YOU ARE AT:Telco CloudOCSF Project seeks to eliminate cybersecurity 'data silos'

OCSF Project seeks to eliminate cybersecurity ‘data silos’

Splunk, AWS, Broadcom lead the charge around the new framework effort, announced at a Las Vegas hacker conference

More than a dozen companies including Amazon Web Services (AWS), Broadcom and data analytics firm Splunk are throwing their weight behind the Open Cybersecurity Schema Framework (OCSF) Project. The OCSF Project is a new open-source effort to help organizations stop cyberattacks in their tracks faster and with greater efficiency. The announcement was made during the Black Hat USA 2022 cybersecurity conference in Las Vegas, Nevada.

Patrick Coughlin, Splunk’s group VP for Security Market, laid out the challenge that the OCSF Project is trying to address.

“Security leaders are wrestling with integration gaps across an expanding set of application, service and infrastructure providers, and they need clean, normalized and prioritized data to detect and respond to threats at scale,” said Coughlin.

The process of effectively structuring incoming data, or normalizing data, from multiple cybersecurity tools is a time-consuming and difficult process, according to the project developers. The OCSF Project hopes to improve security data normalization by “delivering a simplified and vendor-agnostic taxonomy” without needing any additional up-front work.

AWS and Splunk created the OCSF Project from foundational work originally developed by cybersecurity firm Symantec, whose enterprise business Broadcom acquired in 2019. Symantec created the Integrated Cyber Defense (ICD) Schema as a way to enable to communicate event data between its own products.

Besides founders AWS, Splunk and Broadcom, the project has already attracted the support of 15 more companies, including Cloudflare, CrowdStrike, DTEX, IBM Security, IronNet, JupiterOne, Okta, Palo Alto Networks, Rapid7, Salesforce, Securonix, Sumo Logic, Tanium, Trend Micro and Zscaler. But as an open-source project, any members of the cybersecurity community are welcome to contribute, the organizes noted.

The goal, according to a press release offered by Splunk, is to create a new, open data framework that will make it easier for security teams to identify, investigate, and stop cyberattacks in their tracks. The Open Cybersecurity Schema Framework comprises a set of data types, an attribute dictionary, and a taxonomy to report cybersecurity events.

Erkang Zheng, CEO of cybersecurity firm JupiterOne, a project contributor, sees the OCSF Project as a way for the entire cybersecurity industry to work smarter, not harder. 

“Normalizing data prior to ingestion has been one of the biggest pain points for security professionals, and the universal framework proposed by the OCSF, powered by a common domain knowledge across several security vendors, simplifies this time-consuming step, ultimately enabling better and stronger security for all,” said Zheng.

The OCSF Project reflects a broader tech industry emphasis on improving open source cybersecurity efforts. It’s an area of national security for governments around the globe, as well: American President Joe Biden signed an executive order in May to improve national cybersecurity. The order sought to remove barriers to information-sharing between the government and the private sector, part of an effort to modernize and strengthen cybersecurity standards in the federal government itself. Money to improve international cybersecurity research efforts was also included in the sweeping CHIPS and Science Act President Biden signed into law earlier this week.

ABOUT AUTHOR