Corelight

Effective detection is built on tradeoffs. In the latest episode of Corelight DefeNDRs, Richard Bejtlich continues the conversation with Corelight co-founder and chief scientist Vern Paxson in part two of this two-part series on detecting DNS-based covert channels. In this episode, Vern focuses on the design decisions behind real-world detection logic. He explains why competing goals force tradeoffs, how those choices affect outcomes, and what they observed when applying this logic to live networks. Catch part two of the conversation below 👇 🎧 Apple: https://lnkd.in/e6GeJ6qD 🎧 Spotify: https://lnkd.in/exSgiJCU 🎧 YouTube: https://lnkd.in/g-Zs2pD5 #NetworkSecurity #ThreatDetection #DNS #SecurityResearch

Most breaches don’t start with an alert. They start in the parts of the network defenders don’t watch closely. Unmanaged devices. Legitimate protocols. Activity that looks routine until it isn’t. On January 27 at 10:00 a.m. GMT, Matthew Ellison, Director of Sales Engineering – EMEA, breaks down how modern adversaries move through these dark corners to establish persistence and move laterally, and what defenders can do to surface activity designed to blend in. 🔗 Register now: https://lnkd.in/gEjv8d4r #NetworkSecurity #ThreatDetection #NDR

🔮 Prediction #5: In 2026, asset visibility will define how effectively teams can defend their environments. Despite years of investment, many organizations still enter 2026 without a complete picture of what they are defending. Cloud growth, legacy environments, and fragmented ownership models continue to obscure asset visibility. Attackers exploit those gaps quietly and repeatedly. Defensive confidence is increasingly tied to awareness, not tooling volume.

🔎 Threat hunting is easy to talk about. It’s harder to watch it happen. On January 13, we’re hosting a LinkedIn Live where defenders can see real threat hunts conducted in real time, using network data to test hypotheses and uncover attacker behavior. Join David Strom and Corelight’s Mark Overholser as they walk through live hunt scenarios and show how experienced analysts think, pivot, and validate findings as the investigation unfolds. Register below 👇 #ThreatHunting #NetworkSecurity #NDR

🚨 We’re going live in ONE HOUR! Join us to watch live threat hunts in action, from forming a hypothesis to pivoting across network data to reveal attacker behavior. 🕚 Starting at 11:00 AM PST 🔗 Register and join us on LinkedIn: https://lnkd.in/g988p5AY #ThreatHunting #NetworkSecurity #NDR

Tomorrow, we’re going live with real threat hunts 🎥 Join us as Mark Overholser and David Strom walk through live investigations, showing how defenders identify suspicious behavior, test assumptions, and uncover activity that traditional alerts often miss. If you want to see how threat hunting works beyond theory, this session is worth your time. 📅 January 13 | 11:00 AM PST 🔗 Register on LinkedIn: https://lnkd.in/g988p5AY #ThreatHunting #NDR #NetworkSecurity

🔮 Prediction #4: Resilience will depend on long-term readiness, not short-term reaction. Cyber activity in 2026 cannot be separated from geopolitics. Global tension continues to influence where attacks originate, who they target, and how much disruption they aim to cause. What once felt episodic now feels persistent. Defending critical systems increasingly means planning for sustained pressure, not isolated incidents.

IT Associate in the IT Services Industry gives Corelight Open NDR Platform 5/5 Rating in Gartner Peer Insights™ Network Detection and Response Market. ⭐️⭐️⭐️⭐️⭐️ Read the full review here: https://gtnr.io/8kDvHdzak #GartnerPeerInsights #NDR

🔮 Prediction #3: The SOC of 2026 will be defined by how well it can evolve, not how much it can consolidate. In 2026, consolidation no longer automatically equals simplicity. As threats evolve, rigid, all-in-one architectures are showing their limits. When platforms struggle to adapt or integrate, blind spots form, often where attackers deliberately operate. SOC teams are reassessing whether their architecture enables change or resists it.

AI is accelerating how cyberattacks move, scale, and hide. Adversaries are increasingly using AI-driven techniques and living-off-the-land methods to blend into normal activity, overwhelm manual detection, and compress the time between intrusion and impact. In a recent article on Bleeping Computer, LLC, we look at how AI-powered attacks are evolving, why traditional defenses struggle to keep pace, and how network visibility helps defenders spot abnormal behavior, even when attackers hide in plain sight. 🔗 Read more: https://lnkd.in/ecpCtb6h #NetworkSecurity #ThreatDetection #NDR