Black Hat USA 2022 started off with a bang Wednesday with a group of major cybersecurity companies unveiling a new open source standard framework to share key data.
The announcement by a group of cybersecurity companies, including Splunk, Amazon Web Services, Cloudflare, CrowdStrike, Palo Alto Networks, Okta, Trend Micro, Tanium and Zscaler, among others, revealed the launch of the Open Cybersecurity Schema Framework (OCSF).
Other companies involved in the founding of the OCSF include DTEX, IBM Security, IronNet, JupitorOne, Rapid7, Salesforce, Securonix and Sumo Logic.
OCSF is hosted on the open source code repository Github.
The goal behind OCSF is to better share product-normalising data in order to improve cybersecurity in general.
All members of the cybersecurity community are invited to utilise and contribute to the OCSF.
The initiative is described as a continuation of Paul Agbabian’s Integrated Cyber Defense (ICD) Schema work done at Symantec, a division of Broadcom.
Agbabian now holds a senior management position at Splunk.
“Detecting and stopping today’s cyberattacks requires coordination across cybersecurity tools, but unfortunately normalising data from multiple sources requires significant time and resources,” the group stated.
“The OCSF is an open-source effort aimed at delivering a simplified and vendor-agnostic taxonomy to help all security teams realise better, faster data ingestion and analysis without the time-consuming, up-front normalisation tasks,” they said.
Experts from participating companies said there was a pressing need to start sharing key data in order to improve cybersecurity for all.
“Security leaders are wrestling with integration gaps across an expanding set of application, service and infrastructure providers, and they need clean, normalised and prioritised data to detect and respond to threats at scale,” Patrick Coughlin, group vice president of security marketing at Splunk said.
“This is a problem that the industry needed to come together to solve,” Coughlin said.
“Having a holistic view of security-related data across tools is essential for customers to effectively detect, investigate and mitigate security issues,” Mark Ryland, director at the Office of the CISO at AWS said.
Ryland added: “Customers tell us that their security teams are spending too much time and energy normalising data across different tools rather than being able to focus on analyzing and responding to risks.”
“Cybersecurity is one of the most pressing challenges of the 21st century, and no single organisation, agency or vendor can solve it alone,” Sridhar Muppidi, chief technology officer at IBM Security said.
“IBM Security is a long-standing supporter of open-source and open standards, and believes that common data formats like the OCSF will help improve interoperability among many different cybersecurity products,” Muppidi added.