RSAC Fireside Chat: The NDR evolution story—from open source start to kill chain clarity
文章探讨了网络检测与响应(NDR)技术如何帮助企业应对新型隐蔽攻击("台风攻击"),通过提供全链条视图提升安全性。Corelight将开源工具Zeek转化为易用平台,使中型企业受益。生成式AI加速分析流程,与NDR结合助力威胁识别。 2025-4-24 18:48:49 Author: securityboulevard.com(查看原文) 阅读量:5 收藏

By Byron V. Acohido

As enterprises brace for a new wave of stealthy intrusions — so-called Typhoon attacks — security leaders are doubling down on network intelligence that goes beyond surface-level alerts.

Related: What is NDR?

In this RSAC 2025 Fireside Chat, I sat down with Corelight CEO Brian Dye to unpack how Network Detection and Response (NDR) is helping defenders cut through the noise and get to “ground truth.”

Techstrong Gang Youtube

AWS Hub

Dye likens these attacks to a storm system: nation-state-level intrusions that bypass traditional perimeter defenses and burrow in using “living off the land” techniques. Once inside, attackers blend in by hijacking trusted IT tools, often going undetected for months. “What NDR provides is connective tissue,” Dye says. “It helps SOC teams see the full kill chain — from initial access to lateral movement and potential exfiltration.”

We also explore how Corelight—born out of the open-source Zeek project—has steadily evolved from a tool used exclusively by elite defenders into a platform now accessible to mid-sized enterprises increasingly targeted by nation-state-level threats.

Dye recounts how, for years, only the most well-funded security teams could deploy Zeek effectively; Corelight’s contribution has been to package that capability for broader use, enabling SOCs with smaller teams to gain the same high-fidelity internal visibility once reserved for Big Ten banks and federal agencies.

At the same time, generative AI is beginning to make a material impact in daily SOC workflows. Dye notes that GenAI isn’t replacing human analysts—but it is accelerating their work. Smaller teams are already leaning on vendor-integrated LLMs to interpret alerts and suggest investigative next steps. Larger organizations are taking it further, training custom LLMs to enrich and cross-analyze telemetry in real time. Corelight, drawing on its open-source DNA, plays well in both scenarios—serving up structured, trustworthy network data as “fuel” for these AI-assisted investigations.

The bottom line? Visibility is currency. And in a world where threat actors increasingly masquerade as insiders, knowing what’s really happening — and proving it — could save you millions. “There’s a big difference between I think and I know,” Dye notes.

•Listen to the full podcast to hear why ground truth may be the most valuable asset in cybersecurity’s next frontier.

April 24th, 2025

*** This is a Security Bloggers Network syndicated blog from The Last Watchdog authored by bacohido. Read the original post at: https://www.lastwatchdog.com/rsac-fireside-chat-the-ndr-evolution-story-from-open-source-start-to-kill-chain-clarity/


文章来源: https://securityboulevard.com/2025/04/rsac-fireside-chat-the-ndr-evolution-story-from-open-source-start-to-kill-chain-clarity/?utm_source=rss&utm_medium=rss&utm_campaign=rsac-fireside-chat-the-ndr-evolution-story-from-open-source-start-to-kill-chain-clarity
如有侵权请联系:admin#unsafe.sh