Amazon Web Services and Splunk Publish Open-Source Code to Help Organizations Manage Cyber Threats

More than a dozen tech firms have launched an open-source project that intends to help organizations respond to cyber threats more effectively.

The OCSF (Open Cybersecurity Schema Framework) was published yesterday, with the standard and documentation available on GitHub.

AWS (Amazon Web Services) and Splunk led the project, but were supported by Salesforce, IBM, Cloudflare, Palo Alto Networks, CrowdStrike Holdings, and several tech startups.

What does the OCSF do?

The OCSF is designed to simplify the data management process, which should help organizations respond to cyberattacks quicker.

One of the ways it does that is by streamlining the way information about cyber threats is gathered.

Organizations typically use multiple cybersecurity tools to detect malicious activity. They might have, for example, a system to detect suspicious emails, another system to detect unusual activity on employees’ accounts and a third system to spot malware on the network.

This is a necessary part of cybersecurity. Each tool specializes in a certain threat and must be configured according to each organization’s needs. With myriad threats across different parts of the business, organizations must implement multiple tools.

Yet organizations know that each threat doesn’t exist in isolation. If, for example, a cybersecurity team uses multiple tools to investigate an attempted cyberattack, they should compare technical information about malicious network activity from each of those tools.

However, that requires a significant amount of manual work. Not only are there vast quantities of data, but it is often stored in different formats. The cybersecurity team must therefore manually change the format of the dataset – which often requires another specialized software tool – before they can begin any actual analysis.

The OCSF simplifies this process, providing a common open-source standard for organizing cybersecurity data. If two tools store information in the same format, then administrators can move datasets between them without having to manually modify it.

The project’s backers say that this will reduce the time employees spend formatting data and will also reduce the risk of human error.

“Security leaders are wrestling with integration gaps across an expanding set of application, service and infrastructure providers, and they need clean, normalized and prioritized data to detect and respond to threats at scale,” said Patrick Coughlin, Splunk’s group vice president of the security market. “This is a problem that the industry needed to come together to solve.”