JupiterOne participates in new Open Cybersecurity Schema Framework (OCSF) industry initiative

by

At JupiterOne, we recognize the importance of building community — not just for the benefit of every cybersecurity professional out there, but for the organizations that rely on cybersecurity software and the people and institutions they need to protect. We live by the principle that security is a basic right, and actively deliver on this commitment by offering a free, baseline version of our software to tech individuals who need basic security and asset discovery.

Recently, JupiterOne was invited by partner and investor Splunk to participate in a new industry initiative — the Open Cybersecurity Schema Framework (OCSF). This open-source project delivers a simplified and vendor-agnostic taxonomy to help security teams realize better, faster data ingestion and analysis without the time-consuming, up-front normalization tasks. The initiative is led by Splunk and AWS and built upon the ICD Schema work done at Symantec, a division of Broadcom. Along with these companies, it features the contributions and participation from 15 initial cybersecurity and technology organizations, including JupiterOne.

Today’s security teams are taxed with time-consuming and resource-intensive normalization workflows required to unify data from the different tools they rely upon, greatly delaying their ability to leverage that data to detect and investigate security threats. With the OCSF initiative, the industry works together to unburden security teams of the work required to collect and normalize data, allowing them to focus on analyzing it. The ultimate goal of the OCSF is to provide an open standard, adopted in any environment, application, or solution, that also complements existing security standards and processes. The universal framework will be continuously powered by a common domain knowledge across all participating security vendors and will simplify this time-consuming step to provide superior security.

This isn’t the first time JupiterOne participates in an initiative aimed at empowering security teams through open-source solutions. Earlier this year, JupiterOne announced the release of Starbase, an open-source tool that helps organizations collect assets and relationships from services and systems, including cloud infrastructure, SaaS applications, security controls, and more. In addition, we have open sourced our graph data model since the very beginning of our journey, making it easier to define and classify assets, attributes, relationships between different assets, and to perform complex analysis.

“The OCSF initiative is truly unprecedented. Normalizing data prior to ingestion makes post-ingestion analysis easier, reducing the learning curve across different products, and addresses one of the biggest pain points for security professionals. The universal framework proposed by the OCSF, powered by a common domain knowledge across several security vendors, simplifies this time-consuming step, ultimately enabling better and stronger security for all.”
- Erkang Zheng, CEO & Founder, JupiterOne

Over time, we will continue to contribute to the OCSF initiative by extending the framework to cover both time-series event data as well as stateful/structural asset data, leveraging JupiterOne’s open-source data model. Our hope in participating in this initiative is to inspire more cross-industry collaboration in order to provide a safer environment for businesses, governments, and the whole world to operate successfully and securely. To learn more, visit the OCSF repository on GitHub.

Erkang Zheng
Erkang Zheng

I founded JupiterOne because I envision a world where decisions are made on facts, not fear; teams are fulfilled, not frustrated; breaches are improbable, not inevitable. Security is a basic right.

We are building a cloud-native software platform at JupiterOne to deliver knowledge, transparency and confidence to every digital operation in every organization, large or small.

I am the Founder and CEO of JupiterOne, and also a cybersecurity practitioner  with 20+ years experience across IAM, pen testing, IR, data, app, and cloud security. An engineer by trade, entrepreneur at heart, I am passionate about technology and solving real-world challenges. Former CISO, security leader at IBM and Fidelity Investments, I hold five patents and multiple industry certifications.

Keep Reading

Proactive IAM Security: Transforming Identity Security with Actionable Insights | Okta Integration with JupiterOne
December 19, 2024
Blog
Unlocking Proactive Security: How Okta and JupiterOne Elevate IAM Insights

Unlock proactive IAM security with Okta and JupiterOne, gaining real-time insights, enforcing least privilege, and reducing risks in dynamic cloud environments.

Transitioning from Vulnerability Management to Exposure Management | JupiterOne
December 13, 2024
Blog
Transitioning from Vulnerability Management to Exposure Management with JupiterOne

Explore Gartner's latest report on Exposure Management and learn how your organization can prioritize vulnerabilities and minimize exposures.

The Ultimate CAASM Guide for 2025 | JupiterOne
November 20, 2024
Blog
The Ultimate CAASM Guide for 2025

Discover how Cyber Asset Attack Surface Management (CAASM) is providing enhanced visibility of internal and external assets in 2025.

15 Mar 2022
Blog
One line headline, one line headline

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud eiut.

15 Mar 2022
Blog
One line headline, one line headline

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud eiut.

15 Mar 2022
Blog
One line headline, one line headline

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud eiut.