AWS, Splunk to lead creation of open standard for cybersecurity

The Register reports that the Open Cybersecurity Schema Framework project, led by AWS and Splunk, will use Symantecs ICD Schema to create a vendor-agnostic standard for cyberthreat response. Today's security leaders face an agile, determined and diverse set of threat actors, Trend Micro officials wrote in a blog post. From emboldened nation state hackers to ransomware-as-a-service (RaaS) affiliates, adversaries are sharing tactics, techniques and procedures (TTPs) on an unprecedented scale and it shows. The cybersecurity vendor, one of OCSFs initial members, was able to block over 94 billion threats last year, a year-on-year increase of 42%. Dan Schofield, IBM Securitys program manager for technology partnerships, noted that challenges such as the lack of open industry standards for event and logging purposes hamper threat hunting, detection engineering and analytics, and only a few vendors showed willingness to address the issue. Although we as an industry can't directly control the behavior of threat actors, we can improve our collective defenses by making it easier for security teams to do their jobs more efficiently, Mark Ryland, director of AWS Office of the CISO, said about the OCSF schema.