The issue had been sitting on the network for years — undetected by the company's legacy NDR provider. Corelight identified it within the first 30 minutes of testing. Jay Miller walks through how a global cruise line evaluated visibility across its maritime and resort environments, including the challenge of inconsistent detections, overwhelming alarms, and limited context during investigations. The result was faster identification of network activity, more efficient investigations, and reduced SIEM storage pressure for the SOC team. 🎥 Listen in to the full story below! #NetworkSecurity #NDR #Cybersecurity
Corelight
Computer and Network Security
San Francisco, CA 22,134 followers
Transforming network data into evidence, powering AI-driven detection and workflows, and enabling the AI SOC ecosystems.
About us
Corelight transforms network data into definitive evidence, powering AI-driven detection and expert-authored workflows, and enabling the AI SOC ecosystem. Delivered by our open NDR platform, Corelight’s comprehensive, correlated evidence gives you unparalleled visibility into your network. This evidence allows you to unlock new analytics, investigate faster, hunt like an expert, and even disrupt future attacks. Our on-prem and cloud sensors go anywhere to capture structured, industry-standard telemetry and insights that work with the tools and processes you already use. Corelight’s global customers include Fortune 500 companies, major government agencies, and research universities. Get started >> https://www.corelight.com/contact
- Website
-
https://www.corelight.com
External link for Corelight
- Industry
- Computer and Network Security
- Company size
- 201-500 employees
- Headquarters
- San Francisco, CA
- Type
- Privately Held
- Founded
- 2016
- Specialties
- Bro, Intrusion Detection, Cybersecurity, Zeek, Network Security Monitoring, NSM, Network Traffic Analysis, NTA, NDR, network detection and response, and Threat Detection
Employees at Corelight
Locations
-
Primary
Get directions
548 Market St, PMB 77799
San Francisco, CA 94104-5401, US
-
Get directions
5701 North High Street
Suite 308
Worthington, OH 43085, US
Updates
-
The first challenge in an AI-assisted SOC isn't the model. It's getting from a security question to the right evidence fast enough. In his latest blog, James Pope shares lessons from building and operating MCP-powered investigation workflows in the Black Hat NOC, including what worked, what didn't, and why context, retrieval, and workflow design often matter more than the protocol itself. The conclusion is simple: the evidence sets the ceiling. 📖 Read Chapter 1: https://lnkd.in/gURhseZP #BlackHat #AI #SOC #NetworkSecurity
-
-
Threat intelligence doesn't create value sitting in a feed. Its value comes from helping defenders understand what's happening on the network and prioritize what deserves attention. In his latest blog, Allen Marin explores why modern detection depends on combining high-quality threat intelligence with forensic-grade network evidence, enabling analysts to investigate activity with greater context and confidence. Read the blog: https://lnkd.in/g46sCu3Z #ThreatIntelligence #Cybersecurity #NetworkSecurity #ThreatDetection
-
-
Corelight reposted this
A 20x faster alert response time is a step-change in how security teams operate. Corelight delivers high-quality data, detections, and agentic capabilities to security teams working to move much faster. Corelight Security Engineer Jordan Hair built a custom harness, now powered by TAC GPT-5.5 to minimize the time to respond to alerts, perform threat hunts, and develop detections with some fantastic results. The impact: ☑️ 20x improvement in time to resolve alerts ☑️ 4x improvement in velocity for threat hunting and detection development ☑️ Noticeably higher quality and more detailed outputs Corelight’s work shows what happens when expert teams use Codex Security as a force multiplier inside the workflows where time, precision, and judgment matter most. Explore Codex Security: https://lnkd.in/gqaWjuR3
-
Change happens constantly in cloud environments. The challenge isn't identifying change. It's determining which changes deserve investigation. David Burkett discusses how defenders separate routine environmental drift from activity that warrants deeper analysis, and where automation can help reduce investigative overhead. Watch the full conversation below. #CloudSecurity #Cybersecurity #SOC
-
A network anomaly. A failed login. An unusual DNS request. Individually, these signals may not warrant investigation. Together, they can tell a very different story. In this article on The Hacker News, Corelight examines how agentic AI can correlate activity across large volumes of network data, helping analysts surface meaningful detections while spending less time on manual triage. 📖 Read more: https://lnkd.in/gTFhiDcz #Cybersecurity #SOC #NetworkSecurity #ThreatDetection
-
-
One sensor. One source of truth. Last week, Corelight released Sensor v29.1, extending the value of network evidence beyond security operations with new native network performance monitoring and passive asset classification capabilities. The result is a more complete view of what's happening across the environment, helping security and network teams work from the same evidence and context. Learn more: https://lnkd.in/gCY24KXG #Cybersecurity #NetworkSecurity #NDR
-
Critical infrastructure doesn't operate in isolation. Recently, United Airlines CISO Deneen DeFiore joined Brian Dye to discuss how defenders are approaching security across increasingly interconnected ecosystems of suppliers, partners, airports, and service providers. A consistent theme throughout the conversation was that effective defense depends on more than information sharing. Trusted relationships, operational visibility, and a collective approach to responding when something goes wrong all play a role. #RSAC2026 #CriticalInfrastructure #Cybersecurity #NetworkSecurity
-
The Corelight Open NDR platform has achieved FedRAMP In Process for Class C (Moderate) Certification status on the FedRAMP Marketplace 🎉 This milestone marks an important step toward bringing cloud-based network detection and response to U.S. federal agencies operating some of the world’s most complex and mission-critical environments. As agencies modernize infrastructure and move more workloads to the cloud, network-level evidence becomes essential for detecting sophisticated threats, accelerating investigations, and supporting defensible security outcomes. Learn more: https://lnkd.in/gaY8er8R #FedRAMP #Cybersecurity #NDR #NetworkSecurity #PublicSector
-
You can't write meaningful detections without meaningful data. A research university wanted to build custom monitoring and detection scripts, but existing NetFlow, server, and firewall logs weren't providing enough detail to support that effort. By enriching network activity with protocol-level data, analysts gained the context they needed to investigate behavior, search more effectively, and create detections around what was actually happening on the network. Scroll ⏩️ to see how the university approached network visibility and custom detection development. #Cybersecurity #ThreatDetection #NetworkSecurity