Coalition launches OCSF collaborative cybersecurity initiative
By Ken Showers, Managing Editor
Updated 11:46 AM CDT, Fri August 12, 2022
LAS VEGAS – At the Black Hat USA 2022 conference today a coalition including AWS, Splunk, and Broadcom together with 15 other companies announced the Open Cybersecurity Schema Framework (OCSF) project.
The OCSF is an open-source effort that seeks to unify efforts against cyber attacks by adopting a more universal standard of procedures and tools to confront the challenges posed. Breaking down the data silos inherent in the process will allow security teams to focus on parsing data and identifying threats to their organizations. “Data engineers can map differing schemas to help security teams simplify data ingestion and normalization, so that data scientists and analysts can work with a common language for threat detection and investigation,” the official OCSF readme states. “The goal is to provide an open standard, adopted in any environment, application, or solution, while complementing existing security standards and processes.”
The problem is that existing tools that are used by security teams can be difficult or time consuming to integrate with each other in order to meet security needs. With a cooperative effort like OCSF, the hope is that stakeholders can respond with more agility to cybersecurity threats. “Our customers have told us that interoperability and data normalization between security products is a challenge for them. Security teams have to correlate and unify data across multiple products from different vendors in a range of proprietary formats; that work has a growing cost associated with it,” said Mark Ryland, Director, Office of the CISO for Amazon Web Services. “Instead of focusing primarily on detecting and responding to events, security teams spend time normalizing this data as a prerequisite to understanding and response. We believe that use of the OCSF schema will make it easier for security teams to ingest and correlate security log data from different sources, allowing for greater detection accuracy and faster response to security events. We see value in contributing our engineering efforts and also projects, tools, training, and guidelines to help standardize security telemetry across the industry. These efforts benefit our customers and the broader security community.”
JupiterOne, a cyber asset attack surface management (CAASM) platform provider is one of the current companies partnering together on the OCSF project. “The industry is working together to unburden security teams of the work required to collect and normalize data,” they wrote in a press release regarding their participation at Black Hat. “OCSF adoption will enable security teams to focus on analyzing data, identifying threats and defending their organizations from cyberattacks.”
More information about the nature of the OCSF as well as documentation and information on contribution can be found at https://github.com/ocsf/. More of this year’s briefings and presentations from the Black Hat USA conference can be found at https://www.blackhat.com/us-22/.
Comments