Brian Dye, chief product officer at cybersecurity firm Corelight, has said agencies should implement data-driven security approach and open source-based tools to protect their networks from cyber attacks. Dye wrote that some federal agencies have shifted toward that approach with the use of an open-source network analysis framework called Zeek and the Risk Management Framework of the National Institute of Standards and Technology.
“For a high-level, strategic view, agencies need to have all three of those bases covered. If they don’t, it will take significantly longer to find threats, and some won’t be discovered. That puts organizations in the difficult position of not knowing what they don’t know,” Dye said.
He said data-centric security makes use of the “right data” and that there are three data sources agencies can leverage: threat intelligence, the network and the endpoint. Dye discussed how Community ID could help agencies identify a network flow across security platforms as well as the potential benefits of open source tools to agencies.
“Open source-based tools are crucial for ensuring that agencies have good data to work with when building a defensive program,” he said. “Such tools provide data that is adaptable, extensible and often irreplaceable. If the right information isn’t in the raw data, no amount of post-processing or analytics will ever compensate for that.”