JupiterOne participates in new Open Cybersecurity Schema Framework (OCSF) industry initiative

At JupiterOne, we recognize the importance of building community — not just for the benefit of every cybersecurity professional out there, but for the organizations that rely on cybersecurity software and the people and institutions they need to protect. We live by the principle that security is a basic right, and actively deliver on this commitment by offering a free, baseline version of our software to tech individuals who need basic security and asset discovery. 

Recently, JupiterOne was invited by partner and investor Splunk to participate in a new industry initiative — the Open Cybersecurity Schema Framework (OCSF).

What is OCSF?

The OCSF is an open-source project delivers a simplified and vendor-agnostic taxonomy to help security teams realize better, faster data ingestion and analysis without the time-consuming, up-front normalization tasks. The initiative is led by Splunk and AWS and built upon the ICD Schema work done at Symantec, a division of Broadcom. Along with these companies, it features the contributions and participation from 15 initial cybersecurity and technology organizations, including JupiterOne.

Why is the OCSF important?

Today’s security teams are taxed with time-consuming and resource-intensive normalization workflows required to unify data from the different tools they rely upon, greatly delaying their ability to leverage that data to detect and investigate security threats. With the OCSF initiative, the industry works together to unburden security teams of the work required to collect and normalize data, allowing them to focus on analyzing it. The ultimate goal of the OCSF is to provide an open standard, adopted in any environment, application, or solution, that also complements existing security standards and processes. The universal framework will be continuously powered by a common domain knowledge across all participating security vendors and will simplify this time-consuming step to provide superior security. 

This isn’t the first time JupiterOne participates in an initiative aimed at empowering security teams through open-source solutions. Earlier this year, JupiterOne announced the release of Starbase, an open-source tool that helps organizations collect assets and relationships from services and systems, including cloud infrastructure, SaaS applications, security controls, and more. In addition, we have open sourced our graph data model since the very beginning of our journey, making it easier to define and classify assets, attributes, relationships between different assets, and to perform complex analysis.

“The OCSF initiative is truly unprecedented. Normalizing data prior to ingestion makes post-ingestion analysis easier, reducing the learning curve across different products, and addresses one of the biggest pain points for security professionals. The universal framework proposed by the OCSF, powered by a common domain knowledge across several security vendors, simplifies this time-consuming step, ultimately enabling better and stronger security for all.”

- Erkang Zheng, CEO & Founder, JupiterOne

Over time, we will continue to contribute to the OCSF initiative by extending the framework to cover both time-series event data as well as stateful/structural asset data, leveraging JupiterOne’s open-source data model. Our hope in participating in this initiative is to inspire more cross-industry collaboration in order to provide a safer environment for businesses, governments, and the whole world to operate successfully and securely. To learn more, visit the OCSF repository on GitHub.



Posted By Erkang Zheng

I envision a world where decisions are made on facts, not fear; teams are fulfilled, not frustrated; breaches are improbable, not inevitable. Security is a basic right.

I am a cybersecurity practitioner and founder with 20+ years across IAM, pen testing, IR, data, app, and cloud security. An engineer by trade, entrepreneur at heart, I am passionate about technology and solving real-world challenges. Former CISO, security leader at IBM and Fidelity Investments, I hold five patents and multiple industry certifications.

I am building a cloud-native software platform at JupiterOne to deliver knowledge, transparency and confidence to every digital operation in every organization, large or small.

To hear more from Erkang, get our newsletter. No spam, just the good stuff once or twice a month. Sign up below.