Summary:
In this episode of Exploring Information Security, host Timothy De Block sits down with Brian Dye from Corelight to discuss the evolution of cybersecurity, the importance of Network Detection and Response (NDR), and the challenges modern organizations face with securing their networks. Brian shares valuable insights into how Corelight leverages open-source technologies and data to provide advanced threat detection and forensics.
Key Topics Covered:
The Evolution of Corelight
Brian discusses the history of Corelight, the transition from the open-source project Zeek (formerly Bro) to the Corelight company, and the importance of supporting the open-source community. He also touches on how the company has grown as cybersecurity needs have evolved.Network Detection and Response (NDR)
Corelight's NDR solutions help organizations detect advanced threats that bypass traditional security controls like firewalls and EDR. Brian explains the differences between EDR and NDR, and why both are essential for a comprehensive cybersecurity strategy.AI and Machine Learning in Security
Brian dives into how Corelight has embraced AI and machine learning, particularly with generative AI (GenAI), to improve threat detection and response capabilities. He shares examples of how organizations are using GenAI to automate security workflows and accelerate alert investigations.The Changing Threat Landscape
Brian talks about how attackers are evolving their tactics, moving away from malware-based attacks to techniques like "living off the land" (LoL) to avoid detection. He discusses the importance of understanding these advanced attack methods and how NDR tools help provide the data needed to investigate and respond.Real-World Success Stories
Brian shares examples of how Corelight has helped organizations respond to cyber threats, including a ransomware attack scenario where Corelight's tools provided the necessary data to help the victim organization make informed decisions about whether to pay a ransom.The Future of Network Security
Looking ahead, Brian outlines the future of Corelight and its focus on expanding its data capabilities to enable more advanced detections. He highlights the importance of data as a foundational element for security and how Corelight plans to continue innovating in the NDR space.
Guest Bio:
Brian Dye is the Chief Product Officer at Corelight, a leading provider of Network Detection and Response (NDR) solutions. With years of experience in cybersecurity, Brian is dedicated to helping organizations defend against advanced threats using open-source tools and innovative technology.
Links and Resources:
Contact Information:
Leave a comment below or reach out via the contact form on the site, email timothy.deblock[@]exploresec[.]com, or reach out on LinkedIn.
Check out our services page and reach out if you see any services that fit your needs.