Major Cybersecurity Companies Create New Open-Source Consortium To Share Key Data

The new Open Cybersecurity Schema Framework, unveiled at Black Hat USA 2022, is an ‘open standard that can be adopted in any environment, application or solution provider and fits with existing security standards and processes,’ according to the member companies.

Black Hat USA 2022 started off with a bang Wednesday with a group of major cybersecurity companies unveiling the formation of a new open-source consortium to share key data and with DNSFilter separately saying it’s acquiring Guardian, a firewall and VPN platform.

The announcement by a group of cybersecurity companies—including Splunk, Amazon Web Services, Cloudflare, CrowdStrike, Palo Alto Networks, Okta, Trend Micro, Tanium and Zscaler, among others—revealed the launch of a new consortium called the Open Cybersecurity Schema Framework (OCSF).

The goal: to better share product-normalizing data in order to improve cybersecurity in general. All members of the cybersecurity community are invited to utilize and contribute to the OCSF.

In the companies’ joint press release, the OCSF is referred to as an “open standard that can be adopted in any environment, application or solution provider and fits with existing security standards and processes.”

The initiative is described as a continuation of Paul Agbabian’s Integrated Cyber Defense (ICD) Schema work done at Symantec, a division of Broadcom. Agbabian is now a top executive at Splunk.

“Detecting and stopping today’s cyberattacks requires coordination across cybersecurity tools, but unfortunately normalizing data from multiple sources requires significant time and resources,” the group stated in its joint press release. “The OCSF is an open-source effort aimed at delivering a simplified and vendor-agnostic taxonomy to help all security teams realize better, faster data ingestion and analysis without the time-consuming, up-front normalization tasks.”

Experts from participating companies said there was a pressing need to start sharing key data in order to improve cybersecurity for all.

“Security leaders are wrestling with integration gaps across an expanding set of application, service and infrastructure providers, and they need clean, normalized and prioritized data to detect and respond to threats at scale,” said Patrick Coughlin, group vice president, security market, at Splunk. “This is a problem that the industry needed to come together to solve.”

“Having a holistic view of security-related data across tools is essential for customers to effectively detect, investigate and mitigate security issues,” said Mark Ryland, director, office of the CISO at AWS.
Ryland added: “Customers tell us that their security teams are spending too much time and energy normalizing data across different tools rather than being able to focus on analyzing and responding to risks.”

Other companies involved in the founding of the OCSF include DTEX, IBM Security, IronNet, JupitorOne, Rapid7, Salesforce, Securonix and Sumo Logic.

“Cybersecurity is one of the most pressing challenges of the 21st century, and no single organization, agency or vendor can solve it alone,” said Sridhar Muppidi, IBM Fellow, vice president and CTO at IBM Security. “IBM Security is a long-standing supporter of open-source and open standards, and believes that common data formats like the OCSF will help improve interoperability among many different cybersecurity products.”

As for the DNSFilter-Guardian deal announced Wednesday morning, terms of the transaction were not disclosed.

With the deal, Washington, D.C.-based DNSFilter, provider of DNS-based web content filtering and threat protection, will be acquiring Guardian’s privacy-protecting firewall for iOS.

In a press release, DNSFilter said the “acquisition allows DNSFilter to provide a robust Secure Web Gateway that more effectively protects user information and secures organizations against web-based threats.”

“Secure Web Gateway plays a critical role in modern security strategies, enabling organizations to better secure access to the service edge,” said Ken Carnesi, co-founder and CEO of DNSFilter.

“But the technology is tired—incumbents have not kept pace with the evolving threat landscape or customer needs around service and support,” he said. “Combining best-in-class Domain Name System layer security with Firewall + VPN presents a massive business opportunity and alleviates the pain points customers face with legacy SWG technology.”