The Evidence: February 2025

?? Have you heard?

• Understand and detect MITRE Caldera with Zeek?
• It’s Typhoon Season: Attackers are deliberately evading EDR. What can you do about it?
• Why NDR is essential to protecting your cloud workloads
• Corelight and Microsoft: A smarter way to fight alert fatigue
• Corelight named to CRN's 2025 Security 100

5X faster queries and 7:1 log consolidation with Corelight's data aggregation capability

To help solve the problem of excessive network log volume, Corelight just released a data aggregation capability for all our sensors that summarizes network logs while retaining critical security insights. Adding data aggregation to the Corelight Open NDR platform with YARA enables security teams to realize a 50-80% reduction in log volume, resulting in faster, more efficient searches and threat hunting without experiencing large SIEM costs.

Corelight and Microsoft: A smarter way to fight alert fatigue

For SOC teams, the battle against cyber threats can feel like trying to solve a 3D jigsaw puzzle in a bouncy house and with a timer blasting every few seconds. Despite the increase in security spending, most teams still struggle with inefficient investigations, alert fatigue, and the non-stop guessing game of prioritizing threats. That’s why we’re excited about our latest integration with Microsoft Security that we hope will help address these persistently common challenges.

With this meaningful integration, Corelight and 微软 are providing the insight needed to simplify investigations, cut down on alert fatigue, and help keep your enterprise safe — all while reducing the dreaded swivel-chair SOC syndrome. What’s more, extending our Defender integration with Microsoft Sentinel and Security Copilot can simplify time-consuming SOC workflows with powerful AI.

Corelight launches AI-powered NDR SaaS Platform on AWS Middle East that ensures data residency, sovereignty, and compliance

By hosting the instance on Amazon Web Services (AWS) Middle East, organizations can benefit from local data sovereignty and reduced operational costs with the best performance and scalability. Join Alissar Abdin , Business Development Representative, for a quick digest on how our NDR SaaS Platform will help organizations.

Thrown in the deep end: My first time hunting in the Black Hat NOC

Working in the Network Operations Center at Black Hat is an educational experience for everyone — even for seasoned professionals like Corelight’s Matthew Ellison . Wearing a threat hunting cap at Black Hat London in December 2024, Matt took a crash course in how Corelight’s NDR and other elite tools help elite defenders cut through the noise and undertake investigations that get results. Find out what he learned from Corelighters and other threat hunting veterans he served with in the NOC.?

Adventures in monitoring a hostile network: Black Hat Europe 2024

Black Hat attendees often like to pentest the conference network, and a few unwittingly bring along devices configured to allow all sorts of unsafe and unencrypted traffic. It’s all in a day’s work for Corelight’s Mark Overholser and other Black Hat NOC staffers. He shares discoveries from his service at Black Hat Europe that piqued the same instincts he honed blue teaming for corporate networks, and shows how Corelight’s Open NDR expedites the investigation into questions raised by intentional and unintentional security events.?

[On-demand webinar] Beyond the logs: Advanced threat hunting with Corelight and Splunk

In today’s dynamic threat landscape, visibility across network traffic is the key to detecting, investigating, and responding to sophisticated attacks. Join us for an in-depth webinar where we’ll explore how the power of Corelight Open NDR integrated with Splunk can help security teams stay ahead of advanced threats.

?We’ll dive into best practices for combining Corelight’s high-fidelity network data with Splunk’s analytic capabilities, which can create a comprehensive approach to threat hunting. Learn how to detect hidden malicious activities, accelerate investigations, and build proactive defense strategies through real-world use cases and actionable insights.

[Webinar] Integrating ML analysis with Zeek

This presentation will delve into Zeek’s capabilities to forward event data to non-Zeek processes, like Python applications or locally deployed sidecars, for immediate AI/ML inference. You’ll learn how this ?feature reduces metadata volume and avoids the labor-intensive log generation and ingestion cycle, and how it can deliver more efficient workflows, faster threat detection, and a proactive cybersecurity stance that’s applicable even in air-gapped settings. We will discuss the practical integration of Zeek with AI/ML, its ease of implementation, and the potential impact on future security strategies.

How YARA rules can complement NDR for malware detection

NDR with YARA closes a visibility gap by inspecting files at the network level and scanning for known malware families. YARA rules can also help detect emerging malware or advanced persistent threats (APTs), enhancing security posture and reducing the risk of an attack for organizations that choose to adopt these two technologies. Find out how NDR with YARA can help security teams detect attackers at break-in, and pick up their trail through the network after a successful breach.

Second Front Podcast: 84. Bernard Brantley, CISO at Corelight || Ex-Amazon, Microsoft

In this episode of All Quiet, Corelight CISO Bernard Brantley joins Tyler Sweatt to delve into the interplay between rapid technological development and robust security practices. You’ll discover how Bernard’s approaches at Amazon for balancing innovation with stringent security are being modeled and applied across the tech industry. The conversation also explores AI’s critical role in modern security measures, highlights real-life success stories, and lays out practical advice derived from Bernard’s extensive experience in the field.

Brian Dye on Network Detection and Response (NDR) with Corelight

In this episode of Exploring Information Security, host Timothy De Block sits down with Corelight’s CEO Brian Dye to discuss the evolution of cybersecurity, the importance of Network Detection and Response (NDR), and the challenges modern organizations face while securing their networks. Brian also shares how Corelight leverages open-source technologies and data to provide advanced threat detection and forensics.

Cloud security evolution: Threat response steps up

There has been a seismic cloud revolution since 2020. But how have the threat landscape and response kept pace? Vijit Nair of Corelight opens up on the tools and teams needed to help cloud security programs evolve to match cloud-era threats and adversaries.

In this video interview with Information Security Media Group, Vigit also discusses:

?? The state of the cloud revolution

??Where enterprises are least prepared to respond to cloud threats

?? Where enterprises must grow in terms of teams and tools.

Ransomware is changing: How we respond to It should change, too

Even if you're in the middle of a ransomware attack, you have a path forward. Corelight CISO Bernard Brantley’s post in Forbes Technology Council explains how a methodical approach can optimize organizations’ incident response without cutting corners. Bernard argues that by expanding the definition and understanding of ransomware response, you can better manage the risk of future incidents and improve the overall hygiene of your company.

Additional Resources

• Why Open NDR?
• Corelight Blog
• Resource Center
• About Corelight
• Stay connected—join our mailing list!