Cybersecurity is challenging and it’s a constantly moving target. Organizations struggle to defend a sprawling attack surface against a constantly expanding threat landscape. One thing that makes cybersecurity more difficult is that the array of tools organizations rely on often speak their own language—referring to the same things with unique or proprietary terminology. The Open Cybersecurity Schema Framework (OCSF) project—unveiled today at Black Hat 2022—plans to change that.
The OCSF project was initiated by a partnership between Splunk and AWS, which built on the ICD Schema developed at Symantec—now part of Broadcom. There are now 15 additional members, including some of the biggest names in technology and cybersecurity: Cloudflare, CrowdStrike, DTEX, IBM Security, IronNet, JupiterOne, Okta, Palo Alto Networks, Rapid7, Salesforce, Securonix, Sumo Logic, Tanium, Trend Micro, and ZScaler.
Cybersecurity “Rosetta Stone”
Security teams today need some sort of “Rosetta Stone” to translate and cross-reference information. Effective cybersecurity involves the coordination of a variety of tools and platforms—and a significant effort to normalize data across these multiple sources to try and compile a comprehensive, holistic view of the environment.
A press release announcing the OCSF explains, “The OCSF is an open standard that can be adopted in any environment, application, or solution provider and fits with existing security standards and processes. As cybersecurity solution providers incorporate OCSF standards into their products, security data normalization will become simpler and less burdensome for security teams. OCSF adoption will enable security teams to increase focus on analyzing data, identifying threats, and defending their organizations from cyberattacks.”
Perspectives on OCSF
“The exponential growth of the threat landscape, and related proliferation of data and signals, is the biggest obstacle for security teams stopping today’s cyberattacks. The only way to keep up is to unify the data and band together,” asserts Rob Jenks, Senior Vice President, Corporate Strategy at Tanium. “OCSF is exactly the kind of initiative that will enable disparate data to be combined and organizations to work together to more efficiently stop attackers before they cause irreversible damage.”