#United States #San Francisco #AI Security #Corelight #Network Detection

Corelight Enhances Evasive Threat Detection with New AI-Powered Features

As cyber threats grow more sophisticated, maintaining robust security has never been more crucial. Corelight, a rising leader in network detection and response (NDR), has recently unveiled substantial enhancements to its threat detection capabilities. These advancements focus on improving the detection of evasive cyber threats and incorporating integrated threat intelligence to meet the evolving landscape of cyberattacks.

Addressing Evasive Threats

The latest launch by Corelight introduces enhanced capabilities aimed at addressing evasive threats which have increasingly eluded conventional security measures. Recent reports indicate a worrying trend: attacks exploiting edge devices and virtual private networks (VPNs) have surged dramatically, with breaches from such sources jumping from 3% to an astonishing 22% year-over-year. The challenges are compounded by findings from Gigamon, revealing that a staggering 96% of lateral movements remain undetected by traditional security tooling. Meanwhile, CrowdStrike’s 2025 Global Threat Report reports that adversaries can now lateral move within systems in an average of just 48 minutes following a breach. Clearly, the need for advanced detection and response capabilities is urgent.

Corelight is responding to this situation by blending its extensive network evidence with CrowdStrike’s adversary-driven indicators of compromise (IOC) feeds. The combination furnishes security operation teams with powerful tools to identify and react swiftly to sophisticated cyber threats while minimizing false positives and alleviating analyst burdens.

Key Features of the Enhancement

1. Expanding Anomaly Detection

Corelight's new machine learning models have been significantly optimized to detect suspicious administrative activities and lateral movements. They now identify unusual behavior related to executable file transfers and Remote Desktop Protocol (RDP) usage.

2. Advanced East-West Detection

The enhanced capabilities now cover complex lateral attack techniques such as brute-force credential theft and vulnerability misconfigurations. With this advancement, security teams are better equipped to identify potential pathways that attackers may exploit.

3. Supervised Machine Learning Enhancements

The introduction of additional supervised machine learning models focuses on identifying anonymous network traffic and malicious SSL certificates. These improvements also include new tuning features that significantly reduce noise and enhance signal quality.

4. Innovative Command-and-Control (C2) Detection

The latest updates bolster Corelight's ability to monitor advanced tools used by adversaries, which can disguise themselves as normal HTTPS traffic, thus slipping past conventional security controls.

New Corelight Threat Intelligence Feature

Beyond the advanced detection features, Corelight now also delivers a new Threat Intelligence feature that provides real-time, high-fidelity IOCs. Initially partnering with CrowdStrike, these IOCs bring validated intelligence to security teams, significantly enhancing real-time and historical threat detection. The integration of CrowdStrike's indicators enables rapid and effective identification of threats based on up-to-date information, focusing security efforts on the riskiest vulnerabilities.

Security operations center (SOC) teams can now prioritize threats efficiently, based on their potential impact, while benefiting from streamlined visibility and quicker response times.

“Adversaries leverage AI and technological advancement to exploit vulnerabilities faster than ever, turning exposed devices into entry points for significant breaches,” explains Adam Meyers, Head of Counter Adversary Operations at CrowdStrike. “By embedding CrowdStrike’s adversarial intelligence with Corelight’s detection architecture, we are equipping defenders to match the rapid evolution and sophistication of cyber threats.”

Corelight's enhancements also facilitate integration with third-party threat intelligence platforms, including Analyst1, effectively automating updates and eliminating manual processes.

Competitive Edge of Corelight

Corelight stands out as the sole NDR provider that seamlessly integrates endpoint and vulnerability data within its network sensors, equipped with leading threat intelligence sources. This innovative approach is crucial, particularly as threat actors increasingly shift toward exploiting vulnerable edge devices, which lack the protections offered by endpoint detection and response (EDR) systems.

Cybersecurity analyst Rik Turner notes that Corelight’s integration of intelligence feeds can significantly ease the management load on enterprise teams facing multiple threat intelligence sources. This approach allows security personnel to focus on actionable insights rather than concerning themselves with fragmented systems.

Availability

These cutting-edge features are now part of the Corelight Open NDR platform, readily available for organizations looking to safeguard against ever-evolving cyber threats. For more details on Corelight's enhancements, visit their official site Corelight.

About Corelight

Corelight transforms network and cloud activity into actionable security insights, enabling teams to proactively tackle threats and enhance incident response capabilities. With a broad client base encompassing Global 2000 companies and major government entities, Corelight is at the forefront of modern cybersecurity solutions, emerging from the creators of the highly respected open-source network technology, Zeek®. For more information, visit www.corelight.com.