Brian Dye, chief product officer at cybersecurity firm Corelight, has said agencies should implement data-driven security approach and open source-based tools to protect their networks from cyber attacks. Dye wrote that some federal agencies have shifted toward that approach with the use of an open-source network analysis framework called Zeek and the Risk Management Framework of the National Institute of Standards and Technology.
œFor a high-level, strategic view, agencies need to have all three of those bases covered. If they don™t, it will take significantly longer to find threats, and some won™t be discovered. That puts organizations in the difficult position of not knowing what they don™t know, Dye said.
He said data-centric security makes use of the œright data and that there are three data sources agencies can leverage: threat intelligence, the network and the endpoint. Dye discussed how Community ID could help agencies identify a network flow across security platforms as well as the potential benefits of open source tools to agencies.
œOpen source-based tools are crucial for ensuring that agencies have good data to work with when building a defensive program, he said. œSuch tools provide data that is adaptable, extensible and often irreplaceable. If the right information isn™t in the raw data, no amount of post-processing or analytics will ever compensate for that.
