AWS, Broadcom, IBM, Cloudflare, Salesforce and others are aiming to boost interoperability between tools for threat detection and investigation.
A coalition of cybersecurity and tech companies have launched an open-source effort to help organisations stop cyberattacks faster and more effectively.
First initiated by AWS and Splunk, the Open Cybersecurity Schema Framework (OCSF) aims to break down data silos that impede security teams. The project was launched today (10 August) at the Black Hat USA security conference.
OCSF has contributions by other initial members including Cloudflare, IBM Security, Okta, Rapid7 and Salesforce. It builds upon the ICD Schema work done at Symantec, a division of Broadcom.
The OCSF members said stopping cyberattacks generally requires coordination across multiple cybersecurity tools, but normalising data from multiple sources requires significant time and resources.
The open-source project aims to let users map differing schemas to help security teams simplify data ingestion and normalisation, so data scientists and analysts can work with a common language for threat detection and investigation.
AWS director at the office of the CISO, Mark Ryland, said having a “holistic view of security-related data” is essential to effectively detect, investigate and mitigate security issues.
“Customers tell us that their security teams are spending too much time and energy normalising data across different tools rather than being able to focus on analysing and responding to risks,” Ryland added.
“By increasing interoperability between tools, the OCSF aims to greatly accelerate our customers’ ability to understand and respond to cybersecurity concerns.”
The OCSF is open source and is designed to be adopted in any environment or application, while fitting with existing security standards and processes.
The initial framework is made up of a set of data types, an attribute dictionary and a taxonomy. While it is not restricted to the cybersecurity domain, the initial focus of the framework has been for cybersecurity events.
“The OCSF community will streamline security operations for the many thousands of organisations that rely on telemetry from a wide range of sources to power their cybersecurity investigations,” said Broadcom’s GM of the Symantec enterprise division, Rob Greer.
The project is currently hosted on the code repository GitHub. This week, the Microsoft-owned company shared plans to improve the cybersecurity of its open-source npm registry through code signing, which is a digital signature added to software.
10 things you need to know direct to your inbox every weekday. Sign up for the Daily Brief, Silicon Republic’s digest of essential sci-tech news.