Microsoft and others have launched a new non-profit which aims to reduce the “frequency, impact and scale” of cyber-attacks on citizens and critical infrastructure (CNI). The Hewlett Foundation and Mastercard, alongside other unnamed “leading organizations,” have joined Microsoft as initial funders of the CyberPeace Institute. Its three core functions are to: help and defend civilian victims of cyber-attacks, including by mobilizing a new CyberVolunteer Network, analyze and investigate attacks, to raise understanding and drive global accountability and promote cybersecurity norms of responsible behavior by nation states.
As one of the goals of the CyberPeace Institute is to analyze and investigate attacks, it makes sense to drive adoption of privacy-friendly yet high-fidelity data to meet the needs of incident response teams. Network security monitoring data in the form of transaction logs generated by Corelight and Zeek are a powerful tool to accomplish this goal. Because they are lightweight yet thorough, organizations can save them using inexpensive storage assets for months or years, waiting for reference by CyberPeace Institute investigators, should the need arise.