A consortium of leading software and cybersecurity companies led by AWS, Splunk and Symantec have announced a new open-source effort to break down data silos that they say are impeding security teams.
The companies at Black Hat USA 2022 in Las Vegas this week announced the launch of the Open Cybersecurity Schema Framework project to deliver a simplified and vendor-agnostic taxonomy to help security teams ingest and analyze data more effectively without time-consuming, up-front normalization tasks.
Essentially, the group aims to solve the issue that arises when normalizing data from multiple cybersecurity tools.
In addition to AWS, Splunk and Symantec on behalf of parent company Broadcom, the project includes contributions from 15 other members, including Cloudflare, CrowdStrike, DTEX, IBM Security, IronNet, JupiterOne, Okta, Palo Alto Networks, Rapid7, Salesforce, Securonix, Sumo Logic, Tanium, Trend Micro, and Zscaler.
According to the group, detecting and stopping cyberattacks requires coordination across cybersecurity tools, but normalizing data from multiple sources requires significant time and resources. The group calls the Open Cybersecurity Schema Framework an open-source effort designed to deliver a simplified and vendor-agnostic taxonomy to help security teams realize better, faster data ingestion and analysis.
The group calls the framework an open standard that can be adopted in any environment, application or solution provider and fits with existing security standards and processes. As solution providers incorporate the framework into their products, data normalization will become easier and less time-consuming for security teams.
Patrick Coughlin, group vice president of security market at Splunk, said in a statement that security leaders are wrestling with integrating apps across an expanding set of application, service and infrastructure providers. Now, they need clean, normalized and prioritized data to detect and respond to threats at scale.
“This is a problem that the industry needed to come together to solve,” Coughlin said. “That’s why Splunk is a proud member of the OCSF community — security is a data problem and we want to help create open standard solutions for all producers and consumers of security data.”