Whilst the cybersecurity industry has been fixated on AI models and automation tools, a fundamental transformation has been quietly taking shape beneath the surface. The Open Cybersecurity Schema Framework (OCSF) is emerging as the industry's answer to a longstanding challenge: creating a unified language for security data that works across vendors, platforms, and technologies.
OCSF provides a vendor-neutral, open-source framework that allows security teams, enterprises, and product developers to describe security events, findings, objects, and contextual information using a consistent structure. For security operations centres (SOCs), this solves a persistent headache. Teams currently spend enormous amounts of time normalising data from disparate tools just to correlate basic security events. Consider detecting a potentially compromised credential: an employee logs in from San Francisco at 10 a.m., then mysteriously accesses cloud resources from New York two minutes later. Building systems that can spot such anomalies requires painstaking translation work because different security tools describe identical concepts using different field names, data structures, and assumptions. OCSF eliminates much of this translation overhead, enabling analysts to focus on actual threat detection rather than data wrangling.
The framework's momentum has been remarkable. Launched in August 2022 by AWS and Splunk, with contributions from Symantec, Broadcom, and other major players including Cloudflare, CrowdStrike, IBM, Okta, Palo Alto Networks, and Zscaler, OCSF has rapidly evolved from a 17-company initiative into a community with over 200 participating organisations and 900 contributors following its incorporation into the Linux Foundation in November 2024. The framework now appears throughout the security ecosystem: AWS Security Lake converts logs into OCSF format, Splunk translates incoming data using edge processors, Cribl supports streaming conversion, and CrowdStrike positions itself on both sides of the pipeline, translating Falcon data into OCSF whilst also ingesting OCSF-formatted information.
The rise of AI infrastructure has given OCSF fresh urgency. Modern AI deployments involve complex distributed systems including model gateways, agent runtimes, vector stores, and policy engines, all generating new forms of telemetry that span product boundaries. Security teams need to understand not just what an AI system produces, but what it actually does and whether those actions create security risks. Recent OCSF updates in versions 1.5.0 through 1.7.0 address these challenges by enabling teams to trace AI assistant tool calls, flag unusual behaviour, and investigate full action chains rather than merely final outputs. Upcoming developments in version 1.8.0 will allow teams to track model details, token counts, and message roles, helping investigators spot when AI systems pull excessive data or leak sensitive information through unusually verbose responses. OCSF has transitioned from community experiment to operational standard, providing the common infrastructure security tea ms need to correlate data across expanding AI-driven threat landscapes without losing critical context.
Fuente Original: https://venturebeat.com/security/ocsf-explained-the-shared-data-language-security-teams-have-been-missing
Artículos relacionados de LaRebelión:
- Claude Code Leak 5 Security Actions for Enterprises
- AI Agents 5 Frameworks 3 Critical Security Gaps Exposed
- China Tightens AI Grip OpenClaw Banned New Security Rules
- AI Agents Need Processes Are Your Operations Ready
- AI Discovers Critical Firefox Security Vulnerabilities Rapidly
Artículo generado mediante LaRebelionBOT
No hay comentarios:
Publicar un comentario