Home Framework AWS, Splunk and other tech companies launch open-source cybersecurity data framework

AWS, Splunk and other tech companies launch open-source cybersecurity data framework


Amazon Web Services Inc., Splunk Inc., and more than a dozen other technology companies have spear an open source project designed to help businesses respond more effectively to cyberattacks.

The project, known as the Open Cybersecurity Schema Framework, or OCSF, made its debut today. The development of the framework was initiated by AWS and Splunk. They based OCSF on an existing open-source technology known as the ICD scheme, which was in turn created by Broadcom Inc.’s Symantec cybersecurity unit.

Salesforce.com Inc., IBM Corp. and Cloudflare Inc. also support the OCSF project. They are joined by more than 10 other tech companies, including publicly traded cybersecurity providers CrowdStrike Holdings Inc. and Palo Alto Networks Inc., as well as several startups.

OCSF seeks to help organizations respond more effectively to cyberattacks by simplifying one of the most complicated aspects of the job: data management. In particular, the project aims to streamline the process of handling data on cyberattacks.

Organizations typically use not one but multiple cybersecurity tools to detect malicious activity on their networks. It is often advantageous to share data between these tools. For example, if a cybersecurity team uses two separate applications to investigate hacking attempts, they may want to share technical information about malicious network activity between those two applications.

Currently, transferring data from one cybersecurity tool to another often requires a significant amount of manual work. The reason is that different tools frequently store data in different formats. Therefore, when a dataset is moved between cybersecurity tools, administrators must manually change the format of the dataset.

OCSF aims to simplify the task. According to the project’s backers, it is designed to provide a common open-source standard for organizing cybersecurity information. If two cybersecurity tools store data in the same format, administrators can move the data between them without having to manually edit it first, saving time.

Changing the format of a dataset often requires specialized software tools. Since the process can involve a significant amount of manual labor, there is also a risk of human error.

“Security leaders are grappling with integration gaps across a growing set of application, service, and infrastructure providers, and they need clean, standardized, and prioritized data to detect and respond to threats at scale,” said Patrick Coughlin, Splunk Group Vice President of Security. market. “It’s a problem the industry needed to come together to solve.”

OCSF provides a standardized way of describing a hacking attempt. It specifies the data points that a cybersecurity tool should provide on a hacking attempt, as well as how these data points should be formatted. Organizations can optionally customize OCSF if their requirements extend beyond the framework‘s core feature set.

“The OCSF community will streamline security operations for the thousands of organizations that rely on telemetry from a wide range of sources to power their cybersecurity investigations,” said Rob Greer, division general manager. Broadcom’s Symantec Enterprise.

The backers of the OCSF project have published the code for the framework on GitHub under an open-source license.

Image: Pixabay

Show your support for our mission by joining our Cube Club and our Cube Event community of experts. Join the community that includes Amazon Web Services and Amazon.com CEO Andy Jassy, ​​Dell Technologies Founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many other luminaries and experts.