Corelight

Insider threats don’t look like external attacks. The access is legitimate. The credentials are valid. Suspicious activity is often intertwined with legitimate work, making it harder to identify what deserves attention. That’s why detection has to move beyond access alone and focus on behavior, context, and activity across the environment. 📖 Read the full white paper: https://t.co/K9NS9yeMo8 #Cybersecurity #InsiderThreats #NetworkSecurity #NDR

Eliminate noise. Expose blind spots. AI can help SOC teams move faster, but investigation outcomes still depend on the quality of the data behind them. Join Corelight and Keysight Technologies for a discussion on how high-fidelity network evidence helps analysts reduce noise, improve context, and support AI-driven workflows with more reliable data. 📅 June 24, 2026 👉 Register here: https://t.co/vGWLVzZROS #Cybersecurity #AI #NetworkSecurity #SOC

We’re excited to announce that Corelight Open NDR is now integrated with Cisco Cloud Control 🎉 Joint customers can now bring Corelight Open NDR data, detections, and uniquely powerful network evidence directly into Cisco Cloud Control. Shared data and insights help agents reason and act faster across security investigations, improving the speed and accuracy of agentic security workflows. Learn more 👉 https://t.co/u7l4bRUxxl #CiscoCloudControl #NDR #NetworkSecurity

AI in the SOC is getting a lot of attention. The quality of the investigation still comes down to the evidence behind it. At Gartner Security & Risk Management Summit, we’ll be sharing new “Provably Better Data” research showing how high-fidelity network evidence improves AI-driven investigations and triage outcomes. Stop by Booth #115 for a live demo of agentic triage and to explore the latest research. 🎧 Bonus: attendees can enter for a chance to win Apple AirPods Max 2. 📍 June 1–3 | National Harbor, MD 👉 Plan your visit: https://t.co/Il3JWjxzR1 #GartnerSEC #Cybersecurity #NetworkSecurity #AI #NDR

Defenders already know that better evidence leads to better investigations. What’s changing is the scale at which that difference compounds inside increasingly automated SOC workflows. Greg Bell shares findings from a set of experiments measuring how different network data sources affected AI performance during CTF and incident response scenarios, including investigative accuracy, speed, and depth of analysis. 📖 Read the full breakdown: https://t.co/L9GGT1mcKv #Cybersecurity #NDR #AI #NetworkSecurity

The issue had been sitting on the network for years — undetected by the company's legacy NDR provider. Corelight identified it within the first 30 minutes of testing. Jay Miller walks through how a global cruise line evaluated visibility across its maritime and resort environments, including the challenge of inconsistent detections, overwhelming alarms, and limited context during investigations. The result was faster identification of network activity, more efficient investigations, and reduced SIEM storage pressure for the SOC team. 🎥 Watch the story! #NetworkSecurity #NDR #Cybersecurity

The conversation around AI in the SOC is shifting quickly. What matters now is whether defenders can investigate activity with enough context and evidence to keep pace. At Gartner Security & Risk Summit, the Corelight team will be discussing how organizations are approaching detection, investigation, and AI-assisted workflows with high-fidelity network evidence and deeper visibility across the environment. Find us at Booth #115 throughout the event. 📍 June 1–3 | National Harbor, MD 👉 Plan your visit: https://t.co/Il3JWjxzR1 #GartnerSEC #NetworkSecurity #Cybersecurity #NDR

“With enough eyes, all bugs are shallow” has long been a guiding idea in open source security. But what happens when the “eyes” are automated systems capable of surfacing vulnerabilities faster than organizations can realistically remediate them? On the latest episode of Corelight DefeNDRs, Greg Bell joins Richard Bejtlich to discuss Mythos, AI-assisted vulnerability discovery, and how large language models are changing the scale and speed at which software flaws are identified across platforms like FreeBSD and Firefox. The conversation also explores what this shift means for defenders, from assume-breach operations to the growing need for automation in investigation workflows. 🎧 Listen to the full episode, now available on all platforms: https://t.co/KTnWtK00Ve #Cybersecurity #AI #OpenSource #NetworkSecurity

Security leaders are being asked to move faster, investigate with more precision, and make decisions with less ambiguity. That starts with understanding what’s actually happening across the environment and having evidence that holds up during an investigation. If you’re attending Gartner Security & Risk Summit, stop by Booth #115 to see how Corelight approaches network evidence, detection workflows, and investigation at scale. 📍 June 1–3 | National Harbor, MD 👉 Learn more: https://t.co/Il3JWjxzR1 #GartnerSEC #Cybersecurity #NetworkSecurity #NDR

Investigations rarely stay in one dataset. You pivot between logs, alerts, and network activity, trying to connect the story. Having a clear reference for how those pieces fit together can make that process a lot faster. 📌 Download the cheatsheet: https://t.co/H3hj8xB7O1 #NetworkSecurity #SOC #NDR

The limiting factor for AI in the SOC may not be the model. It may be the data. In a series of controlled experiments using realistic attack scenarios, Corelight evaluated how different sources of network evidence impacted AI-assisted investigation performance. The conclusion was consistent across both exercises: low-quality data creates a hard ceiling for SOC performance. 📖 Explore the research: https://t.co/L9GGT1mcKv #NetworkSecurity #Cybersecurity #SOC #AI

AI models reasoned at full capacity regardless of the data source. They simply had less to reason about. In Corelight’s latest research, the same frontier models were tested against the same attack scenarios while only changing the network data available to them. The difference was measurable: 👉 Corelight logs improved CTF scores by over 350% compared to NetFlow 👉 Models using lower-quality network data could not answer 70% of critical investigative questions 👉 Richer evidence improved both investigative accuracy and speed The findings reinforce a growing reality for SOC teams: the knowledge ceiling is set by the evidence. 📖 Read the research: https://t.co/SNTr0QbuUS #Cybersecurity #NetworkSecurity #NDR #AI

AI can only work with the evidence it’s given. Corelight tested frontier LLMs against realistic attack scenarios while changing only one variable: the quality of the network data available to the model. The results were measurable. Better network evidence improved investigative performance, increased the number of incident findings, and reduced the time required to complete analysis. Greg Bell breaks down the findings and what they mean for SOC automation moving forward. 📖 Read more: https://t.co/L9GGT1mcKv #Cybersecurity #NetworkSecurity #AI #NDR

Many Zeek deployments reach a point where defenders are spending more time maintaining infrastructure than investigating activity. Sensors need tuning. Scripts require upkeep. Analysts are left stitching together context across disconnected workflows. On May 19, Matt Ellison will walk through five practical steps organizations are taking to operationalize Zeek with Corelight, including improving detection workflows, reducing operational overhead, and accelerating investigations with network evidence. 📅 Register for the webinar: https://t.co/7CuLV4ZBlB #Zeek #NetworkSecurity #NDR #Cybersecurity

DIY Zeek deployments often start strong. The challenge comes later: maintaining sensors, troubleshooting gaps in coverage, stitching together context, and trying to move from raw logs to actionable evidence at scale. Matt Ellison breaks down five signs that your current Zeek deployment may be limiting your potential. The next step isn’t replacing Zeek. It’s operationalizing it. 📖 Read more: https://t.co/rQJRlPmiZK #Zeek #NetworkSecurity #NDR #Cybersecurity

Trusted partnerships, operational visibility, and delivering digital combat power were central themes during the Allies & Partner Panel at AFCEA NOVA Space Force IT Day 2026. Moderated by John Connelly, Space Force IT Day Committee member and Corelight Account Executive, the discussion with Maj Gen Devin Pepper and Col Frank Brooks explored the realities of coalition interoperability and what it takes to coordinate across allied missions at operational speed. As cyber operations, space operations, and national security priorities continue to converge, conversations like this highlight the importance of resilient architectures and shared operational awareness. #NationalSecurity #SpaceForce #Cybersecurity #AFCEA #USSF