free counter
Science And Nature

To fight cyber attacks, tech companies are banding together

The Black Hat USA cybersecurity conference was on in NEVADA this week, featuring exciting cybersecurity news and demonstrations. Among the best tidbits to break is really a new common data standard for sharing cybersecurity information called the Open Cybersecurity Schema Framework (OCSF). It had been produced by 18 major tech and cybersecurity companies, including Amazon, Splunk, and IBM.

Why is something similar to this necessary? Monitoring the computers systems under their purview is really a major challenge for cybersecurity departments. To be able to stop hacksor patch together what happened after onethese departments have to be in a position to see information regarding things like the amount of recent login attempts, what files have already been accessed, so when its all happened. To get this done, they typically work with a large amount of different softwarethe majority of which uses its proprietary data structures.

This insufficient interoperability between your different security systems data is really a big issue. In Amazons news release announcing the OCSF framework, Mark Ryland, director of AWSs office of the CISO, says, Security teams need to correlate and unify data across multiple products from different vendors in a variety of proprietary formats Rather than focusing primarily on detecting and giving an answer to events, security teams spending some time normalizing this data as a prerequisite to understanding and response.

Put simply, cybersecurity teams arent solving cybersecurity problems: theyre using spreadsheets to obtain the data they want in one product to fall into line with the info they want from another.

For instance, one little bit of software might track logins and login attempts, another tracks what logged-in users do with files on the server, and a third tracks admin access along with other high-level requests. Then, assume a hacker breaks right into a computer system, installs a little bit of malware right into a particular folder, and uses that little bit of malware to obtain admin accessall to allow them to download lots of industry secrets or whatever their target may be.

To check out or recreate this complex (though incredibly simplified, in this example) sequence of events, the cybersecurity team will need to combine data from all three logging tools. The login-tracking app will report the way the hacker got in, the file-tracking app will report the malware install and the download of all important files, as the admin-tracking app will report how so when they achieved it. Unless all three apps utilize the same data format (that they presently dont), thats likely to involve lots of data manipulation.

What the OCSF does is create an open data format that any product vendor may use. Which means that different security, hosting, along with other relevant tech products can all interact a lot more easily. Rather than the login, file, and admin-tracking apps all having their very own proprietary method of logging timestamps, theyd all have the ability to utilize the same standardized data structure. This way, the cybersecurity team could easily trackand ideally stopthe hacker.

Although it gets a little abstract and complex, you can examine out the OCSF framework on Github at this time. You may also explore the existing set of types of data hereas well as donate to it.

The framework isnt just wishful thinking. Its been introduced at probably the most important cybersecurity conferences on the planet by a few of the biggest names in tech and cyber security. Along with Amazon, Splunk, and IBM, Broadcom, Salesforce, Rapid7, Tanium, Cloudflare, Palo Alto Networks, DTEX, CrowdStrike, JupiterOne, Zscaler, Sumo Logic, IronNet, Securonix, and Trend Micro were all involved with developing OCSFand each is working towards including it within their products.

As Ryland says in Amazons news release, Although we being an industry cant directly control the behavior of threat actors, we are able to improve our collective defenses by rendering it easier for security teams to accomplish their jobs better. And much more efficient cybersecurity teams are better at doing what counts: keeping our data safe.

Read More

Related Articles

Leave a Reply

Your email address will not be published.

Back to top button

Adblock Detected

Please consider supporting us by disabling your ad blocker