Shauli Zacks
Published on: March 10, 2024
In an enlightening interview with SafetyDetectives, Bernard Brantley, the Chief Information Security Officer (CISO) of Corelight, delves into his unconventional journey into the world of cybersecurity and the innovative strategies propelling Corelight ahead in the field of Network Detection and Response (NDR). With a background as diverse as being a loan officer to a door-to-door salesman before venturing into cybersecurity, Bernard’s path is a testament to the dynamic and evolving nature of the tech industry. At the heart of Corelight’s success is its pioneering integration of generative AI with open-source data, offering unparalleled insights and efficiencies in threat detection and response. Bernard’s vision as CISO focuses on cultivating the next generation of security leaders and seamlessly integrating advanced security measures to support and protect the digital infrastructure of businesses globally.
Thank you Bernard for your time. I understand you’ve had quite an interesting journey on your way to becoming CISO at Corelight, can you share some of the highlights?
Before tech, I was all over the map. I was a loan officer, construction laborer, door-to-door salesman and lastly an assistant manager at FootLocker. Although I spent time at one of the best colleges in the nation, in the 2000s I really struggled to find my place in the economy. Out of desperation, I taught myself how to ‘audit’ wireless networks and got hooked on the challenge of learning how systems worked.
I parlayed that into my first datacenter job but knew that I wanted to do security. I made my first cross-country move to work at a security startup, AlertLogic where I started as a sys-admin and ended as a security researcher. Between then and now I architected, deployed and managed Network Security Monitoring (NSM) and analytics solutions at Microsoft for their High Value Asset (HVA) environments, led a threat hunting and threat intelligence team for Amazon Consumer payments and now have the honor of serving as CISO at Corelight. I’ve had the good fortune of working with and for some amazing people on the security of core infrastructure at some of the largest companies on the planet.
Could you elaborate on Corelight’s unique approach to NDR (Network Detection and Response) with its integration of generative AI and open-source data? How does this set Corelight apart from other NDR vendors?
Corelight designed its Open NDR Platform around open source data formats (Zeek, Suricata, Sigma) and has pioneered the use of generative AI for NDR. We have an industry leading integration with OpenAI’s GPT model that uses AI-driven language processing to provide alert explainability and AI-generated guidance for alert validation and response. We recognize both the capabilities and limitations of ML/AI and do not overweight their application in our detection stack.
We instead strive to “use the right tool for the job” in our approach to security analytics, whether that’s machine learning, deep learning, behavioral analysis, signatures, or threat intelligence. We know that analytic technology has optimal use cases depending on the attack type, infrastructure and customers needs. We have a proven-track record of demonstrating that value among the world’s apex defenders.
As the CISO at Corelight, what are your primary responsibilities and objectives in terms of ensuring the security of the organization’s infrastructure and data?
Selfishly, I believe my core responsibility is to hire and develop the next generation of security leaders. As such, I work to ensure that the minds on my team reflect the varied backgrounds of the people who would be impacted by the intrusion or compromise of companies and services Corelight helps defend.
My second responsibility is to enable the individuals on my team to do what they do best. I own Governance, Risk and Compliance (GRC), Secure Infrastructure, Security Operations (Intelligence) and IT. I set the vision, co-develop strategic and operational goals, then do my best to get out of my team’s way. We focus heavily on engagement and try to minimize how much the rest of the business has to think about security during the execution of their jobs.
What are some common challenges that CISOs encounter when it comes to implementing effective cybersecurity strategies?
For me, it’s striking a balance between aspirational goals and what can get done now. If security were the only objective of the business, I would be implementing whizz bang, self-engineered predictive A.I. supported by a tier one intelligence team and tracking the smallest indication of nation-state adversaries knocking at our door.
In reality, we are here to support the business and the business needs to move quickly to grow. Disrupting engineering, product, or Go-to-Market execution comes at a high cost, so we have to make the right bets and we have to bring the entire company along for the journey. I think of the quote “Alone we go fast, but together we go far.” I’ve gotten much more comfortable with the crawl and walk phases of crawl, walk, run when it comes to implementing strategies.
In short, the most common challenge a CISO faces is risk acceptance due to limited, competing resources and priorities both inside and outside of the security organization.
What advantages does Corelight have by being the only NDR company powered by open source?
LLMs are the theme of the day so I’ll go with that. The largest language models have been trained on data from the internet and it just so happens that the open nature of Zeek and Suricata means that the LLMs were natively aware. We have been able to build on that to quickly deliver impactful, non-customer data specific outcomes to the market with blazing speed and precision. However, I think the biggest advantage is the community and its user base. There are very few places in the world where defenders haven’t heard of or used the open source offering and we are the beneficiaries of major contributions to the project from the likes of Microsoft, Amazon, Salesforce and others.
Given your extensive experience in the cybersecurity industry, what emerging trends do you believe will have the most significant impact on network security and NDR in the coming years?
I’m a huge fan of Cassie Kazyrkov, the work she did at Google and what’s to come in her new venture. She pioneered the field of Decision Intelligence and I believe the future of cybersecurity shares a parallel if not fully entwined path. I like to think of an organization as a body and the network like its nervous system, the conduit upon which all ins and outs of decisions in the company transit. What we’re really doing in network security is:
- Ensuring the reliability and integrity of expected decisions
- Identifying, diagnosing and enabling the correction of unwanted impacts due to unapproved/malicious decisions.
This requires the swift transmission of the right data to the right decision makers, a capability that is underleveraged by security teams. Instrumented correctly, the network security team and NDR tools have complete visibility of the chain from decision to action to environment to system(s) to data. In summary, network security as an intelligence output to support decision making is a trend that will have the most significant impact in the coming years.