NTA
Improving on the Typical SIEM Model
Despite its inherent flaws, today’s SIEM software solutions still shine when it comes to searching and investigating log data. One effective, comprehensive approach to network security pairs the best parts of SIEM ...
Why a Platform With a Generative Baseline Matters
MixMode creates a generative baseline. Unlike the historically-based baselines provided by add-on NTA solutions, a generative baseline is predictive, real-time, and accurate. MixMode provides anomaly detection and behavioral analytics and the ability ...
NTA and NDR: The Missing Piece
Most SIEM vendors acknowledge the value of network traffic data for leading indicators of attacks, anomaly detection, and user behavior analysis as being far more useful than log data. Ironically, network traffic ...
The Problem with Relying on Log Data for Cybersecurity
One of the most prevalent issues impacting the effectiveness of security teams who use SIEM as their primary means of threat detection and remediation is the fact that data logs are an ...
Guide: The Next Generation SOC Tool Stack – The Convergence of SIEM, NDR, and NTA
Traditional security vendors offering solutions like SIEM (Security Information and Event Management) are overpromising on analytics while also requiring massive spend on basic log storage, incremental analytics, maintenance costs, and supporting resources ...
One Thing All Cybersecurity teams Should Have During COVID-19
COVID-19 has caused most corporate businesses that remain open to shift to a work from home, remote workplace. Because of this, the cybersecurity industry has been turned on its head. Security teams ...
Watch over DNS traffic with Corelight & Splunk
By Roger Cheeks, Solutions Engineer, Corelight Corelight sensors put your organization in the best position to watch over DNS traffic with a rich, powerful Network Traffic Analysis (NTA) data set. This article ...
Secure The Wrong Path or Change The Path?
How do I configure a firewall appliance in public IaaS? How do I install anti-virus inside a container? How do I filter calls to microservices via an appliance in my DMZ? Now, ...
Our “Applying Network-Centric Approaches for Threat Detection and Response” Paper Publishes
After many discussions and a bit of a re-write, our new paper “Applying Network-Centric Approaches for Threat Detection and Response” is finally ready (Gartner GTP access required). The abstract states “The escalating ...
Emotet, Lokibot, TrickBot still impacting enterprise environments globally
New research based on observed attack data over the second half of 2018 (2H 2018) reveals the command-and-control and lateral activities of three high-profile pieces of malware targeting large organizations in recent ...
