Main menu


Cybersecurity and technology industry leader launches open source project to help organizations detect and stop cyberattacks faster and more effectively

featured image

Las Vegas – (business wire) — A coalition of cybersecurity and technology leaders has announced an open source effort to break down the data silos that hold back security teams. Unveiled today at Black Hat USA 2022, the Open Cybersecurity Schema Framework (OCSF) project helps organizations detect, investigate, and stop cyberattacks faster and more effectively.

The OCSF project was conceived and started by AWS and Splunk based on the ICD Schema work done at Symantec, a division of Broadcom. OCSF has contributions from 15 additional early members, including Cloudflare, CrowdStrike, DTEX, IBM Security, IronNet, JupiterOne, Okta, Palo Alto Networks, Rapid7, Salesforce, Securonix, Sumo Logic, Tanium, Trend Micro, and Zscaler. It contains. Starting today, all members of the cybersecurity community are invited to contribute using OCSF.

Detecting and stopping today’s cyberattacks requires coordination among cybersecurity tools, but unfortunately, normalizing data from multiple sources takes significant time and resources. OCSF is an open-source effort aimed at providing a simplified, vendor-agnostic taxonomy that allows all security teams to create better taxonomies without time-consuming up-front normalization tasks. Enables fast data ingestion and analysis.

OCSF is an open standard that can be adopted by any environment, application, or solution provider and conforms to existing security standards and processes. When cybersecurity solution providers incorporate his OCSF standards into their products, security data normalization becomes simpler and less burdensome for security teams. Adoption of OCSF enables security teams to focus more on analyzing data, identifying threats, and defending the organization from cyberattacks.

Member voice:

“Security leaders are tackling integration gaps across a growing set of applications, services, and infrastructure providers to create a clean, normalized, prioritized approach to detect and respond to threats at scale. “This is a problem that the industry needs to work together to solve, and that’s why Splunk is proud to be a member of the OCSF community. It’s a problem and we want to help create an open standard solution for all producers and consumers of security data.”

“Symantec and Broadcom Software are proud to have contributed our ICD schema as a foundation for the OCSF project. This is another example of how we support open standards across the security industry. Evidence. A broad source for enhancing cybersecurity research.”

“Having a holistic view of security-related data across multiple tools is essential for customers to effectively detect, investigate, and mitigate security issues,” said Mark Ryland, Director of the CISO Office at AWS. Ryland said, “By increasing interoperability between tools, OCSF aims to significantly improve our customers’ ability to understand and respond to cybersecurity concerns. Security is a top priority at AWS and we look forward to working with the OCSF community to advance industry standards and help our customers operate more securely.”

Cloudflare CTO John Graham-Cumming said: “We hope that by joining OCSF, the security industry as a whole will be able to focus on what matters, instead of wasting so much time and resources formatting data.”

said Michael Sentonas, CrowdStrike’s Chief Technology Officer. “We strongly believe in the concept of a shared data schema that enables organizations to understand and digest all their data, streamline security operations, and mitigate risk. must stay ahead of the enemy.”

“Modern cybersecurity operations are a team sport, and products must integrate with each other to deliver more value than a single product can deliver. It is possible, but development and processing resources are not infinite,” said Mohan Koo, co-founder and CTO of DTEX Systems. “The OCSF initiative aims to eliminate inefficiencies and enable frictionless integration through standardized data, which means faster time to detection, response and resolution, and lower overall costs. To do.”

Sridhar Muppidi, IBM Fellow, Vice President and Chief Technology Officer, IBM Security, said: “IBM Security is a long-time proponent of open source and open standards, and we believe that common data formats like OCSF will improve interoperability between many different cybersecurity products, empowering the ‘power of the crowd’. I believe it will help me to be able to use it as a force. Multiplier against increasingly sophisticated enemies. ”

“Collaboration is central to IronNet’s mission, so we are proud to join Splunk and AWS as members of the OCSF. “As one of the first members of the OCSF, we look forward to expanding the framework and sharing relevant insights to enable faster visibility and higher levels of cyber protection.” I have.”

JupiterOne CEO and Founder Erkang Zheng said: “Normalizing data before ingestion has been one of the biggest challenges for security professionals. It simplifies those steps and ultimately enables better, more powerful solutions: Safe for all.”

“Okta’s vision is to make any technology safe for everyone,” said Christopher Niggel, Chief Security Officer for the Americas at Okta. The coalition will help security teams make all users and organizations safer by streamlining access to data from across the business’ application ecosystem and enabling faster detection and investigation of threats. will help.”

“As a security vendor, we need to be well-behaved by security teams working tirelessly to protect not only our organization, but the greater community, from an ever-evolving set of threats. Rapid7. One step towards that is standardizing the data these teams rely on, saving security professionals millions of hours each year by minimizing the complexity of using security data from a variety of sources. Rapid7 has a proud history of supporting the open source community, so join those who share this belief to build solutions that break down data silos and empower security teams to stay ahead of threats. I’m excited to remove the heavy burden that holds me back.”

Augusto Barros, Vice President Cybersecurity Evangelist, Securonix, said: “OCSF simplifies the sharing of security data, enabling organizations to rapidly apply new threat detection analytics to look for threats regardless of the source that provides the underlying data. Work simplifies the adoption of independent data stores as organizations seek new, non-siled approaches to storing and extracting value from cybersecurity data.”

“Enterprises have long recognized the need to share threat data across and between systems, and the scope of today’s threat landscape includes critical information to support the highest levels of efficiency and protection. There needs to be standardization so that it can be integrated and shared.Sumo Logic General Manager, Security Business Unit, Sumo Logic.”Our participation in OCSF will make security data more valuable for everyone and help reduce cyber threats.” We can provide trusted insights for detection, investigation, and containment.”

Rob Jenks, senior vice president of corporate strategy at Tanium, said: “By adding support for the Open Cybersecurity Schema Framework to our platform, we are tackling the future of combining disparate data sources to improve our ability to detect, investigate and stop cybersecurity attacks.”

Mike Gibson, vice president of Global Customer Success and Threat Research at Trend Micro, said: “The industry needs an open community to break down silos and minimize risk by making security more manageable. We are proud to join our industry peers in building this solution.” This allows security teams to focus on intelligence and spend less time worrying about formalities.”

Amit Raikar, Vice President of Technology Alliances at Zscaler, said: “Zero he trust is team he is sport. The framework proposed by the OCSF helps break down barriers that lead to improved analysis and detection, resulting in better policy enforcement.”

“A significant challenge facing modern SOC teams today is normalizing disparate data across numerous security tools. By defining an open and extensible standard for security event data, OCSF will: It simplifies the data normalization needed to detect and defend against modern security threats,” said Michelle Abraham, research director of security and trust at IDC. “Customers who adopt tools that implement the OCSF standard will benefit from the reduced complexity in building data ingestion workflows.”

About OCSF

OCSF is an open-source effort aimed at providing a simplified, vendor-agnostic taxonomy that allows all security teams to create better taxonomies without time-consuming up-front normalization tasks. Enables fast data ingestion and analysis. The OCSF project is led by a steering committee of AWS and Splunk representatives and co-managed by a team of maintainers working with contributors.

For information on how to get involved in the OCSF project, including how to contribute, please visit