What Endpoint Security Isn’t Catching: Why Network Visibility Still Matters | A Brand Story with ...
0At RSAC Conference 2025, Sean Martin catches up with Brian Dye, CEO of Corelight, to explore a recurring truth in cybersecurity: attackers adapt, and defenders must follow suit. In this episode, Dye lays out why traditional perimeter defenses and endpoint controls alone are no longer sufficient—and why it’s time for security teams to look back toward the network for answers.
Beyond the Perimeter: Visibility as a Force Multiplier
According to Dye, many organizations are still relying on security architectures that were top-of-the-line a decade ago. But attackers have already moved on. They’re bypassing endpoint detection and response (EDR) tools, exploiting unmanaged devices, IoT, and edge vulnerabilities. What’s left exposed is the network itself—and that’s where Corelight positions itself: providing what Dye calls “ground truth” through network-based visibility.
Rather than rearchitecting environments or pushing intrusive solutions, Corelight integrates passively through out-of-line methods like packet brokers or traffic mirroring. The goal? Rich, contextual, retrospective visibility—without disrupting the network. This capability has proven essential for responding to advanced threats, including lateral movement and ransomware campaigns where knowing exactly what happened and when can mean the difference between paying a ransom or proving there’s no real damage.
Three Layers of Network Insight
Dye outlines a layered approach to detection:
1. Baseline Network Activity – High-fidelity summaries of what’s happening.
2. Raw Detections – Behavioral rules, signatures, and machine learning.
3. Anomaly Detection – Identifying “new and unusual” activity with clustering math that filters out noise and highlights what truly matters.
This model supports teams who need to correlate signals across endpoints, identities, and cloud environments—especially as AI-driven operations expand the attack surface with non-human behavior patterns.
The Metrics That Matter
Dye points to three critical success metrics for teams:
• Visibility coverage over time.
• MITRE ATT&CK coverage, especially around lateral movement.
• The percentage of unresolved cases—those embarrassing unknowns that drain time and confidence.
As Dye shares, organizations that prioritize network-level visibility not only reduce uncertainty, but also strengthen every other layer of their detection and response strategy.
Learn more about Corelight: https://itspm.ag/coreligh-954270
Note: This story contains promotional content. Learn more (https://www.itspmagazine.com/their-infosec-story) .
Guest:
Brian Dye, Chief Executive Officer, Corelight | https://www.linkedin.com/in/brdye/
Resources
Learn more and catch more stories from Corelight: https://www.itspmagazine.com/directory/corelight
Learn more and catch more stories from RSA Conference 2025 coverage: https://www.itspmagazine.com/rsac25
______________________
Keywords:
sean martin, brian dye, network, visibility, ransomware, detection, cybersecurity, soc, anomalies, baselining, brand story, brand marketing, marketing podcast, brand story podcast
______________________
Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverage
Want to tell your Brand Story Briefing as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrf
Want Sean and Marco to be part of your event or conference? Let Us Know 👉 https://www.itspmagazine.com/contact-us