More than a dozen companies in the cybersecurity space are developing a single, open standard for sharing data about hacking threats, a project the companies say could help organizations detect cyberattacks more quickly.
The initiative, which involves Amazon
(AMZN), Cloudflare, CrowdStrike, IBM
(IBM), Okta and Salesforce
(CRM), among others, aims to solve a critical bottleneck in the sharing of threat information: The different data formats currently in use across multiple cybersecurity tools and products.
According to the companies, that mismatch can cause delays in understanding how a cyberattack may be unfolding because data from one tool often must be converted into a compatible format to work with another tool. That can hinder analysis of the underlying threat data, said Mark Ryland, a top cybersecurity executive at Amazon Web Services (AWS), Amazon’s cloud computing arm.
“Having a holistic view of security-related data across tools is essential for customers to effectively detect, investigate and mitigate security issues,” said Ryland in a release. “Customers tell us that their security teams are spending too much time and energy normalizing data across different tools rather than being able to focus on analyzing and responding to risks.”
The new standard — known as the Open Cybersecurity Schema Framework — was announced Tuesday at the Black Hat cybersecurity conference in Las Vegas. The project is being led by AWS, the cybersecurity firm Symantec and Splunk, a data analysis company.
“The OCSF initiative is truly unprecedented,” said Erkang Zheng, CEO of the cybersecurity firm JupiterOne, in a release. “Normalizing data prior to ingestion has been one of the biggest pain points for security professionals, and the universal framework proposed by the OCSF, powered by a common domain knowledge across several security vendors, simplifies this time-consuming step, ultimately enabling better and stronger security for all.”
The initiative comes as the Biden administration has ramped up outreach to the private sector in hopes of safeguarding critical infrastructure and other US assets from a wave of cyberattacks. Last month, US officials announced an effort to fill hundreds of thousands of vacant cybersecurity jobs, describing the talent shortage as both a national security challenge and an economic opportunity for the middle class.