AWS, Splunk, and Others are Launching Open-source Cybersecurity Data Framework

Highlights –

• By streamlining one of the most challenging facets of the task — data management — OCSF aims to assist businesses in responding to cyberattacks more successfully.
• OCSF offers a standardized method of describing a hacking attempt. It specifies what information about a hacking effort should be provided by a cybersecurity tool and how it should be presented.

An open-source effort led by Amazon Web Services Inc., Splunk Inc., and more than a dozen other software companies has been launched with an aim to improve how businesses respond to cyberattacks efficiently.

Today marked the launch of this project, known as the Open Cybersecurity Schema Framework (OCSF) initiative. AWS and Splunk took the lead in starting the framework’s development. They based OCSF on the ICD Schema, an existing open-source technology developed by Broadcom Inc.’s Symantec cybersecurity division.

The OCSF project is also supported by Cloudflare Inc., Salesforce.com Inc., and IBM Corp. More than 10 tech firms have joined them, including many startups and publicly traded cybersecurity services like CrowdStrike Holdings Inc. and Palo Alto Networks Inc.

By streamlining one of the most challenging facets of the task — data management — OCSF aims to assist businesses in responding to cyberattacks successfully. The project aims to particularly speed up data processing about cyberattacks.

Most of the time, businesses employ multiple cybersecurity tools to find suspicious activities on their networks. Sharing data between such tools is often helpful. For instance, a cybersecurity team may want to share technical details about dangerous network activities between the two applications it employs to analyze hacking attempts.

Currently, transferring data between cybersecurity tools frequently entails a substantial amount of manual work. This is because various tools routinely save data in different formats. As a result, administrators must manually alter the dataset’s format when it is transferred between cybersecurity applications.

OCSF aims to make this task simpler. The project’s supporters claim it is intended to establish an open-source standard for organizing cybersecurity data. Administrators can move data between cybersecurity tools without manually adjusting it if they both save data in the same format.

A dataset’s format often must be changed using specific software tools. There is a chance of human error because the process can require much manual work.

Patrick Coughlin, Splunk’s Group Vice President of the Security Market, said, “Security leaders are wrestling with integration gaps across an expanding set of application, service, and infrastructure providers, and they need clean, normalized, and prioritized data to detect and respond to threats at scale. This is a problem that the industry needed to come together to solve.”

OCSF offers a standardized method to describe a hacking attempt. It specifies what information about a hacking effort should be provided by a cybersecurity tool and how it should be presented. If an organization’s needs go beyond the frameworks’ basic features, it can choose to customize OCSF.

“The OCSF community will streamline Security Operations for the many thousands of organizations that rely on telemetry from a wide range of sources to power their cybersecurity investigations,” said Rob Greer, the general manager of Broadcom’s Symantec Enterprise Division.

The backers of the OCSF project have released the frameworks’ source code on GitHub under an open-source license.