Resilience: The New Priority for Your Security ModelCorelight CEO Brian Dye on Getting the 'Ground Truth' and Disrupting Attackers
Security leaders focus on protection and detection, but the new priority is resilience.
Resilience is about buying time to deal with "low and slow" attacks, being able to disrupt such attacks, and putting a premium on your capability to respond to threats that got past your detection capabilities, according to Brian Dye, CEO of Corelight.
A resilience strategy should "get the real 'ground truth' of what has happened" in the attack, Dye said, and the incident response team should treat "telemetry, logging and visibility as ... part of their security strategy." The "ground truth" is the information you know to be real and true because you have directly observed it or measured it. This truth should be "a complement to your other technologies," Dye said.
In this episode of CyberEd.io's podcast series "Cybersecurity Insights," Dye also discussed:
- The interrelationships between the CISO, CIO and CFO - especially in organizations that have a low tolerance for risk;
- How the fact that Corelight is an open-source based company makes it compatible with ChatGPT;
- Why "every security provider should be using large language models to automate SOC workflows."
Dye has leadership experience across both scaled and newly developed product lines, including infrastructure security, information security, cloud security services and security management. Prior to Corelight, he was executive vice president of the Corporate Products Group at McAfee. Before that, he led the Mobile Platforms Group at Citrix. Dye also served for more than a decade at Symantec Corp., where he attained the position of senior vice president of the Information Security Group.