A coalition of cybersecurity and technology leaders has launched an open-source effort to break down data silos that impede security teams dubbed the Open Cybersecurity Schema Framework (OCSF) to help organisations detect, investigate and stop cyberattacks faster and more effectively.
Conceived and initiated by AWS and Splunk, building upon the ICD Schema work done at Symantec, the OCSF project includes contributions from 15 additional initial members. These are Cloudflare, CrowdStrike, DTEX, IBM Security, IronNet, JupiterOne, Okta, Palo Alto Networks, Rapid7, Salesforce, Securonix, Sumo Logic, Tanium, Trend Micro, and Zscaler.
The OCSF is an open-source effort aimed at delivering a simplified and vendor-agnostic taxonomy to help all security teams realise better, faster data ingestion and analysis without the time-consuming, up-front normalisation tasks.
Also, the OCSF can be adopted in any environment, application, or solution provider and fits with existing security standards and processes. As cybersecurity solution providers incorporate OCSF standards into their products, security data normalisation will become simpler and less burdensome for security teams. OCSF adoption will enable security teams to increase focus on analysing data, identifying threats and defending their organisations from cyberattacks.
Patrick Coughlin, group Splunk’s VP on security market, security leaders are wrestling with integration gaps across an expanding set of application, service and infrastructure providers, and they need clean, normalised and prioritised data to detect and respond to threats at scale.
“This is a problem that the industry needed to come together to solve,” said Coughlin. “That’s why Splunk is a proud member of the OCSF community — security is a data problem and we want to help create open standard solutions for all producers and consumers of security data.”
Rob Greer, general manager of Symantec Enterprise Division at Broadcom, said the OCSF community will streamline Security Operations for the many thousands of organisations that rely on telemetry from a wide range of sources to power their cybersecurity investigations.
Mark Ryland, director of the Office of the CISO at AWS, said that having a holistic view of security-related data across tools is essential for customers to effectively detect, investigate, and mitigate security issues.
“Customers tell us that their security teams are spending too much time and energy normalising data across different tools rather than being able to focus on analysing and responding to risks,” said Ryland. “By increasing interoperability between tools, the OCSF aims to greatly accelerate our customers’ ability to understand and respond to cybersecurity concerns.”