Some of the world’s biggest tech firms have laid out their aims to boost how they track cyberattacks through a new cyber-intel sharing standard.
The Open Cybersecurity Schema Framework (OCSF), supported by the likes of Amazon Web Services (AWS), Splunk, IBM’s cybersecurity arm, together with a dozen other tech heavy-hitters, launched during the recent Black Hat USA conference.
Once operatiaonal, OCSF will be able to standardize notifications coming in from different cybersecurity monitoring endpoints (opens in new tab), helping businesses interpret incoming intelligence, faster.
Open standards for more interoperability
“Folks expect us to figure this out,” Patrick Coughlin, Splunk’s group vice president of the security market, told the Wall Street Journal (opens in new tab). “They’re saying, ‘We’re tired of complaining about the same challenges.’”
A recent report from the Information Systems Security Association says that out of 280 security professionals, more than three-quarters want more interoperability for their cybersecurity tools, and the best way to achieve that interoperability is through open standards.
“Security leaders are wrestling with integration gaps across an expanding set of application, service and infrastructure providers, and they need clean, normalized and prioritized data to detect and respond to threats at scale,” said Patrick Coughlin, Group Vice President Security Market, Splunk. “This is a problem that the industry needed to come together to solve.”
As things stand now, IT teams are forced to operate multiple dashboards for different types of events, such as logging in.
Sometimes, they even have to write additional code, or reformat data, just to have data from one dashboard appear properly, on the other. “There’s a lot of custom software out there in the security world,” Mark Ryland, director of the office of the CISO at AWS, told the WSJ.
Once open standards are established and accepted, that should no longer be the case. “We’ll benefit from this,” he concluded.
The work on the documentation, which will be hosted in a specially setup GitHub repository, began more than a year ago at Symantec.
Besides AWS, IBM, and Splunk, CrowdStrike, Rapid7, Palo Alto Networks, Cloudflare Inc, DTEX Systems, IronNet, JupiterOne, Okta, Salesforce, Securonix, Sumo Logic, Tanium, Zscaler, and Trend Micro are also lending their support.
- These are the best firewalls (opens in new tab) around
Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.