohan Amin that changed how security teams approach defending their digital assets. This article focuses on an evolved, non-linear version of the kill chain called the “kill web.”

Featured Post

You Can't Win: Learning to Live with Security Pessimism

Cybersecurity can, at times, feel like a thankless and invisible task. The punishment for a mistake is immediate and ruthless, the reward for success next to non-existent, because how do you recognise the absence of a breach? But this isn't a new scenario; the IT industry has dealt with this outlook for decades. The job of an IT department is to be invisible, but when something does go wrong all eyes are inevitably on them to fix it.

Black Hat NOC USA 2023: A tale of sharp needles in a stack of dull needles

During Black Hat 2023 in Las Vegas, our Corelight team worked effectively and speedily with our first-rate Black Hat NOC partners Arista, Cisco, Lumen, NetWitness and Palo Alto Networks. I was fortunate enough to be a member of the NOC team at the show, helping to defend the Black Hat network. In this blog, I’ll share my experience within the Network Operations Center (NOC) as well as an incident that we detected, investigated, triaged, and closed using Corelight’s Open NDR Platform.