Corelight's Brian Dye on NDR's Role in Defeating Ransomware
Corelight CEO Shares How NDR Solution Improves Incident Response and Cloud SecurityNetwork detection and response offers visibility into attack behaviors that evade endpoint defenses, such as lateral movement, and can uncover data breaches after ransomware strikes.
Corelight CEO Brian Dye said network detection and response plays a vital role in detecting ransomware before encryption begins and can be used to confirm what data attackers have compromised. NDR gives visibility into attacker behavior across different stages of an attack from command and control to lateral movement and allows defenders to review activity to verify or refute claims about timeline or scope (see: Corelight Pursues IR Partnerships, Smaller Enterprise Deals).
This visibility came in handy for a Corelight customer in the middle of a ransomware attack last year. "There's no honor among thieves," Dye said. "The attacker claimed they had stolen about 10 times more than they did. So, the ability to prove what the actual situation is, scope the real totality of the attack and then make your decisions accordingly is really, really important in those situations."
In this video interview with Information Security Media Group at Black Hat 2024, Dye also discussed:
- The balance between network breadth and endpoint depth in cybersecurity;
- The importance of network visibility in validating containment after an attack;
- Effectively addressing cloud visibility challenges through network monitoring.
Dye has deep leadership experience across infrastructure security, information security, cloud security services and security management. He joined Corelight in 2018 from McAfee, where he was executive vice president of the Corporate Products Group, leading the global corporate security product portfolio. Prior to that, he led the Mobile Platforms Group at Citrix and spent more than a decade at Symantec.