Corelight was recently named Best Network Security Solution by The Tech Ascension Awards.
We spoke with Corelight CISO Bernard Brantley to discuss the network security challenges organizations face, and the importance of visibility and utilizing an evidence-based security strategy. Why are companies still challenged in obtaining a sufficient level of network visibility?
Companies are scaling and digitally transforming more parts of their operations at varying paces. The result is a more complicated network infrastructure involving combinations of technology stacks that are not necessarily set up to share information. This can make collecting and analyzing network evidence in response to a cybersecurity incident much more challenging, and it is a big reason why having an open platform that can collect comprehensive, correlated data is such a critical component to achieving this visibility.
Does greater visibility require spending more budget or is there a non cost-prohibitive pathway?
Greater visibility is not contingent on more dollars. Organizations can achieve better visibility through open network detection and response, enabling them to collect as much network data as they need - without the need to capture and store everything, which can be a costly endeavor.
How does Corelight Smart PCAP give teams access to the best network evidence?
With Smart PCAP, security teams, and the SOCs supporting them, can capture just the data packets they need for investigations and retrieve them with a single click from their SIEM. These packets provide access to weeks and months of important evidence they need to power investigations and respond to broader incident response activity more quickly. Teams can get this visibility in near real time without going through a collection process that could take weeks or months to complete.
Why do more organizations need to embrace an evidence-based cybersecurity strategy?
Without the right evidence, no organization can get to the ground truth. When organizations embrace an evidence-based strategy that places added importance on measuring and improving data quality and coverage, it results in higher case closure rates, lower mean time to repair (MTTR) and narrower breach disclosure.
If organizations do adopt such a strategy then what is their long term outlook when it comes to threat hunting and incident response?
Embracing an evidence-based strategy allows organizations and their security teams to evolve from a reactive position to a proactive one. With the right evidence, security teams can significantly speed up response times and conduct deeper analysis on their data to glean better insights that improve threat hunting activities and help disrupt future attacks.