A consortium of security and technology companies announced the development of an open source data interchange standard this week at the BlackHat 2022 event in Las Vegas.
The standard – which currently has its home on GitHub – is called the Open Cybersecurity Schema Framework and aims to allow for simpler data movement between security systems and applications.
This should help solve some of the problems and ‘translation’ work needed by security teams when monitoring different systems. Currently, even something as simple and common across most systems such as a failed login is presented in very different ways by different systems, meaning multiple rules need to be setup for monitoring the same action across multiple platforms. A common schema would make life much easier for security teams, allowing them to spend more time on the output of a security monitoring solution and less time preparing the input data.
Members
The list of companies engaged in Open Cyber Security Schema Framework includes some fairly heavy-hitters in the technology, cloud and cyber security space which will hopefully give it the momentum – and budget – needed to bring a new standard to bear, these include (ordered alphabetically):
AWS- Broadcomm
- Cloudflare
- CrowdStrike
- DTEX
- IBM Security
- IronNet
- JupiterOne
- Okta
- Palo Alto Networks
- Rapid7
- Salesforce
- Securonix
- Splunk
- Sumo Logic
- Tanium
- Trend Micro
- ZScaler
Summary
As with most cross-vendor standardisation projects, this is a real win for the end user/customer and given the size and breadth of the companies involved, its unlikely to just fall by the wayside. Hopefully in the coming months we’ll see more vendors join the club and see some tangible developments in security products.
