Security News > 2022 > August > AWS and Splunk partner for faster cyberattack response

AWS and Splunk are leading an initiative aimed at creating an open standard for ingesting and analyzing data, enabling enterprise security teams to more quickly respond to cyberthreats.

"Today's security leaders face an agile, determined and diverse set of threat actors," officials with cybersecurity vendor Trend Micro, one of the initial members of OCSF, wrote in a blog post.

Dan Schofield, program manager for technology partnerships at IBM Security, another OCSF member, wrote that the lack of open industry standards for logging and event purposes creates challenges when it comes to detection engineering, threat hunting, and analytics, and until now, there has been no critical mass of vendors willing to address the issue.

Mark Ryland, director of the Office of the CISO at AWS, wrote in a blog post that organizations have said that interoperability and data normalization between security products is difficult, forcing security teams to correlate and unify data across multiple products from different vendors in proprietary format.

The OCSF schema will "Make it easier for security teams to ingest and correlate security log data from different sources, allowing for greater detection accuracy and faster response to security events," Ryland wrote.

"It's well understood that data is the lifeblood of security operations centers, but oftentimes, that data needs to be manipulated and normalized to be in a form that can be used by the teams and tools the SOC relies upon," wrote Paul Agbabian, distinguished engineer and vice president for technology strategy for Splunk's security business unit.

News URL

https://go.theregister.com/feed/www.theregister.com/2022/08/11/ocsf_cybersecurity_standard_aws/