#BHUSA: New Open Source Group Set to Streamline Threat Detection

  • A new cybersecurity industry initiative has been launched with the aim of accelerating threat detection and response.

    Announced at Black Hat USA 2022, the Open Cybersecurity Schema Framework (OCSF) project will focus on busting the traditional silos associated with running point solutions in the security operations center (SOC).

    The open source project, which was conceived of and led by AWS and Splunk, features 15 initial members across the tech and cyber space, including Cloudflare, Salesforce, Trend Micro, Tanium and Rapid7.

    It will deliver a vendor-agnostic taxonomy to speed data ingestion and analysis across multiple solutions, by making data normalization from multiple sources less burdensome, the group claimed.

    “A critical challenge modern SOC teams face today is normalizing disparate data across their multitude of security tools. By defining an open and extensible standard for security event data, the OCSF simplifies the data normalization required to detect and defend against modern security threats,” said Michelle Abraham, IDC research director, security and trust.

    “Customers who adopt tools implementing the OCSF standard will benefit from less complexity in the building of their data ingestion workflows.”

    The open standard is designed to be adopted in any environment and across any application or solution provider, and will sit alongside existing security standards and processes, the OCSF said.

    Vendor consolidation onto unified platforms was listed by Gartner as one of the top security trends for 2022. The analyst claimed that it should “reduce complexity, cut costs and improve efficiency, leading to better overall security.”

    However, in reality, most SOCs still run multiple point solutions that have been acquired over the years. That’s where the OCSF hopes to make an impact.

    Mark Ryland, director, office of the CISO at AWS, said that a holistic view of security data is vital for customers to effectively detect, investigate and mitigate issues.

    “Customers tell us that their security teams are spending too much time and energy normalizing data across different tools rather than being able to focus on analyzing and responding to risks,” he added.

    “By increasing interoperability between tools, the OCSF aims to greatly accelerate our customers’ ability to understand and respond to cybersecurity concerns.”