Cybersecurity leaders launch open source project

15 companies including Splunk, AWS and Broadcom have collaborated to integrate security tools and resources and break down data silos.

A coalition of cybersecurity and technology leaders has announced an open-source effort to break down data silos that impede security teams. The Open Cybersecurity Schema Framework (OCSF) project will help organisations detect, investigate and stop cyberattacks faster and more effectively.

The OCSF project was conceived and initiated by Amazon Web Services (AWS) and Splunk, building upon the ICD Schema work done at Symantec, a division of Broadcom. The OCSF includes contributions from 15 additional initial members, including CloudflareCrowdStrikeDTEXIBM SecurityIronNetJupiterOneOktaPalo Alto NetworksRapid7SalesforceSecuronixSumo LogicTaniumTrend Micro, and Zscaler. Starting today, all members of the cybersecurity community are invited to utilize and contribute to the OCSF.

Detecting and stopping today’s cyberattacks requires coordination across cybersecurity tools, but unfortunately normalizing data from multiple sources requires significant time and resources. The OCSF is an open-source effort aimed at delivering a simplified and vendor-agnostic taxonomy to help all security teams realise better, faster data ingestion and analysis without the time-consuming, up-front normalisation tasks.

The OCSF is an open standard that can be adopted in any environment, application, or solution provider and fits with existing security standards and processes. As cybersecurity solution providers incorporate OCSF standards into their products, security data normalization will become simpler and less burdensome for security teams. OCSF adoption will enable security teams to increase focus on analyzing data, identifying threats and defending their organisations from cyberattacks.

Patrick Coughlin, Group Vice President Security Market, Splunk says: “Security leaders are wrestling with integration gaps across an expanding set of application, service and infrastructure providers, and they need clean, normalized and prioritized data to detect and respond to threats at scale.

“This is a problem that the industry needed to come together to solve. That’s why Splunk is a proud member of the OCSF community — security is a data problem and we want to help create open standard solutions for all producers and consumers of security data.”

“Symantec and Broadcom Software are proud to have contributed our ICD schema as the foundation for the OCSF project. This is another proof-point of how we support open standards across the security industry," says Rob Greer, GM, Symantec Enterprise Division at Broadcom. “The OCSF community will streamline Security Operations for the many thousands of organisations that rely on telemetry from a wide range of sources to power their cybersecurity investigations.”

Mark Ryland, Director, Office of the CISO, AWS adds: “Having a holistic view of security-related data across tools is essential for customers to effectively detect, investigate and mitigate security issues. Customers tell us that their security teams are spending too much time and energy normalising data across different tools rather than being able to focus on analyzing and responding to risks.

"By increasing interoperability between tools, the OCSF aims to greatly accelerate our customers’ ability to understand and respond to cybersecurity concerns. Security is our top priority at AWS, and we are excited to work with the OCSF community to drive industry standards that make it easier for customers to operate more securely.”



Featured Articles

How secure is sensitive data stored in the cloud?

A Cloud Security Alliance (CSA) survey has found 67% of organisations store sensitive data in public cloud environments, but how secure is it?

CYBER LIVE LONDON: Day 2 highlights of the hybrid tech show

We take a look at highlights of the different stages at the Tech Live London show, including insights from Claroty, SalesForce and Oracle

TECH LIVE LONDON: An overview of the hybrid technology show

We take a look at the first day of Tech Live London with insights from technology leaders from companies such as IBM, Microsoft and Vodafone

Does a cashless society mean higher risk of fraud?

Cyber Security

5 minutes with Gary Brickhouse, CISO of GuidePoint Security

Cyber Security

CTO at Passbolt explains the importance of password managers

Application Security