Open source framework aims to standardize security data

Cybersecurity benefits from being able to share information about threats in order to speed detection. In pursuit of this the Open Cybersecurity Schema Framework (OCSF) was launched last year by Splunk, Amazon Web Services (AWS), IBM and 15 other cybersecurity firms.

Today OCSF becomes generally available, delivering an open and extensible framework that organizations can integrate into any environment, application or solution to complement existing security standards and processes.

Security solutions that use the OCSF schema produce data in the same consistent format, so security teams can save time and effort on normalizing the data and get to analyzing it sooner, speeding up time-to-detection.

"The OCSF open framework removes a long-standing obstacle to data exchange that has plagued the security industry for years," says Paul Agbabian, vice-president of security technology leadership at Splunk. "OCSF enables security teams to readily and holistically analyze data coming from multiple security tools without having to pay the data normalization 'tax' -- assigning a team to devote significant time and energy to create and maintain ambiguous and disparate 'translators.' OSCF relieves security teams and analytics vendors of that burden and captures the full semantics of security information, so teams can focus on threat detection and investigation to prevent cyber-caused disruptions and help make their organizations more resilient."

The OCSF schema benefits from the hundreds of contributors who are continually refining and expanding it to fit various security and IT use cases, embodying the principles of open-source software -- transparency, participation and collaboration.

"Organizations are participating in OCSF to address an immediate need among their customers across all industries for greater visibility into potential security threats," says Jon Ramsey, VP, security services at AWS. "Without a common language, organizations have to analyze security-relevant telemetry and log data using multiple tools, technologies, and vendors. The OCSF schema makes it easier for security teams to more quickly analyze and protect their environment when the need arises, offering full visibility, greater detection accuracy, and making it easier for security teams to do their jobs more efficiently."

You can find out more on OCSF's GitHub page.

Image credit: Funtap/depositphotos.com