Cybersecurity vendors team up to form new open-source project

It is set to help organisations detect, investigate and stop cyberattacks faster and more effectively

A group of cybersecurity companies have come together to form a new open-source consortium designed to break down data silos that impede security teams.

The project, dubbed the Open Cybersecurity Schema Framework (OCSF), is set to help organisations detect, investigate and stop cyberattacks faster and more effectively.

It was conceived and initiated by AWS and Splunk and includes contributions from 15 additional initial members.

These include CloudFlare, CrowdStrike, DTEX, IBM Security, IronNet, JupiterOne, Okta, Palo Alto Networks, Rapid7, Salesforce, Securonix, Sumo Logic, Tanium, Trend Micro and Zscaler.

In a joint statement, the companies said the OCSF is an open standard that can be "adopted in any environment, application, or solution provider and fits with existing security standards and processes".

It is described as building upon the ICD Schema work done at Symantec, a division of Broadcom.

"Detecting and stopping today's cyberattacks requires coordination across cybersecurity tools, but unfortunately normalising data from multiple sources requires significant time and resources," the statement said.

"The OCSF is an open-source effort aimed at delivering a simplified and vendor-agnostic taxonomy to help all security teams realise better, faster data ingestion and analysis without the time-consuming, up-front normalisation tasks."

The initiative was announced during Black Hat USA 2022.

Participating companies agreed that the concept of a shared data scheme helps lower risk.

Patrick Coughlin, group vice president of the security market at Splunk, said: "Security leaders are wrestling with integration gaps across an expanding set of application, service and infrastructure providers, and they need clean, normalised and prioritised data to detect and respond to threats at scale.

"This is a problem that the industry needed to come together to solve. That's why Splunk is a proud member of the OCSF community — security is a data problem and we want to help create open standard solutions for all producers and consumers of security data."