Open source is a definite value-add, but disparities exist in the creation and execution of its governing security standards.
To remediate it, Splunk Inc. and Amazon Web Services Inc., alongside many other vendors, have worked together to conceive the Open Cybersecurity Schema Framework — a set of common rules governing the handling of cybersecurity events.
“The real challenge that OCSF helps to solve is effectively detect and respond at the speed at which attackers are demanding today,” said Patrick Coughlin (pictured), vice president of strategy and specialization at Splunk. “We have to normalize data across this entire landscape of tools, infrastructures and services. We have to have integration to have visibility, and these tools have to work together.”
Coughlin spoke with theCUBE industry analyst John Furrier at the recent AWS re:Invent conference, during an exclusive broadcast on theCUBE, SiliconANGLE Media’s livestreaming studio. They discussed the collective steps being taken to standardize approaches to cybersecurity within open-source and cloud-native environments. (* Disclosure below.)
Solving the integration problem
While companies can’t be blamed for harnessing multiple tools simultaneously for various operations, this practice has become a major stumbling block to standardizing cybersecurity. OCSF is an initiative that, in essence, takes the burden of systems integration away from end users and customers, according to Coughlin.
“Over 50 different organizations, cloud service providers and solution providers in the cybersecurity space have come together and said, ‘Let’s decide on a single, unified schema for how we’re going to represent event data in this industry.’ And I’m very proud to be here today to say that we’ve launched it, and I can’t wait to see where we go next,” he stated.
Enterprises often adopt a thoroughly siloed approach across their developer, IT and security operations, whereas the data from one is inextricably linked to the others. Splunk’s approach views data and overarching data visibility as essential to the security and cyber resiliency problem, according to Coughlin.
“One of the things that we do often is help connect the dots for our customers and bring our customers together across the silos they may have internally so that they can start to see a holistic picture of what resilience means for their enterprise and how they can drive faster detection outcomes and more automation coverage,” he explained.
Here’s the complete video interview, part of SiliconANGLE’s and theCUBE’s coverage of AWS re:Invent:
(* Disclosure: Splunk Inc. sponsored this segment of theCUBE. Neither Splunk nor other sponsors have editorial control over content on theCUBE or SiliconANGLE.)
Show your support for our mission by joining our Cube Club and Cube Event Community of experts. Join the community that includes Amazon Web Services and Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger and many more luminaries and experts.