ONUG Group Taps TriggerMesh to Advance Cloud Security
A Cloud Security Notifications Framework (CSNF) being advanced by the Automated Cloud Governance (ACG) Working Group, an arm of the Open Network User Group (ONUG), today announced it has adopted a data format developed by TriggerMesh to make it simpler to normalize events generated by a wide range of security tools and platforms.
The ONUG ACG Working Group is sponsored by FedEx, Cigna, Raytheon Technologies and IBM Cloud. The goal is to create a standardized method for normalizing the data that describes a security event as part of an effort to accelerate analysis and remediation.
TriggerMesh provides an integration platform-as-a-service (iPaaS) optimized for event-driven applications that is based on Kubernetes clusters. The ACG Working Group is now taking in the data format that TriggerMesh created to normalize events generated by multiple cloud services and applying it to cloud security.
TriggerMesh CEO Mark Hinkle said that approach will make it simpler to aggregate security events across a wide range of security platforms, including security information event management (SIEM) and security orchestration, automation and response (SOAR) platforms. The ONUG initiative is significant because rather than being a specification being driven by vendors, the CSNF is being driven by enterprise IT organizations, he added.
When it comes to cloud security, one of the major challenges is the level of effort required to extract, transform and load (ETL) data generated by multiple cloud security tools and platforms. The ACG Working Group within ONUG is trying to create a standard data format that eliminates a time-consuming task that conspires to limit the ability of cybersecurity teams to respond more adroitly to cybersecurity events.
TriggerMesh, of course, is hoping the adoption of the data format it created will increase demand for its iPaaS among members of ONUG. The TriggerMesh platform provides access to a cloud bus to facilitate application flow orchestration and the consumption of events emanating from any data center application or cloud source. It is designed to trigger serverless functions using a declarative application programming interface (API) and a set of tools for defining event flows and functions. Rival approaches to integration are based on monolithic platforms that are both unwieldy and more expensive to deploy and maintain, said Hinkle.
It’s not clear to what degree security organizations might rally around a common data format. However, it’s apparent that any organizations that adopt a layered defense approach to cybersecurity that depends on multiple tools and platforms will encounter data integration issues. The longer it takes to aggregate and analyze security events, of course, the more time there is for cybercriminals to potentially wreak havoc. A standard data format for consuming security events not only reduces the time required to respond to threats but should also reduce the total cost of security by reducing the integration effort currently required.
Naturally, it may be a while before providers of cloud security platforms embrace any specification created by ONUG, but one way or another, the need for a specification to normalize security data is not only apparent to all but also, arguably, long overdue.
