Black Hat , Events , Fraud Management & Cybercrime

Corelight's Brian Dye on NDR's Role in Defeating Ransomware

Corelight CEO Shares How NDR Solution Improves Incident Response and Cloud Security
Brian Dye, CEO, Corelight

Network detection and response offers visibility into attack behaviors that evade endpoint defenses, such as lateral movement, and can uncover data breaches after ransomware strikes.

Corelight CEO Brian Dye said network detection and response plays a vital role in detecting ransomware before encryption begins and can be used to confirm what data attackers have compromised. NDR gives visibility into attacker behavior across different stages of an attack from command and control to lateral movement and allows defenders to review activity to verify or refute claims about timeline or scope (see: Corelight Pursues IR Partnerships, Smaller Enterprise Deals).

This visibility came in handy for a Corelight customer in the middle of a ransomware attack last year. "There's no honor among thieves," Dye said. "The attacker claimed they had stolen about 10 times more than they did. So, the ability to prove what the actual situation is, scope the real totality of the attack and then make your decisions accordingly is really, really important in those situations."

In this video interview with Information Security Media Group at Black Hat 2024, Dye also discussed:

  • The balance between network breadth and endpoint depth in cybersecurity;
  • The importance of network visibility in validating containment after an attack;
  • Effectively addressing cloud visibility challenges through network monitoring.

Dye has deep leadership experience across infrastructure security, information security, cloud security services and security management. He joined Corelight in 2018 from McAfee, where he was executive vice president of the Corporate Products Group, leading the global corporate security product portfolio. Prior to that, he led the Mobile Platforms Group at Citrix and spent more than a decade at Symantec.


About the Author

Michael Novinson

Michael Novinson

Managing Editor, Business, ISMG

Novinson is responsible for covering the vendor and technology landscape. Prior to joining ISMG, he spent four and a half years covering all the major cybersecurity vendors at CRN, with a focus on their programs and offerings for IT service providers. He was recognized for his breaking news coverage of the August 2019 coordinated ransomware attack against local governments in Texas as well as for his continued reporting around the SolarWinds hack in late 2020 and early 2021.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing cuinfosecurity.com, you agree to our use of cookies.