Open Cybersecurity Schema Framework

During BlackHat and Defcon, AWS and others made a joint announcement around the creation of the Open Cybersecurity Schema Framework (OCSF). I’d encourage everyone to take a quick look at that announcement. Why I feel this is significant is really due to the companies that were involved in making this happen. This is a situation where industry leaders came together to create a framework that will be made available to everyone. I happen to also know that it was created with everyone in mind, not just the original partners on OCSF. It has been formulated to scale and adapt to all interested parties.

Now, you may ask “why do we need cybersecurity schema framework?”. Great question. The amount of data that can be used for security and data forensics is ENORMOUS. Parsing through that data is a challenge, which is made even more complex with a multitude of different formats. Providing a single format to normalize data allows for intelligence to be derived more easily and quickly. This is so important in the realm of security. There is so much data that just isn’t being used because the process to normalize it either doesn’t exist or is onerous to convert and make sense of.

As I have fully disclosed, I am an employee of AWS. So clearly I am proud of our involvement, but more importantly I am proud and encouraged of any efforts to improve security and aide our hardworking IR and SecOps teams. I think this is a major step in the right direction and I can’t wait to see where this leads us!

Link to the OCSF page.