Tech companies team up for common cybersecurity data standard
A group of 18 tech companies including Amazon Web Services, Symantec, Crowdstrike, Splunk and Salesforce are building a common data standard to streamline the use of cybersecurity risk threat information.
The move is in response to frustration on the part of IT managers and information security officers who have to deal with proprietary information updates that vary in format from one cybersecurity vendor to another.
The Open Cybersecurity Schema Framework (OCSF) was launched this week at the Black Hat security conference in Las Vegas and is being made available as a project on Github. It builds on work by security vendors such as Symantec (now a division of Broadcom), AWS and Splunk and exists as an open-source effort with any tech company able to join the coalition.
Cyber incident response times
Source: Deep Instinct
A whitepaper published on Github outlines how the OCSF operates and how it compares to existing standards. Mark Ryland, the director of the Office of the Chief Information Security Officer (CISO) for AWS, says that with wide adoption the data standard will improve response times to addressing cyber threats.
“Instead of focusing primarily on detecting and responding to events, security teams spend time normalizing this data as a prerequisite to understanding and response,” he explained in a blog post on the AWS site.
“We believe that use of the OCSF schema will make it easier for security teams to ingest and correlate security log data from different sources, allowing for greater detection accuracy and faster response to security events.”
Source: Deep Instinct
If the use of the standard becomes common across the IT industry it stands to help New Zealand IT managers detect and respond to cyber threats, given their heavy reliance on big security software and services vendors for security products.
A survey published in October by cybersecurity firm Deep Instinct found that the average response time to responding to a cyber attack was 20.9 hours. The report, which surveyed 1,500 IT professionals across 11 countries highlights the key barriers they face in responding quickly to cyber threats.
The number one reason identified by 44% of respondents was the sheer volume of never-before-seen malware, followed by the time it takes to investigate threats once discovered (39%) and a lack of qualified security operations staff (35%0.
Getting threat information in the same format, no matter the vendor supplying it, will at least have the potential to offer relief in the second category.
You must be logged in in order to post comments. Log In