Can the Open Cybersecurity Scheme Framework improve cybersecurity complications?
Cybersecurity and technology industry leaders agree that dealing with threats has to be a collective effort. Over the years, numerous alliances from cybersecurity and tech vendors, government cybersecurity agencies and the private sector have been formed with the aim of mitigating risks, threats and other cybersecurity issues.
Yet, despite this, cybercrime continues to be a major problem globally with organizations losing millions to cybercriminals, either from stolen data or paying ransomware. In fact, according to IBM Security’s Cost of Data Breach Report, the global average cost of data breach for organizations surveyed reached an all-time high of US$4.35 million.
With that said, can cybersecurity coalitions, partnerships and alliances make a difference? Many would argue that purpose of such alliances is meant to share intel and knowledge on cyberthreats. But with intel on cybercrime being highly sensitive these days, it remains to be seen how much information can be shared or be used among such alliances.
Despite this, such alliances still have some value especially in helping those that may not have the sufficient resources in dealing with cyber threats, be it detecting or investigating them. Data silos remain a big problem when it comes to mitigating cybersecurity for most security teams around the world.
As such, at Black Hat USA 2022, 18 companies came together to form an open-source effort to break down data silos that impede security teams. The Open Cybersecurity Schema Framework (OCSF) project, will help organizations detect, investigate and stop cyberattacks faster and more effectively.
The OCSF is an open-source effort aimed at delivering a simplified and vendor-agnostic taxonomy to help all security teams realize better, faster data ingestion and analysis without the time-consuming, up-front normalization tasks. This is because one of the biggest problems in cybersecurity today is normalizing data from multiple sources requires significant time and resources.
Conceived and initiated by AWS and Splunk, the OCSF builds upon the ICD Schema work done by Broadcom’s Symantec. The OCSF includes contributions from 15 additional initial members, including Cloudflare, CrowdStrike, DTEX, IBM Security, IronNet, JupiterOne, Okta, Palo Alto Networks, Rapid7, Salesforce, Securonix, Sumo Logic, Tanium, Trend Micro, and Zscaler.
Members of the cyber security community are also invited to utilize and contribute to the Open Cybersecurity Schema Framework.
An open standard, OCSF can be adopted in any environment, application, or solution provider and fits with existing security standards and processes. As cybersecurity solution providers incorporate OCSF standards into their products, security data normalization will become simpler and less burdensome for security teams. OCSF adoption will enable security teams to increase focus on analyzing data, identifying threats, and defending their organizations from cyberattacks.
Tech vendors see Open Cybersecurity Scheme Framework as a gamechanger in industry
For Mark Ryland, Director, Office of the CISO at AWS, having a holistic view of security-related data across tools is essential for customers to effectively detect, investigate, and mitigate security issues.
“Customers tell us that their security teams are spending too much time and energy normalizing data across different tools rather than being able to focus on analyzing and responding to risks. By increasing interoperability between tools, the OCSF aims to greatly accelerate our customers’ ability to understand and respond to cybersecurity concerns,” commented Ryland.
Echoing Ryland’s views is Patrick Coughlin, Group Vice President, Security Market at Splunk. Coughlin pointed out that security leaders are wrestling with integration gaps across an expanding set of application, service, and infrastructure providers, and they need clean, normalized and prioritized data to detect and respond to threats at scale.
“This is a problem that the industry needed to come together to solve. That’s why Splunk is a proud member of the OCSF community — security is a data problem and we want to help create open standard solutions for all producers and consumers of security data,” said Ryland.
Sridhar Muppidi, IBM Fellow, Vice President and Chief Technology Officer at IBM Security added that cybersecurity is one of the most pressing challenges of the 21st century, and no single organization, agency, or vendor can solve it alone.
“IBM Security is a long-standing supporter of open-source and open standards, and believes that common data formats like the OCSF will help improve interoperability among many different cybersecurity products, allowing the “power of the crowd” to be used as a force multiplier against increasingly sophisticated adversaries,” mentioned Muppidi.
Meanwhile, Christopher Niggel, Regional Chief Security Officer for the Americas at Okta highlighted that coalitions like the OCSF help security teams make every user and organization more secure by streamlining access to data from the entire ecosystem of applications in the business, enabling faster detection and investigation of threats.
Sam Adams, Vice President of Detection and Response at Rapid7 concurs with Niggel, He believes that security vendors need to do right by the security teams who work tirelessly to protect not only their organizations but the greater community, against a constantly evolving array of threats.
Zscaler’s Amit Raikar, VP of Technology Alliances also shared his views stating that zero trust is a team sport. He hopes the framework proposed by the OCSF will help break down barriers leading to improved analytics and detections, resulting in better enforcement policies.
With all this said, organizations will now be hoping the new cybersecurity framework alliance will make a difference to the industry.