According to the companies, that mismatch can cause delays in understanding how a cyberattack may be unfolding because data from one tool often must be converted into a compatible format to work with another tool. That can hinder analysis of the underlying threat data, said Mark Ryland, a top cybersecurity executive at Amazon Web Services (AWS), Amazon’s cloud computing arm.
The new standard — known as the Open Cybersecurity Schema Framework — was announced Tuesday at the Black Hat cybersecurity conference in Las Vegas. The project is being led by AWS, the cybersecurity firm Symantec and Splunk, a data analysis company.
“The OCSF initiative is truly unprecedented,” said Erkang Zheng, CEO of the cybersecurity firm JupiterOne, in a release. “Normalizing data prior to ingestion has been one of the biggest pain points for security professionals, and the universal framework proposed by the OCSF, powered by a common domain knowledge across several security vendors, simplifies this time-consuming step, ultimately enabling better and stronger security for all.”