Episode 16 - Beyond the Black Box: Solving Data Overload with Agentic Triage

About the episode

In this episode, host Richard Bejtlich sits down with Dave Getman to discuss the evolution of Corelight Investigator and the paradigm shift from delivering raw sensor data to providing agentic triage. They explore how AI can synthesize millions of log lines into concise, actionable determinations—categorizing activity as malicious or benign—while maintaining transparency by "bringing the receipts" of raw evidence. Dave explains why the security pendulum is swinging back toward network detection to counter sophisticated EDR evasion and shares a roadmap for the future of auto-containment. By moving beyond the "black box" approach, this conversation reveals how AI serves as both a defender and a teacher, accelerating time-to-value for analysts and drastically reducing median dwell times on the network.

Episode transcript

Transcript coming soon...

Richard Bejtlich

Strategist & Author in Residence

Richard is strategist and author in residence at Corelight. He was previously chief security strategist at FireEye, and Mandiant's CSO when FireEye acquired Mandiant in 2013. At General Electric, as director of incident response, he built and led the 40-member GE Computer Incident Response Team (GE-CIRT). Richard began his digital security career as a military intelligence officer in 1997 at the Air Force Computer Emergency Response Team (AFCERT), Air Force Information Warfare Center (AFIWC), and Air Intelligence Agency (AIA). Richard is a graduate of Harvard University and the United States Air Force Academy. His fourth book is 'The Practice of Network Security Monitoring'. He also writes for his blog and Mastodon.