Corelight

SOC teams are under pressure to investigate more activity with greater speed and accuracy. As AI becomes part of those workflows, the quality of the underlying evidence matters more than ever. Join Corelight and Keysight Technologies for a discussion on precision data for the AI SOC and how leading organizations are approaching visibility, investigation, and automation. 📅 June 24, 2026 👉 Register now: https://t.co/vGWLVzZROS #Cybersecurity #AI #NetworkSecurity #SOC

What matters more: the AI model or the evidence? Corelight tested frontier models against realistic attack scenarios while changing only one variable: the network data available to the investigation. Across both threat hunting and incident response exercises, the results pointed to the same conclusion. Models were generally capable of reasoning over the evidence they had access to. The challenge was that lower-fidelity data left critical investigative questions unanswered. For defenders evaluating AI in the SOC, the quality of the evidence may matter more than the choice of model. 📖 Explore the findings: https://t.co/SNTr0QbuUS #Cybersecurity #ThreatHunting #SOC #NetworkSecurity

Not every meaningful investigation begins with a high-confidence alert. Sometimes it starts with curiosity. In this LinkedIn Live, Mark Overholser and Ben Werthmann revisit a real scenario from Black Hat Asia where suspicious credentials observed in network traffic led to a broader investigation into exposed access and operational risk. The discussion will focus on how defenders evaluate activity that may or may not matter, what context changes the investigation path, and why understanding behavior across the network often matters more than the original observation itself. 📍 Join in LIVE on June 16: https://t.co/jKiY0xnWd3 #Cybersecurity #NetworkSecurity #ThreatHunting #LinkedInLive

Some insider threats don't break into the environment... they get hired. In his latest blog, Tim Chiu explores how North Korean IT worker schemes are reshaping the insider threat landscape by operating with legitimate credentials, approved devices, and authorized access. When access appears legitimate, defenders need other signals to understand what's happening. That often means examining network behavior, lateral movement, and data access patterns that don't align with expected activity. 📖 Read the blog: https://t.co/jsAlYEZyjP #Cybersecurity #InsiderThreats #NetworkSecurity #ThreatDetection

What makes a security investigation reliable? Ask three practitioners and you'll likely get three different answers. Some start with hypotheses. Others focus on context. Others look for deviations that deserve a closer look. We sat down with Corelight threat hunters and practitioners to discuss how they approach investigations, evaluate evidence, and make decisions when the answer isn't immediately obvious. #ThreatHunting #Cybersecurity #NetworkSecurity

The Corelight Open NDR platform has achieved FedRAMP In Process for Class C (Moderate) Certification status on the FedRAMP Marketplace 🎉 This milestone marks an important step toward bringing cloud-based network detection and response to U.S. federal agencies operating some of the world’s most complex and mission-critical environments. As agencies modernize infrastructure and move more workloads to the cloud, network-level evidence becomes essential for detecting sophisticated threats, accelerating investigations, and supporting defensible security outcomes. Learn more: https://t.co/w4UWFynjdn #FedRAMP #Cybersecurity #NDR #NetworkSecurity #PublicSector

A password visible in plain text on conference Wi-Fi usually gets attention. What happens next is where the investigation actually begins. During the next Corelight LinkedIn Live, Mark Overholser and Ben Werthmann will break down a real-world investigation from Black Hat Asia, following how an unusual credential discovery evolved into a deeper analysis of exposure, protocol behavior, and operational risk. Rather than a polished walkthrough, the session focuses on how investigations develop in practice, including uncertainty, pivots, and validation steps defenders work through in real time. 📍 Live June 16: https://t.co/jKiY0xnWd3 #Cybersecurity #ThreatHunting #NetworkSecurity #LinkedInLive

AI can only investigate what it can see. In Corelight's latest research, frontier models consistently hit the same limitation: the quality of the evidence available to them. Using the same models, threat scenarios, and investigative tasks, AI answered 95% of CTF questions with Corelight data compared to 26% with NetFlow alone. The difference wasn't the model. It was the evidence. The findings have important implications for SOC teams evaluating AI-driven investigations and automation. 📖 Read the full report: https://t.co/wa2u5m9kKM #Cybersecurity #NDR #NetworkSecurity #SOC #AI

More than 30 years after its creation, Zeek continues to play a central role in how defenders understand activity across their networks. Join Vern Paxson, creator of Zeek (formerly Bro), for a look back at the project's journey from Lawrence Berkeley National Laboratory to becoming a foundational source of network evidence used by security teams around the world. Hosted by ISC2 East Bay Chapter, this session will also explore how identity security is evolving as organizations introduce AI agents and increasingly automated workflows. 📅 June 11 👉 Register here: https://t.co/NwexgMfgzK #Zeek #NetworkSecurity #Cybersecurity #ThreatHunting

Security teams have spent years collecting more telemetry. The next challenge is turning that telemetry into something analysts can act on. In this episode of Corelight DefeNDRs, Dave Getman joins Richard Bejtlich to discuss the evolution of Corelight Investigator, the role of agentic triage in security operations, and why investigation outcomes improve when conclusions remain tied to the evidence behind them. 🎧 Available now: https://t.co/zQxSi2GCUL #Cybersecurity #NetworkSecurity #SOC #AI #NDR

Insider threats don’t look like external attacks. The access is legitimate. The credentials are valid. Suspicious activity is often intertwined with legitimate work, making it harder to identify what deserves attention. That’s why detection has to move beyond access alone and focus on behavior, context, and activity across the environment. 📖 Read the full white paper: https://t.co/K9NS9yeMo8 #Cybersecurity #InsiderThreats #NetworkSecurity #NDR

Eliminate noise. Expose blind spots. AI can help SOC teams move faster, but investigation outcomes still depend on the quality of the data behind them. Join Corelight and Keysight Technologies for a discussion on how high-fidelity network evidence helps analysts reduce noise, improve context, and support AI-driven workflows with more reliable data. 📅 June 24, 2026 👉 Register here: https://t.co/vGWLVzZROS #Cybersecurity #AI #NetworkSecurity #SOC

We’re excited to announce that Corelight Open NDR is now integrated with Cisco Cloud Control 🎉 Joint customers can now bring Corelight Open NDR data, detections, and uniquely powerful network evidence directly into Cisco Cloud Control. Shared data and insights help agents reason and act faster across security investigations, improving the speed and accuracy of agentic security workflows. Learn more 👉 https://t.co/u7l4bRUxxl #CiscoCloudControl #NDR #NetworkSecurity

AI in the SOC is getting a lot of attention. The quality of the investigation still comes down to the evidence behind it. At Gartner Security & Risk Management Summit, we’ll be sharing new “Provably Better Data” research showing how high-fidelity network evidence improves AI-driven investigations and triage outcomes. Stop by Booth #115 for a live demo of agentic triage and to explore the latest research. 🎧 Bonus: attendees can enter for a chance to win Apple AirPods Max 2. 📍 June 1–3 | National Harbor, MD 👉 Plan your visit: https://t.co/Il3JWjxzR1 #GartnerSEC #Cybersecurity #NetworkSecurity #AI #NDR

Defenders already know that better evidence leads to better investigations. What’s changing is the scale at which that difference compounds inside increasingly automated SOC workflows. Greg Bell shares findings from a set of experiments measuring how different network data sources affected AI performance during CTF and incident response scenarios, including investigative accuracy, speed, and depth of analysis. 📖 Read the full breakdown: https://t.co/L9GGT1mcKv #Cybersecurity #NDR #AI #NetworkSecurity