18 companies have initiated the Open Cyber Schema Framework. The open source approach is intended to help detect and ward off cyber attacks more quickly.

Under the leadership of AWS, Broadcom and Spunk, a total of 18 companies from the cybersecurity environment have jointly d the Open Cybersecurity Schema Framework (OCSF). As an industry-wide , they want to use the open source approach to create new standards in order to normalize and standardize data from security tools, for example.

In this way, those involved want to make the day-to-day work easier for the security teams in companies in particular, which should be able to recognize and combat cyber attacks more quickly. The project was announced as part of the ongoing Black Hat security conference, which will be held in Las Vegas until Thursday of this week.

Simplified, manufacturer-independent taxonomy

However, the OSCF members cannot yet produce drafts for planned standards. Apparently, they initially focused primarily on analyzing the current situation and setting up the framework: detecting cyber attacks requires the coordination of several security tools, they state in their announcement. Bringing together the data from different sources and interpreting it requires a lot of time and resources on the part of the company’s security teams. Here OSCF should help to save resources.

The common goal of the initiative is therefore to be able to provide a “simplified and manufacturer-independent taxonomy”. The initiative explains the structure of the OCSF taxonomy in detail in a PDF on GitHub. Open standards resulting from the OSCF approach should in future be able to be used in all company environments and be compatible with existing security standards and processes.

The OSCF approach is based on the ICD (Integrated Cyber ​​Defense) scheme from Symantec, a Broadcom subsidiary. In addition to the leading organizations AWS and Splunk, Cloudflare, CrowdStrike, IBM Security, Okta and Rapid7, among others, are already involved in the industry coalition for more interoperability.

The founding members have deposited the structure of the OCSF initiative in a GitHub organization. In the press release on the founding, which is available for download, Splunk also calls on other companies to participate in the open source initiative. Microsoft’s Intelligence Security Association (MISA) has been pursuing similar goals since 2018 and has brought together 300 companies.

