ALPS blog

Improve Threat Detection & Response with OCSF

Trend Micro has always been a team player. Over the past three decades and more, we’ve worked closely with law enforcement, industry solution providers, academics and others to strengthen our collective hand against a common adversary. Yet while we’ve been breaking down barriers through this collaborative approach, the cybersecurity industry sometimes unwittingly puts more up. That’s why we’re thrilled to join a new open source initiative designed to make it easier for organizations to detect and respond to cyber-attacks.

The Open Cybersecurity Schema Framework (OCSF) will help defenders spend less time on collecting and normalizing threat data and more time on analyzing and acting on it. OCSF is a first of its kind open source effort, delivering a simplified and vendor-agnostic taxonomy to help all security teams realize better, faster data ingestion and analysis without the time-consuming up-front normalization task. The goal is to have an open standard that can be adopted in any situation and fits in with existing security standards and processes.

The cost of threat defense

Today’s security leaders face an agile, determined and diverse set of threat actors. From emboldened nation state hackers to ransomware-as-a-service (RaaS) affiliates, adversaries are sharing tactics, techniques and procedures (TTPs) on an unprecedented scale – and it shows. Trend Micro blocked over 94 billion threats in 2021 alone, a 42% increase on 2020 figures. Gaining visibility and control of opaque, distributed IT environments that stretch from the cloud to the home office is pushing defenders to the limit. According to a recent Trend Micro survey, 43% of organizations believe their digital attack surface is spiraling out of control.

In response, platform-based approaches—combining attack surface management with threat prevention, detection and response—are rapidly gaining traction. They help to simplify and streamline, reducing costs and coverage gaps. But the truth is that most organizations today still run multiple, often siloed, point solutions.

Unfortunately, normalizing and unifying data from across these disparate tools takes time and money. It slows down threat response and ties up analysts who should be working on higher value tasks. Yet up until now it has simply become an accepted cost of cybersecurity. Imagine how much extra value could be created if we found an industry-wide way to release teams from this operational burden?

What’s happening?

Thanks to the OCSF, that wait is now over. This first-of-its-kind project is designed to provide an open standard for data producers and consumers to adopt, which will break down traditional barriers to threat detection and response. Like STIX/TAXII for threat intelligence and the MITRE ATT&CK framework for tactic classification, it will deliver a simplified vendor-agnostic taxonomy to accelerate data ingestion and analysis. That should eliminate the time-consuming process of data normalization across point solutions, and speed up time-to-respond.

The hope is that the standard will be open to adoption across all environments, applications and solution providers, slotting in neatly beside existing standards and processes. We’ve joined a handful of security vendors and big tech names including Salesforce and AWS to make this a reality.

A team sport

Trend Micro has always been open to industry partnerships that add value for our customers, and make our digital, connected world safer. Over the past year we’ve supercharged this approach with a new strategy, consolidating our capabilities onto a single platform and building out connections to third-party products. The focus is always on simplifying and streamlining things for the customer, without compromising on security. That’s exactly what the OCSF will help to achieve.

An open framework like this will make life easier for defenders across the globe, whether they’re Trend Micro customers or using other vendors’ products. We’re tremendously excited not only to unlock the potential of our own offerings, but also to see security teams everywhere unburdened from traditional operational constraints.

Cybersecurity is a team sport. And with the OCSF, we can work together to put some serious scoreboard pressure on our collective opponents.

Facebook
Twitter
LinkedIn

Featured News