You are currently viewing Tech Companies Rally Around Open Specs for Security Telemetry – MeriTalk

Tech Companies Rally Around Open Specs for Security Telemetry – MeriTalk

Leading tech and security companies are coming together to share tools and products to better guard against cyberattacks, saying their security teams spend more time correlating a blitz of unintegrated data than detecting and to respond to threats.

The Open Cybersecurity Schema Framework (OCSF) project, revealed Wednesday at the Black Hat USA Cybersecurity Conference in Las Vegas, will provide “an open specification for standardizing security telemetry across a wide range of security products and services.” and open-source tools to support it, said Amazon Web Services (AWS), which co-founded the initiative with Splunk.

“Our customers have told us that interoperability and data standardization between security products is a challenge for them. Security teams need to correlate and unify data from multiple products from different vendors into a range of proprietary formats,” Amazon said.

“…Instead of focusing primarily on event detection and response, security teams spend time normalizing this data as a prerequisite for understanding and responding,” the company said. “We believe that using the OCSF schema will allow security teams to more easily ingest and correlate security log data from different sources, enabling greater detection accuracy and faster response to security events. .”

In a blog post announcing its participation, Splunk said the project built on work done by Symantec and grew to 18 technology and security founding organizations through “an analysis of security operations market needs.” .

“With the Open Cybersecurity Schema Framework, the industry is working together to relieve security teams of the work needed to collect and standardize data and focus on analyzing it,” wrote Paul Agbabian of Splunk’s Security Business Unit. . “Cybersecurity is ready to move from silos to an open and integrated era of interoperability and cooperation.”

In addition to Amazon and Splunk, the initiative brings together these partners: Broadcom, Salesforce, Rapid7, Tanium, Cloudflare, Palo Alto Networks, DTEX, CrowdStrike, IBM Security, JupiterOne, Zscaler, Sumo Logic, IronNet, Securonix and Trend Micro.

The widespread collaboration is unusual for an industry traditionally slow to cooperate on cybersecurity issues, with one attendee, JupiterOne founder and CEO Erkang Zheng, calling it “truly unprecedented”.

Yet the joint effort reflects a recent shift toward cooperation in the face of growing cyber threats, largely through the Cybersecurity and Infrastructure Security Agency (CISA). Although CISA’s official stamp does not appear on the OCSF project, several participating companies, including AWS, have partnered with the agency on its new Cybersecurity Advisory Committee or Joint Cyber ​​Defense Collaborative.

Both are efforts to work better with the private sector on cyber issues. Such public-private partnerships are considered vital to national cyber defense by the overwhelming majority of federal and private sector security experts surveyed in a recent MeriTalk study.

The research also found that only around a third of respondents believe these types of partnerships are currently “very effective”, citing issues with identifying risk, coordinating incident response and protecting critical infrastructure.

OCSF leaders are committed to overcoming these obstacles by working together to “enhance our collective defenses by enabling security teams to do their jobs more effectively,” Amazon said. “…In today’s rapidly changing security environment, security professionals must continually monitor, detect, respond to, and mitigate new and existing security issues. To do this, security teams must be able to analyze security-related telemetry and log data using multiple tools, technologies, and vendors. The complex and heterogeneous nature of this task drives up costs and can slow detection and response times.

Participants described the project as open source and “composed of a set of data types, an attribute dictionary, and the taxonomy.” It should provide “an extensible framework for developing schemes, as well as a vendor-neutral base security scheme”.

The OCSF partners have released a white paper with additional technical details.

Although the OCSF is not limited to cybersecurity, the initial focus is on cybersecurity events, participants said.

In its announcement, Splunk highlighted the growing sentiment in the cybersecurity industry toward cooperation between companies to better simplify “data normalization.” Splunk’s article referenced a report published in July by ESG Research on the “technology outlook for cybersecurity professionals.”

A key finding: “77% of respondents would like to see more cooperation between industry and technology in the form of support for open standards.”

Leave a Reply