Why being open will deliver a step change to cyber defence

Open Cybersecurity Schema Framework (OCSF), which was revealed during the Black Hat USA 2022 cyber security conference in Las Vegas, is anticipated to help cyber defenders spend less time on collecting and normalising threat data and more time on analysing and acting upon it.

The goal of the initiative is to implement an open standard that can be adopted in any situation and which fits in with existing security standards and processes. This is important, because historically, normalising and unifying data from across disparate tools in multiple, often siloed, point solutions has taken no small amount of time, resources and money.

In many cases, such disparate data sources remain somewhat opaque to organisations that are trying to protect the systems much of the information is coming from. This is a shame, because the more data we have at our fingertips, the more effectively we can protect the disparate systems within an organisation’s technology infrastructure footprint and its users.

But by establishing an open standard for data producers and consumers across the IT ecosystem to adopt, we can gain the true visibility we need to break down traditional barriers in our efforts to detect threats and respond effectively.

The foundation of the OCSF is a timely and positive development in the evolution of the global cyber security industry, but it is just the latest step in Trend Micro’s ongoing journey to gain ever-greater insight into the IT ecosystem to more effectively identify and act upon cyber threats.

This is something we’ve been at for quite a while at Trend Micro.

Indeed, the launch of the Trend Micro One unified cyber security platform in April this year opened a new chapter in our efforts to gain visibility across the entire IT ecosystem, thanks to a new level of partnership and integration with the likes of Microsoft, Google, Palo Alto Networks, ServiceNow, Slack, Splunk and Tenable.

These companies, among others, are all inaugural partners of the Trend Micro One technology ecosystem launch. Such partnerships with such eminent and seemingly omnipresent IT solutions providers are invaluable opportunities to access the vital data needed for next-level security intelligence and comprehensive coverage.

VIEW ALL

With the Trend Micro One platform in place, we can gain a full view of an organisation’s IT infrastructure, right down to the server level. Given the widespread use of solutions from players such as Microsoft and Google, the new level of integration provided by the Trend Micro One platform and its inaugural partners gives us eyes on an exhaustive number of data points that we can analyse and use to more effectively identify and defend against active threats in real time.

With this in mind, I think it’s fair to say that the launch of the Trend Micro One offering effectively supercharged our approach to industry partnerships, adding even greater value for our customers with a new strategy that has seen us consolidate our capabilities onto a single platform and build out more connections to third-party products.

All told, the cloud-delivered Trend Micro One platform is powered by more than 250 million global sensors. That’s incredible insight. And it’s made possible by the integrations we have with our growing roster of Trend Micro One technology ecosystem partners.

The extensive data integration enabled by the Trend Micro One platform provides a step change in information sharing, capturing a range of data across an ecosystem that consists of many elements. Thanks to this, it becomes faster and easier to join the dots when identifying and preventing cyber threats.

Microsoft, as one of our partners, is perhaps the top provider of software for businesses today. Much of the world’s computing environment is enabled by Microsoft, giving us broad oversight of threat telemetry from around the globe. ServiceNow, another partner, lets us see into the operation environment of businesses for even greater clarity.

The kind of integrations Trend Micro has with platforms like those provided by ServiceNow and Microsoft are almost as important as our security solution itself, because being a part of the operation environment provides unmatched insight.

Now, with the introduction of OCSF, the goal is to have an open standard that can be adopted in any situation and fits in with existing security standards and processes, factors that will be able to drive our IT ecosystem insight even further.

As a first-of-its-kind open source data-sharing effort, OCSF gives Trend Micro, and others, access to a simplified and vendor-agnostic taxonomy to help all security teams realise better, faster data ingestion and analysis without the time-consuming up-front normalisation task.

Trend Micro blocked over 94 billion threats in 2021 alone, representing a 42 per cent increase on 2020 figures. With the additional visibility and control of opaque, distributed IT environments that stretch from the cloud to the home office enabled by OCSF, we may just be able to accomplish yet another leap in the ongoing evolution of the cyber security landscape.

With platform-based approaches that combine attack surface management with threat prevention, detection and response, we’re already rapidly gaining traction. Such platforms help to simplify and streamline the security process, reducing costs and coverage gaps.

And as the Trend Micro One offering has shown, such platform approaches can be made even more effective by greater integration and more partnerships.

As it stands, our unified cyber security platform already enables vendor consolidation with multiple market-leading security capabilities and deep integration with individual organisations’ IT environments, simplifying security and helping businesses to detect and stop breaches faster.

Now, with the OCSF in play, there are even more opportunities for Trend Micro One, along with other platforms, to deliver a simplified vendor-agnostic taxonomy to accelerate data ingestion and analysis. At Trend Micro, we expect development to all but eliminate the time-consuming process of data normalisation across point solutions and speed up time-to-respond.

This can only deliver better value and better outcomes.

Integration with third-party security tools, along with centralised visibility, extended detection and response technology and continuous threat assessment can reduce operational costs by up to 63 per cent, while also delivering better risk insights for security teams.

The hope now is that the new open standard will be adopted across all environments, applications and solution providers, adding to existing standards and processes. Trend Micro has already joined a handful of security vendors and big tech names such as Salesforce and Amazon Web Services to make this a reality.

It is our intention that more will follow. If they do, we all stand to benefit from more integrations and more data, for fuller insight into the IT ecosystem.

Mick McCluney, technical director and Trend Micro ANZ.