My review of 5 leading open source standards: OpenTelemetry, OpenFeature, CloudEvents, CDEvents and the Open Cybersecurity Framework (OCSF).

https://youtu.be/D6KqtJIVcts
#opentelemetry #openfeature #cloudevents #cdfoundation #cdevents and #ocsf

Amazon introduces Amazon Security Lake at #reInvent https://aws.amazon.com/about-aws/whats-new/2022/11/amazon-security-lake-preview/
Quick take: Affordable storage at scale not only challenges log management incumbents (and indirectly SIEM since analytics beyond existing AWS offerings are TBD), but also – and significantly – challenges Google (primarily Chronicle) and Microsoft (Sentinel) with the hyperscaler advantage. The cloud bigs “can get it for you wholesale” when it comes to storage and minimize markup – which also targets one of Splunk’s most longstanding issues. SMB may be an initial target (where the skew toward *DR and primarily EDR becomes more pronounced down market), but also keep an eye on their mo behind #OCSF and their initial partners on the spec.
This is just the first step in what is likely a more ambitious direction. Just consider the combo of aligning multi-source data (including competing cloud providers) and AWS observability as to where this could lead. Also note that Jon Ramsey, now at AWS, has built an ambitious security data platform before (at Secureworks).

I'm really excited by what I'm reading about #AWS Security Lake announced at #reinvent, particularly the use of OCSF (https://github.com/ocsf). If security vendors could agree on a common standard for security logs it would be a huge headache removed, particularly for smaller businesses who rarely have the resources to implement lots of custom log integrations.

Note to vendors - every RFP and sales call from now on I will be asking you whether you support this standard.

#securitylake #ocsf #infosec

I'm really excited by what I'm reading about #AWS Security Lake announced at #reinvent, particularly the use of OCSF (https://github.com/ocsf). If security vendors could agree on a common standard for security logs it would be a huge headache removed, particularly for smaller businesses who rarely have the resources to implement lots of custom log integrations.

Note to vendors - every RFP and sales call from now on I will be asking you whether you support this standard.

#securitylake #ocsf

News on AWS Security Lake, leveraging the Open Cybersecurity Schema Framework (#OCSF) is making the rounds. Proud that not only is IBM Security a launch partner, but #QRadar was one of the very few products name-dropped in the launch keynote.

https://aws.amazon.com/blogs/aws/preview-amazon-security-lake-a-purpose-built-customer-owned-data-lake-service/

Note that we have also added support for #AWS Security Lake to the Open Cybersecurity Alliance #STIX Shifter and #Kestrel projects - you can query and threat-hunt across AWS *and ~ 30 other products and clouds* all from one place, and apply out-of-the box ML and analytics... check it out if you have not.

https://opencybersecurityalliance.org/try-kestrel-in-a-cloud-sandbox/

I'm ridiculously excited about #OCSF and #aws's new Security Lake product! I've had to dig through so many different data sources and formats in the past to do forensics and security analysis.. this is _game changing_ https://aws.amazon.com/blogs/security/aws-co-announces-release-of-the-open-cybersecurity-schema-framework-ocsf-project/

Eine Gruppe von Cyberunternehmen, darunter auch die Cloud-Sparte #AWS von #Amazon, #Cloudflare und #TrendMicro haben auf der #Cybersecurity-Konferenz #BlackHat in Las Vegas das Open Cybersecurity Schema Framework #OCSF als gemeinsamen Datenstandard für den Austausch von Cybersicherheitsinformationen vorgestellt. Dienste, die die Spezifikationen unterstützen, können Warnmeldungen von verschiedenen Cyber-Überwachungstools, Netzwerk-Loggern und anderer Software zusammenführen und standardisieren.