Brian Dye, chief product officer at cybersecurity firm Corelight, has said agencies should implement data-driven security approach and open source-based tools to protect their networks from cyber attacks. Dye wrote that some federal agencies have shifted toward that approach with the use of an open-source network analysis framework called Zeek and the Risk Management Framework of the National Institute of Standards and Technology.
âFor a high-level, strategic view, agencies need to have all three of those bases covered. If they donât, it will take significantly longer to find threats, and some wonât be discovered. That puts organizations in the difficult position of not knowing what they donât know,â Dye said.
He said data-centric security makes use of the âright dataâ and that there are three data sources agencies can leverage: threat intelligence, the network and the endpoint. Dye discussed how Community ID could help agencies identify a network flow across security platforms as well as the potential benefits of open source tools to agencies.
âOpen source-based tools are crucial for ensuring that agencies have good data to work with when building a defensive program,â he said. âSuch tools provide data that is adaptable, extensible and often irreplaceable. If the right information isnât in the raw data, no amount of post-processing or analytics will ever compensate for that.â