Blog
Black Hat USA 2022: Are Cybersecurity Tool Standards on the Way?
One of the biggest challenges cybersecurity teams face, aside from constantly having to foil threat actors, is to integrate data from the various tools they use to protect their organizations. But relief may be on the way in the form of the Open Cybersecurity Schema Framework (OCSF), which aims to establish an interoperability standard.
News of the creation of OCSF came during Black Hat USA 2022 in Last Vegas last week. The framework boasts participation from 18 of the IT industry’s biggest names, including Amazon AWS, IBM, Palo Alto Networks, Splunk and Salesforce.
Such a standard would simplify the lives of cybersecurity professionals, who have complained for years about ineffective manual processes to integrate different tools. The lack of interoperability reduces the overall effectiveness of cybersecurity teams and may even hinder cyber defenses.
As reported in the Wall Street Journal, solutions and services supporting OCSF specifications would simplify and accelerate data analysis and interpretation by collating and standardizing alerts from multiple tools. “Folks expect us to figure this out. They’re saying, ‘We’re tired of complaining about the same challenges,’” said Patrick Coughlin, Splunk’s group vice president of the security market.
In an announcement from AWS regarding the effort, the company said: “Our customers have told us that interoperability and data normalization between security products is a challenge for them. We believe that use of the OCSF schema will make it easier for security teams to ingest and correlate security log data from different sources, allowing for greater detection accuracy and faster response to security events.”
If the OCSF succeeds in its standard-setting mission, it will be a welcome development for cybersecurity teams. More than three-quarters of respondents (77%) in a survey of 280 cybersecurity professionals said they want vendors to build open standards into their products to improve interoperability.
Also at Black Hat…
The Black Hat event generated a stream of cybersecurity news items, including this revelation from VMware: The company says it observed lateral movement in 25% of the attacks it tracked for its annual “Global Incident Response Threat Report.” The report also revealed that 57% of respondents experienced a ransomware attack over the past year.
A study by Australian cybersecurity company Kasada found that threat actors increasingly use software bots to take over pharmacy accounts of users to buy prescription drugs such as Adderall and oxycodone. “This is one of the most egregious and dangerous uses of bots we’ve ever observed,” Kasada founder and CEO Sam Crowther wrote in a report released in time for the Black Hat conference.
Also at the conference, the Security Service of Ukraine (SSU) said it dismantled a massive Russian botnet operation with about a million bots in the cities of Kyiv, Kharkiv and Vinnytsia. The bots used social media for posts from fictitious account holders. Victor Zhora, Ukraine’s lead cybersecurity official, made an unannounced visit to Black Hat to tell delegates that his country’s infrastructure has experienced a 300 percent uptick in cyber incidents since Russia’s invasion of the country.
A report released at the show by security software and services provider BlackBerry and Corvus Insurance revealed that only 19 percent of the 450 IT and security decision-makers in the US and Canada surveyed said their companies have cyber insurance coverage of more than $600,000 . On top of the fact that over 80% are potentially underinsured or uninsured, 59 percent are working on the basis that suffering a major attack or breach linked to nation-state unrest will result in a government bailout, negating the need for sizeable insurance.
Lastly, Black Hat reported that cybersecurity professionals are worried about increasing risks to the global supply chain. When asked about the supply chain and relationships with vendors and customers, 53% of respondents cited vulnerabilities in cloud or network services as their greatest cybersecurity concerns. Ransomware and social engineering attacks also remain a top concern for many, Black Hat found.