Join our panel during Black Hat 2024 – Blurred Lines: Investigating the Convergence of Internal and External Threats



Insider Risk Insights - DTEX Blog

Standardizing Data: How OCSF Supports Proactive Insider Risk Management

How OCSF Supports Proactive Insider Risk Management

When it comes to the data quotient of insider risk management, quality triumphs volume. Having actionable data from inputs spanning human, cyber, physical and organizational sensors is key to the early detection and mitigation of insider risks.

Given that this data lies in various applications across the organization, standardization is important. This is why DTEX is proud to be a founding member of the Open Cybersecurity Schema Framework (OCSF), an open-source project established to remove security data silos and standardize event formats across vendors and applications. Joining DTEX are Splunk, Amazon Web Services (AWS), IBM and 15 other cybersecurity firms.

The group recently celebrated its first anniversary at Black Hat USA in Las Vegas. Since launching, the open-source project has expanded to include more than 145 organizations and 435 individual contributors — a more than eight-fold increase. Additionally, a growing number of Fortune 500 enterprises and public sector agencies have adopted the OCSF schema for internal use.

Frictionless Integration

Successful cybersecurity operations require solutions that integrate with each other to provide additional value beyond a single feature or technology. While this is possible with open APIs and mapping data structures, development and processing resources are not infinite. We’re excited about the momentum behind the OCSF initiative to eliminate inefficiencies and achieve frictionless integration through standardized data—for faster time to detection, response, and resolution at a lower total cost.

How is the OCSF Valuable for Proactive Insider Risk Management?

Many enterprise organizations struggle with technology silos, noisy data and high rates of false positives. Companies need a solution that brings technology integration and amplification capabilities to provide contextual awareness to identify risk early and enforce strategies for mitigation.

Support for the OCSF allows customers’ data engineers to easily map differing schemas to help security teams simplify data ingestion and normalization. This enables data scientists and analysts to work with a common language for insider risk detection and investigation.

We look forward to continuing to work closely with the group to ensure that the framework enhances organizations’ ability to build proactive insider risk management practices.