AWS, Broadcom, IBM, Cloudflare, Salesforce, and others are aiming to boost interoperability between tools for threat detection and investigation.
A coalition of cybersecurity and tech companies have launched an open-source effort to help organizations stop cyberattacks faster and more effectively.
First initiated by AWS and Splunk, the Open Cybersecurity Schema Framework (OCSF) aims to break down data silos that impede security teams. The project was launched today (10 August) at the Black Hat USA security conference.
OCSF has contributions from other initial members including Cloudflare, IBM Security, Okta, Rapid7, and Salesforce. It builds upon the ICD Schema work done at Symantec, a division of Broadcom.
The OCSF members said stopping cyberattacks generally requires coordination across multiple cybersecurity tools, but normalizing data from multiple sources requires significant time and resources.
The open-source project focuses on Cyber Security Tips to enable users to map diverse schemas, simplifying data ingestion and normalization for security teams. This common language for threat detection and investigation empowers data scientists and analysts to collaborate effectively in safeguarding against potential threats.
AWS director at the office of the CISO, Mark Ryland, said having a “holistic view of security-related data” is essential to effectively detect, investigate and mitigate security issues.
“Customers tell us that their security teams are spending too much time and energy normalizing data across different tools rather than being able to focus on analyzing and responding to risks,” Ryland added.
“By increasing interoperability between tools, the OCSF aims to greatly accelerate our customers’ ability to understand and respond to cybersecurity concerns.”
The OCSF is open source and is designed to be adopted in any environment or application while fitting with existing security standards and processes.
The initial framework is made up of a set of data types, an attribute dictionary, and a taxonomy. While it is not restricted to the cybersecurity domain, the initial focus of the framework has been on cybersecurity events.
“The OCSF community will streamline security operations for the many thousands of organizations that rely on telemetry from a wide range of sources to power their cybersecurity investigations,” said Broadcom’s GM of the Symantec enterprise division, Rob Greer.
The project is currently hosted on the code repository GitHub. This week, the Microsoft-owned company shared plans to improve the cybersecurity of its open-source npm registry through code signing, which is a digital signature added to the software.
10 things you need to know direct to your inbox every weekday. Sign up for the Daily Brief, Silicon Republic’s digest of essential sci-tech news.
Source by www.siliconrepublic.com