NetworkTigers explains the Open Cybersecurity Schema Framework (OCSF).
Cybersecurity is a global concern, as hackers disregard borders just as they do firewalls. Collaboration and cooperation can help defeat hacking attempts or at least minimize the damage that they can do. Governments, businesses, and individuals can share responsibility and information to combat cyber threats. Moreover, doing so is imperative in today’s increasingly ever-connected world.
Understanding the Open Cybersecurity Schema Framework (OCSF)
The Open Cybersecurity Schema Framework attempts to collaborate in the fight against hackers and evolving threats. The OCSF is essentially a public good, not owned by any data privacy company but maintained via an open collaboration. The OSCF is vendor-agnostic, meaning that one vendor does not control it but can be utilized and adapted by different vendors and data engineers.
Co-founders of the Framework include AWS and Splunk. Broadcom, Salesforce, Rapid7, Tanium, Cloudflare, Palo Alto Networks, DTEX, CrowdStrike, IBM Security, JupiterOne, and they are joined in the initiative from the start Zscaler, Sumo Logic, IronNet, Securonix, and Trend Micro. Additionally, anyone can access the project on GitHub.
The OCSF is currently governed by a steering committee and is available under the Apache 2 open-source license.
Reasons for collaboration in the cybersecurity marketplace
The OCSF came about through a series of concerns from cybersecurity industry professionals. One of the main concerns of data privacy researchers is the lag time in responding to existing cyber threats and identifying and rooting out hacks. According to studies done by IBM, it takes, on average, 197 days to identify a security breach and about 69 days for a business to address fully and contain the threat. During this extended period, the damage done by a single hack can rise to millions of dollars and spread extensively through contaminated systems.
One of the main reasons for these delays is a lack of shared tools, with individual vendors using their practices and processes. Cybersecurity analysts realize that individual businesses may use multiple different vendors, hardware, and programs under one IT umbrella. Each component comes with its coding, applications, and proprietary processes. Uniting different programming and data to address a single threat takes valuable time and resources, which a company cannot afford to do, even in the face of potentially dangerous hacks.
The OCSF is designed to address this conundrum. According to AWS, one of the OCSF’s founders,
“Instead of focusing primarily on detecting and responding to events, security teams spend time normalizing this data as a prerequisite to understanding and response. We believe using the OCSF schema will make it easier for security teams to ingest and correlate security log data from different sources, allowing for greater detection accuracy and faster response to security events.”
Experts weigh in on the OCSF
More than four of five cybersecurity experts agree that cybersecurity interoperability is the main concern and that open-source programming is the way to address it. ESG data shows that more than 75% of 280 professionals surveyed seek industry cooperation and increased open sourcing-as an industry standard.
Lisa Plaggemier, Executive Director of the National Cybersecurity Alliance, agreed that,
“Incapability between vendors has long been pointed to by the private sector as one of the biggest hurdles to enabling collaboration between stakeholders. While the jury is still out on the effectiveness of the OCSF, if it does accomplish its primary goal—removing operational barriers between the vendors involved—it could prove to be a significant catalyst in jumpstarting more tangible collaboration moving forward across the industry.”
The OCSF in review
While the OCSF is still in its early days, having only been announced at Black Hat 2022, industry experts are hopeful that its creation signifies a welcome shift in the world of cybersecurity. In the years to come, it is hoped that shared programming and open-source coding will become an industry standard, allowing different vendors and data engineers the opportunity to speak the same language finally.
