Last updated at Wed, 03 May 2023 14:14:52 GMT

Teams spend a lot of time normalizing data before any analysis, investigation, or response can begin. It’s an unacceptable burden for you. And its days are finally numbered.

Rapid7 and other security vendors are collaborating on an Open Cybersecurity Schema Framework (OCSF), an open standard for both data producers and users to adopt. Much like the MITRE Att@ck Framework, common language and understanding change everything.

OCSF, includes contributions from 17 leading cybersecurity and technology organizations: AWS, Cloudflare, CrowdStrike, DTEX, IBM Security, IronNet, JupiterOne, Okta, Palo Alto Networks, Rapid7, Salesforce, Securonix, Splunk, Sumo Logic, Tanium, Trend Micro, and Zscaler.

OCSF is an open standard that can be adopted in any environment, application, or solution provider and fits with existing security standards and processes. As cybersecurity solution providers incorporate OCSF standards into their products, security data normalization will become simpler, allowing teams to focus on analyzing data, identifying threats, and stopping attackers before they cause damage.

“We, as security vendors, need to do right by the security teams who work tirelessly to protect not only their organizations, but the greater community, against a constantly evolving array of threats,” said Sam Adams, Vice President of Detection and Response, Rapid7. “A step towards that is standardizing the data on which these teams rely. If we can minimize the complexity of using security data from disparate sources, we can save security professionals millions of hours every year. Rapid7 has a proud history of supporting the open-source community. We are thrilled to join our peers who share this belief and build a solution that will break down data silos, removing a heavy burden that hinders security teams’ efforts to stay ahead of threats.”

Data holds the key

The key to efficiently detecting and rapidly responding to today’s threats and attacks is data and how you use that data. It’s mission-critical for security teams to evaluate data from various sources (e.g. the endpoint, threat intelligence feeds, logs, etc.), coordinating with a myriad of security tools and solutions. In a recent study, SOC Modernization and the Role of XDR, eight in 10 organizations said they collect, process, and analyze security operations data from more than 10 sources. While it might sound like a lot, survey respondents actually want to use more data, in order to keep up with the evolving attack surface.

As the industry comes together to unburden security teams of the work required to collect and normalize data, Rapid7 will be rolling out support for OCSF, starting with InsightIDR, our joint SIEM and XDR solution. Look for updates on OCSF support in the coming months!

Additional reading:


Get the latest stories, expertise, and news about security today.