Corelight has announced significant enhancements to its AI-powered network detection and response (NDR) platform, introducing new capabilities to identify evasive threats and integrating real-time threat intelligence from CrowdStrike. These advancements are designed to help security teams detect sophisticated attacks, such as lateral movement and credential compromise, while reducing false positives and analyst workload in the face of rapidly shrinking attacker breakout times.
Quick Intel
Corelight enhances its NDR platform with new AI-powered evasive threat detection.
A new Corelight Threat Intelligence feature integrates IOC feeds from CrowdStrike.
Enhancements target lateral movement, credential theft, and anonymous network use.
The goal is to reduce false positives and close visibility gaps in network security.
The platform now supports integration with third-party threat intelligence platforms.
These updates address the rise in edge device and VPN exploits highlighted in recent reports.
Addressing the Escalation of Evasive Attack Techniques
The enhancements arrive as attackers increasingly bypass traditional security tools. Recent industry reports show a dramatic jump in the exploitation of edge devices and VPNs as breach entry points, while the vast majority of lateral movement activity goes undetected. With adversary breakout times averaging just 48 minutes, defenders require more intelligent and automated detection. "As attackers leverage AI tools and become more sophisticated in their ability to bypass traditional security, organizations need detection capabilities that can identify threats operating in the network layer," said Vijit Nair, Corelight vice president of product.
Comprehensive Enhancements to Detection and Intelligence
The update includes expanded machine learning models for detecting anomalous administrative behavior, sophisticated east-west attacks, and malicious SSL certificates. A key addition is the Corelight Threat Intelligence feature, which delivers high-fidelity, adversary-driven indicators of compromise (IOCs) from CrowdStrike directly into the platform. This provides validated context to help teams prioritize real threats. "By embedding CrowdStrike's adversary-driven intelligence feeds into Corelight's threat detection, we're giving defenders the same advantage: AI-driven speed, precision, and ultimately the context needed to detect and stop intrusions that others miss," said Adam Meyers, head of Counter Adversary Operations at CrowdStrike.
Conclusion
By combining rich network evidence with advanced AI detections and curated threat intelligence, Corelight is strengthening the defensive arsenal for modern Security Operations Centers. These enhancements provide the continuous visibility and context necessary to identify and respond to evasive, lateral attacks that traditional tools miss, enabling organizations to defend their networks more efficiently against determined adversaries.
Corelight transforms network and cloud activity into evidence that security teams use to proactively hunt for threats, accelerate response to incidents, gain complete network visibility, and create powerful analytics. Corelight's customers include Global 2000 companies, major government agencies, and large research universities. Based in San Francisco, Corelight is an open-core security company founded by the creators of Zeek®, the widely used open source network security technology.
TechIntelPro empowers B2B technology decision-makers with the latest industry trends, deep insights, leadership perspectives and actionable intelligence to drive both organizational and professional milestones—and thrive on the tech pulse.