Collaborative Community Creates New Cybersecurity Approach
At the Black Hat USA 2022 security conference in Las Vegas last week, Amazon AWS and Splunk who had initially partnered building on the ICD Schema from Symantec, brought 15 other vendors including: Cloudflare, CrowdStrike, DTEX, IBM Security, IronNet, JupiterOne, Okta, Palo Alto Networks, Rapid7, Salesforce, Securonix, Sumo Logic, Tanium, Trend Micro, and ZScaler together to form the Open Cybersecurity Schema Framework (OCSF). This initiative acknowledges the enormous challenge of dealing with data from the wide spectrum of security products in a way that empowers enterprises to be able to protect against and respond to security threats quickly and effectively. “Providing a simplified and vendor-agnostic taxonomy to help all security teams realize better, faster data ingestion” is the main mission of the initiative.
It is great to see collaboration among vendors rising to the challenge presented by the ever-changing world of cybersecurity. At ChaosSearch, we are especially happy to see the schema using JSON and the open collaboration to make systems and data more secure.
And more than that, are excited to see this project evolve, and the OCSF schema make its way into the products of the companies embracing it.
READ: The New Best Way to Index and Query JSON Logs
ChaosSearch has many customers creating and realizing the benefits of operational and security data lakes for monitoring and alerting on security, application, Kubernetes, infrastructure logs, CloudWatch, CloudTrail, VPC FLow Logs, Splunk, Cloudflare, Fastly, Signal Sciences, Okta, Auth0, etc. Our customers utilize standard log shippers like Fluentd/Fluent Bit, Logstash/Beats, Kinesis Firehose, and tools like Cribl to ship data to AWS cloud object storage (AWS S3 or Google Cloud Storage). Once data is in cloud object storage, ChaosSearch’s patented indexing technology provides disruptive price/performance directly out of a customer’s S3 (or GCS) bucket. Any log, csv, or JSON data (like the OCSF schema or even JSON that is not as well architected or has complex JSON nesting), is a great fit for ChaosSearch.
For information on the OCSF project, visit https://github.com/ocsf/.
Additional Resources
Read the Blog: The Importance of Cloud Performance and Security Platforms
Watch the Demo: Unlock JSON Files for Analytics at Scale in ChaosSearch
Read the Blog: Going Beyond CloudWatch: 5 Steps to Better Log Analytics & Analysis