Security leaders have traditionally focused on protection and detection, but the new priority is resilience. According to Brian Dye, CEO of Corelight, resilience is about buying time to deal with “low and slow” attacks, being able to disrupt such attacks, and putting a premium on the capability to respond to threats that got past detection capabilities.
Dye emphasized that a resilience strategy should aim to “get the real ‘ground truth’ of what has happened” in an attack. He also stressed the importance of treating “telemetry, logging and visibility as part of the security strategy,” stating that this truth should be “a complement to other technologies.”
In a recent episode of CyberEd.io’s podcast series “Cybersecurity Insights,” Dye discussed the interrelationships between the CISO, CIO, and CFO, especially in organizations with a low tolerance for risk. He also talked about how Corelight’s open-source based approach makes it compatible with ChatGPT, and why he believes that “every security provider should be using large language models to automate SOC workflows.”
With leadership experience across scaled and newly developed product lines, including infrastructure security, information security, cloud security services and security management, Dye brings a wealth of expertise to his role at Corelight. Prior to joining the company, he held executive positions at McAfee and Citrix, and served for more than a decade at Symantec Corp.
As organizations continue to face evolving cyber threats, the focus on resilience as a key priority for security leaders has become increasingly crucial. In addition to prioritizing protection and detection, the ability to respond to threats and disrupt attacks has become essential in maintaining a strong cybersecurity posture.
Dye’s insights on the importance of gaining the “ground truth” in cyber attacks and leveraging telemetry, logging, and visibility as part of the security strategy underscore the evolving nature of cybersecurity practices. His emphasis on the interrelationships between key organizational leaders and the need for automation in SOC workflows reflects the complex and dynamic landscape of cybersecurity in today’s digital environment.
As the threat landscape continues to evolve, security leaders will need to adapt and prioritize resilience as a critical component of their overall cybersecurity strategy. By focusing on resilience, organizations can better prepare for and respond to a wide range of cyber threats, ultimately strengthening their security posture and mitigating potential impacts of attacks.