One of the biggest challenges cybersecurity teams face, aside from constantly having to foil threat actors, is to integrate data from the various tools they use to protect their organizations. But relief may be on the way in the form of the Open Cybersecurity Schema Framework (OCSF), which aims to establish an interoperability standard.
News of the creation of OCSF came during Black Hat USA 2022 in Last Vegas last week. The framework boasts participation from 18 of the IT industry’s biggest names, including Amazon AWS, IBM, Palo Alto Networks, Splunk, and Salesforce.
Such a standard would simplify the lives of cybersecurity professionals, who have complained for years about ineffective manual processes to integrate different tools. The lack of interoperability reduces the overall effectiveness of cybersecurity teams and may even hinder cyber defenses.
As reported in the Wall Street Journal, solutions and services supporting OCSF specifications would simplify and accelerate data analysis and interpretation by collating and standardizing alerts from multiple tools. “Folks expect us to figure this out. They’re saying, ‘We’re tired of complaining about the same challenges,’” said Patrick Coughlin, Splunk’s group vice president of the security market.
In an announcement from AWS regarding the effort, the company said: “Our customers have told us that interoperability and data normalization between security products is a challenge for them. We believe that use of the OCSF schema will make it easier for security teams to ingest and correlate security log data from different sources, allowing for greater detection accuracy and faster response to security events.”
If the OCSF succeeds in its standard-setting mission, it will be a welcome development for cybersecurity teams. More than three-quarters of respondents (77%) in a survey of 280 cybersecurity professionals said they want vendors to build open standards into their products to improve interoperability.