Announced August 10 in Las Vegas at Black Hat USA2022, the OCSF is a new open standard that can be adopted in any environment, application, or solution provider.
The root of the problem that OCSF is fixing is that every cybersecurity tool or platform generates data in a proprietary format. Security operations teams need to normalize and consolidate that data from multiple sources before they can use it to uncover potential cyber threats. The amount of time, money, and effort cybersecurity teams devote to such efforts is often substantial.
“The OCSF framework is an important initiative that will allow teams to increase their detection and response times to the ever-evolving cyber threat landscape and, thus, mitigate the associated potential damage and legal liability,” said John J. Cooney, Esq., an attorney focusing on cybersecurity.
The OCSF standard was developed by AWS and Splunk, building upon the ICD Schema work done at Symantec, a division of Broadcom. It includes contributions from 15 additional initial members, including companies such as Cloudflare, IBM Security, Okta, and Palo Alto Networks.
The OCSF is an open-source effort with the goal of delivering a simplified and vendor-agnostic taxonomy to help all security teams realize better, faster data ingestion and analysis without the time-consuming, up-front normalization efforts.
The new standard defines detailed information about data (caption, name, group, requirement, type, and description) from 9 activity categories: System Activity, Findings, Audit, Network, Cloud, Container, Database, Application, and Configuration/Inventory.
“One of the primary engines of innovation in our economy has been the ability of independent organizations and best-of-breed solution providers to come together to attack and solve problems”, said Paul Osterberg of Security Basecamp, a firm offering vCISO services. “Standards and initiatives such as the OCSF project make it increasingly effective. Open-source initiatives, artificial intelligence, and automation will all materially impact both red and blue teams alike in coming years.”
As cybersecurity solution providers incorporate OCSF standards into their products, security data normalization will become simpler and less burdensome for security teams. OCSF adoption will enable security teams to increase focus on analyzing data, identifying threats, and defending their organizations from cyberattacks.
“We look forward to seeing best-of-breed vendors modernize their software with this new standard so we can leverage interoperability to reduce our clients’ cyber risks” said Brian Edelman, CEO and Cybersecurity Expert at FCI, an MSSP (Manages Security Service Provider) dedicated to Financial Services.
OCSF improves ways to share information and collaborate between software and vendors but data model and structure need to be changed, which may require significant time and investments.
OCSF invites all members of the cybersecurity community to utilize and contribute to the new standard.
This article was provided by FCI, Inc., a firm that specializes in providing cybersecurity protection and compliance solutions for financial services firms. FCI has been named amongst the “Top 10 Endpoint Security Companies 2022” by Enterprise Security Magazine. For information about FCI products and services, please visit: https://fcicyber.com/