Corelight, Inc. - Experts & Thought Leaders

More than half (54%) of European IT decision makers (ITDMs) admit that the fear of their organisation being attacked by cybercriminals regularly keeps them awake at night. The figure rises to 63% among smaller-sized companies with 100-249 employees, according to data from Corelight. Titled: Productive Paranoia - How Threat Hunters Can Turn Their Fear of the Unknown into a Positive, the report gathered insights from senior ITDMs across the UK, France, and Germany and highlights the anxiety caused by the rapidly changing threat landscape. Advanced AI technology Despite meticulous planning, the unpredictability of cyber threats remains a significant challenge. With remote work environments and supply chain threats dominating the list of concerns, ITDMs are in a constant race to keep up with the latest threats. "Ambiguity and uncertainty are not just occasional challenges but the norm in security operations," says Matt Ellison, technical director EMEA at Corelight. "This is why embracing what we term 'productive paranoia' is crucial. By combining advanced AI technology with human intelligence, organisations can proactively manage threats and build resilience." Survey insights: The pulse of European IT professionals A survey tells that 86% of IT decision-makers have been feeling pressure from leadership since 2020 The survey reveals that 86% of IT decision makers are feeling increased pressure from executive leadership since 2020. This pressure is compounded by the ever-shifting threat landscape, where remote working environments currently top the list of challenges (51%), with supply chain threats expected to rise significantly (67%) over the next year. Whilst playing catch-up with the latest threats is the biggest challenge for half of the respondents (49%), and a lack of access to threat intelligence is a critical issue for 68%. Embracing the fear: Building resilience Despite these challenges, there is a clear drive to address anxiety and build resilience against new and unknown threats. More than three-quarters (78%) of respondents are committed to enhancing their SecOps capabilities. However, the fast-changing threat landscape (44%) and a shortage of skilled security team members (41%) remain significant barriers. The perfect security formula: AI and human intelligence GenAI enriches threat-hunter productivity by reducing human error and refining queries The survey also sheds light on the ideal security approach, which respondents believe to be a blend of people and technology. Nearly half (45%) of the organisations already employ dedicated threat hunters, with risk-based threat hunting and threat intelligence-based strategies being the most popular (both 60%). However, as threat volumes surge and adversaries deploy automated tools, human efforts alone are insufficient. This is where AI, specifically GenAI, comes into play. GenAI enhances threat hunter productivity by reducing human error and enabling rapid, sophisticated search queries. It can also summarise large data volumes, preventing analyst overload. It's no surprise that 89% of respondents are either using GenAI or planning to integrate it into their solution stacks. When asked about the biggest impact on improving security scenarios by 2033, the most popular answer was "AI & automation for threat hunting and prevention" (50%). Taking action: Future initiatives European ITDMs are enthusiastic about enhancing SecOps capabilities with GenAI. They believe the technology will help mitigate attacks based on past tactics (75%), improve threat detection (71%), and shorten the breach cycle (63%). However, they also recognise the need to mitigate potential GenAI risks and enhance in-house skills. Respondents indicate plans to implement several initiatives in the coming year: Training to hunt threats with and without GenAI, to avoid over-reliance on the technology (68%) Validating GenAI output, especially for threat detection algorithms (58%) Hiring talent to incorporate GenAI capabilities into solutions (62%) Guarding against external tampering of GenAI algorithms (59%) Guarding against AI-generated false information (60%). AI and automation "The world is filled with uncertainty, but by enhancing and upskilling in-house talent with AI and automation, IT pioneers can turn their paranoia about the future into a strategic advantage," adds Ellison. "It's time to put the plan into action."

Corelight, a pioneer in open network detection and response (NDR), published a new research paper highlighting the strong divide among European IT pioneers over the suitability of generative AI (GenAI) for use by their cybersecurity teams. The latest study has found that, although 46% of respondents state that they are proactively looking at how to incorporate the technology in their cybersecurity approaches, 44% also believe that the sensitive nature of the data involved – along with engrained enterprise silos – will in fact make it difficult to use GenAI. Of the approximately one-third of responding organisations not currently using GenAI technology for threat detection and response, 37% cite C-suite concerns as the reason. AI-powered products “Our research highlights a fair degree of market scepticism and a clear need for further education, particularly amongst C-level executive teams,” says Matt Ellison, Technical Director of EMEA, Corelight. “However, we know that GenAI will give SOC teams a major boost in delivering the insights analysts need to enhance productivity and bridge skills gaps.” He continued: “Security vendors must work hard to build sufficient guardrails into their AI-powered products, so more organisations can enhance threat detection and response with this transformative technology.” Perception of GenAI Corelight found European ITDMs were split down the hub in their perception of GenAI Corelight found European ITDMs (IT Decision Makers) were split down the middle in their perception of GenAI use for cybersecurity and exactly half (50%) of the responding ITDMs believed GenAI would have the biggest impact on providing alert context and analysis. They also cite the following potential use cases: Maintaining compliance policies (41%) Recommending best practices on domain-specific languages like identity and access management policy (36%) Unstructured vulnerability information (35%) Providing remediation guidance (35%) Unstructured network connection and process information (32%) Implementation of GenAI A further 28% plan to incorporate these abilities into more use cases in the future Alongside some clear concerns and question marks about the practical use and implementation of GenAI in a security environment, 68% of respondents with dedicated threat hunters say it’s already helping their threat detection and protection efforts. A further 28% plan to incorporate these capabilities into more use cases in the future. Despite the legitimate concerns of many European ITDMs, many have a positive view of the future. More than 40% of respondents claim AI and automation are central to creating “the perfect security formula”. Interact with the GenAI model “Generative AI has been successfully applied for alert enrichment and contextualisation, providing SOC analysts with enhanced incident response capabilities,” added Ignacio Arnoldo, Director of Data Science, Corelight. He continued: “GenAI's adoption is hindered by concerns over data confidentiality and model accuracy. As models improve in overall reasoning capacity and cybersecurity knowledge, and as more LLM deployments include structural privacy protections, GenAI is set to become integral to security operations.” Corelight helps customers mitigate data protection concerns by establishing a functional firewall so that customer-specific data cannot interact with the GenAI model. Pre-vetted GenAI prompts are used to contextualise alerts and provide analysts with investigative recommendations.

Corelight, provider of the industry’s first open network detection and response (NDR) platform welcomed Clint Sand as its new senior vice president of product. In this role, Sand will be responsible for all aspects of the Corelight product portfolio, including product management, product design, roadmap, and strategy. “Clint brings a rare combination of strong cybersecurity and product delivery expertise combined with the visionary thinking, critical innovation, and prototyping skills we need as we continue to expand our product portfolio,” said Brian Dye, CEO of Corelight. “As we help customers adopt data-centric security, we are both entering adjacent data markets and creating an open analysis ecosystem. Clint’s leadership to navigate this wide range of opportunities to best benefit our customers and community is critical. He will be a tremendous asset to Corelight and I am thrilled to have him on board.” Technology-based experience Focus and conviction for leveraging open source to give network defenders the high ground against advanced adversaries " Sand brings a rich background of more than 20 years of experience in the technology space and has extensive experience building and scaling the teams and technology that deliver new products from early incubation through to maturity and profitability in both enterprise and consumer markets. Most recently, he held executive product positions at Malwarebytes and NortonLifeLock, where he was responsible for new product growth in emerging markets, ranging from Internet-of-Things (IoT) and consumer network security to the next generation enterprise endpoint.  Leveraging open sources “Corelight brings my passion for open source projects and community together with my roots and expertise in cybersecurity,” said Sand. “I share Corelight’s collective focus and conviction for leveraging open source to give network defenders the high ground against advanced adversaries. I am thrilled to join the team and I am really excited to work with some of the most talented individuals and customers in the industry.” “Sand also served as the chief product officer for Symantec’s Cybersecurity Services division, focused on SaaS-based threat intelligence solutions, managed security services, and new products across incident response, threat hunting, cloud security, and cyber wargaming. He has been an open-source community contributor and advocate throughout his career.”