A coalition of cybersecurity and technology leaders has announced an open-source effort to break down data silos that impede security teams. The Open Cybersecurity Schema Framework (OCSF) project will help organisations detect, investigate and stop cyberattacks faster and more effectively.
The OCSF project was conceived and initiated by Amazon Web Services (AWS) and Splunk, building upon the ICD Schema work done at Symantec, a division of Broadcom. The OCSF includes contributions from 15 additional initial members, including Cloudflare, CrowdStrike, DTEX, IBM Security, IronNet, JupiterOne, Okta, Palo Alto Networks, Rapid7, Salesforce, Securonix, Sumo Logic, Tanium, Trend Micro, and Zscaler. Starting today, all members of the cybersecurity community are invited to utilize and contribute to the OCSF.
Detecting and stopping today’s cyberattacks requires coordination across cybersecurity tools, but unfortunately normalizing data from multiple sources requires significant time and resources. The OCSF is an open-source effort aimed at delivering a simplified and vendor-agnostic taxonomy to help all security teams realise better, faster data ingestion and analysis without the time-consuming, up-front normalisation tasks.
The OCSF is an open standard that can be adopted in any environment, application, or solution provider and fits with existing security standards and processes. As cybersecurity solution providers incorporate OCSF standards into their products, security data normalization will become simpler and less burdensome for security teams. OCSF adoption will enable security teams to increase focus on analyzing data, identifying threats and defending their organisations from cyberattacks.
Patrick Coughlin, Group Vice President Security Market, Splunk says: “Security leaders are wrestling with integration gaps across an expanding set of application, service and infrastructure providers, and they need clean, normalized and prioritized data to detect and respond to threats at scale.
“This is a problem that the industry needed to come together to solve. That’s why Splunk is a proud member of the OCSF community — security is a data problem and we want to help create open standard solutions for all producers and consumers of security data.”
“Symantec and Broadcom Software are proud to have contributed our ICD schema as the foundation for the OCSF project. This is another proof-point of how we support open standards across the security industry," says Rob Greer, GM, Symantec Enterprise Division at Broadcom. “The OCSF community will streamline Security Operations for the many thousands of organisations that rely on telemetry from a wide range of sources to power their cybersecurity investigations.”
Mark Ryland, Director, Office of the CISO, AWS adds: “Having a holistic view of security-related data across tools is essential for customers to effectively detect, investigate and mitigate security issues. Customers tell us that their security teams are spending too much time and energy normalising data across different tools rather than being able to focus on analyzing and responding to risks.
"By increasing interoperability between tools, the OCSF aims to greatly accelerate our customers’ ability to understand and respond to cybersecurity concerns. Security is our top priority at AWS, and we are excited to work with the OCSF community to drive industry standards that make it easier for customers to operate more securely.”
- Cyber threats will continue to impact critical servicesOperational Security
- Prolific Puma exposed: Infoblox uncover threat actor allyCyber Security
- BT reveals 46 million signals of cyberattacks every dayCyber Security
- Trend Micro: The future of cybersecurity in manufacturingOperational Security