t cht lk
t cht lk
Corelight . I ' ve been at Corelight now for around fourand-a-half years working on various products before becoming head of product .
What are some of the main challenges facing security organisations today ?
After conversing with Chief Information Security Officers ( CISOs ) almost weekly for several years , it ’ s clear that the environments they intend to secure are becoming more complex . Several factors contribute to this evolution . The pandemic , for instance , forced many organisations to transition to remote work . Consequently , workloads and applications shifted from data centres and campuses to the cloud , adding layers of complexity . This on-going change is driven by developers , engineers and users adopting new and interesting technologies which continuously expand the attack surface . As a CISO , one must remain vigilant about the evolving threat model and address these changes consistently .
Adding to this complexity is the constantly shifting geopolitical landscape . Attackers are becoming increasingly resourceful and sophisticated , ranging from low-level hackers to nation-state actors who are equipped with advanced AI tools . Thus , not only are the environments growing more complex , but the threats are also becoming more sophisticated .
Compounding these challenges is the difficulty in securing skilled personnel . Despite significant investments in tools and processes , there has been inadequate focus on training and developing cybersecurity talent . This results in a persistent struggle to find individuals with the right skill set to protect organisations effectively . The tension between increasing complexity and sophisticated threats versus a shortage of adequately skilled professionals remains a significant hurdle for CISOs .
What steps can organisations take to strengthen their cybersecurity posture ?
As CISOs attempt to gain a comprehensive view of their organisation ' s current situation , they need to grasp the scale and complexity of their environment and focus on simplifying it . This involves reducing the number of tools in use to enable the team to concentrate on achieving their objectives rather than managing a multitude of tools . The focus should be on selecting fewer and more effective tools that help reach the desired outcome and by doing this , organisations can become more efficient .
Training within the organisation is also crucial as is identifying and nurturing individuals who are passionate about cybersecurity . Collaborating with other vendors often provides additional training resources for customers , which contributes to continually upskilling the workforce . This ensures they are prepared to tackle ever-evolving challenges .
In a nutshell , the CISO ' s role should revolve around maintaining a high-level perspective on the threat landscape , reducing the complexity of security tools and continually enhancing the skills of their team to stay ahead of potential threats .
How does Corelight address these challenges ?
Corelight is the fastest-growing Network Detection and Response ( NDR ) company . NDR monitors network activity and generates data and detections that help security organisations identify malicious behaviours . It ensures compliance and provides the tools and data necessary to address issues . Corelight ’ s NDR platform leverages open-source projects such as Zeek and Suricat in addition to our own technology to deliver Intrusion Detection , Network Security Monitoring and Smart PCAP solutions . SOC analysts regard this data as ' ground truth ' because it is impossible for attackers to bypass . Unlike other tools , Corelight focuses on network activities where attackers must inevitably operate , thereby illuminating the blind spots in an organisation ' s network .
We address challenges in three primary ways . First , we emphasise the power and quality of the data we generate . Unlike other tools that inundate analysts with irrelevant alerts , our focus on high-quality data reduces false positives and highlights significant detections . Our data is considered the de facto standard for network data . High-quality , security-centric and unopinionated data allows for effective analytics using Machine Learning and behavioural analysis tools , whereas poor data quality undermines even the best analytics .
Secondly , we have invested heavily in AI and ML capabilities as integral components of our product . Recently developed GenAI technologies enhance the analysts ' capabilities , providing them with advanced tools to boost their efficiency . Our AI-driven approach ranges from highly accurate but simple detections to sophisticated ones which are designed to maintain a high level of accuracy and explainability . This ensures analysts are not overwhelmed by noise and can understand the relevance and reasoning behind each detection .
Finally , our approach is validated by leading Incident Response organisations such as CrowdStrike and Google Mandiant which have standardised Corelight as their NDR tool . This validation , combined with substantial
80 INTELLIGENTCIO MIDDLE EAST www . intelligentcio . com