Corelight’s Brian Dye: Data-Driven Approach, Open Source Tools Key to Building Defensive Cyber Program

Brian Dye, chief product officer at cybersecurity firm Corelight, has said agencies should implement data-driven security approach and open source-based tools to protect their networks from cyber attacks. Dye wrote that some federal agencies have shifted toward that approach with the use of an open-source network analysis framework called Zeek and the Risk Management Framework of the National Institute of Standards and Technology.

œFor a high-level, strategic view, agencies need to have all three of those bases covered. If they don™t, it will take significantly longer to find threats, and some won™t be discovered. That puts organizations in the difficult position of not knowing what they don™t know, Dye said.

He said data-centric security makes use of the œright data and that there are three data sources agencies can leverage: threat intelligence, the network and the endpoint. Dye discussed how Community ID could help agencies identify a network flow across security platforms as well as the potential benefits of open source tools to agencies.

œOpen source-based tools are crucial for ensuring that agencies have good data to work with when building a defensive program, he said. œSuch tools provide data that is adaptable, extensible and often irreplaceable. If the right information isn™t in the raw data, no amount of post-processing or analytics will ever compensate for that.

Sponsor