Open-Source – Tech giants such as Amazon Web Services, Salesforce, and IBM, as well as cybersecurity vendors such as Splunk, Cloudflare, CrowdStrike, Palo Alto Networks, Okta, Trend Micro, Tanium, and Zscaler, announced the launch of a new open source project called the Open Cybersecurity Schema Framework (OCSF) during the Black Hat USA 2022 conference.
In the companies’ joint press release, the OCSF is described as a “open standard that can be adopted in any environment, application, or solution provider and fits with existing security standards and processes”
Also, the goal of this project is to improve cybersecurity by better sharing product-normalizing data, and all members of the cybersecurity community are welcome to use and contribute to the OCSF.
Open-Source – The initiative is described as a continuation of Paul Agbabian’s Integrated Cyber Defense (ICD) Schema work done at Symantec, a division of Broadcom. Agbabian is now a top executive at Splunk.
Open-source – the initiative is described as a continuation of Paul Agbabian’s work at Symantec, a division of Broadcom, on the Integrated Cyber Defense (ICD) Schema and now, Agbabian is now a Splunk executive.
“Detecting and stopping today’s cyberattacks requires coordination across cybersecurity tools, but unfortunately normalizing data from multiple sources requires significant time and resources… The OCSF is an open-source effort aimed at delivering a simplified and vendor-agnostic taxonomy to help all security teams realize better, faster data ingestion and analysis without the time-consuming, up-front normalization tasks.” the group stated in its joint press release.
According to experts from participating companies, there is an urgent need to begin sharing key data in order to improve cybersecurity for all.
“Security leaders are wrestling with integration gaps across an expanding set of application, service and infrastructure providers, and they need clean, normalized and prioritized data to detect and respond to threats at scale… This is a problem that the industry needed to come together to solve.” said Patrick Coughlin, group vice president, security market, at Splunk.
“Having a holistic view of security-related data across tools is essential for customers to effectively detect, investigate and mitigate security issues… Customers tell us that their security teams are spending too much time and energy normalizing data across different tools rather than being able to focus on analyzing and responding to risks.” said Mark Ryland, director, office of the CISO at AWS.
Moreover, DTEX, IBM Security, IronNet, JupitorOne, Rapid7, Salesforce, Securonix, and Sumo Logic are among the other companies involved in the OCSF’s formation.
“Cybersecurity is one of the most pressing challenges of the 21st century, and no single organization, agency or vendor can solve it alone… IBM Security is a long-standing supporter of open-source and open standards, and believes that common data formats like the OCSF will help improve interoperability among many different cybersecurity products.” said Sridhar Muppidi, IBM Fellow, vice president and CTO at IBM Security.