While AI/ML and automation promise to help streamline and reduce security operation costs, these efforts could be significantly boosted by the increased availability of standard interfaces, such as OAS, OCSF and OpenSearch Security Analytics, in security tools and platforms. 

Such interfaces can significantly reduce security operations centers (SOCs) costs through several mechanisms, including improved automation, interoperability, enhanced integration, scalability and data management.  

“Increased use of standard interfaces such as OAS can reduce costs and effort by easing integrations for threat detection tools, compliance, policy enforcement, identity and security assessment tools,” said Michael Farnum, virtual CISO at business-technology services provider Trace3. “It can also reduce vendor lock-in and use more open-source integrations,” he said. 

Such open standards can also lower a company’s training, maintenance and troubleshooting overhead. “Training developers, architects, analysts and others on standards helps to alleviate the need to learn a bunch of unique tools and interfaces,” Farnum added.  

The Open Cybersecurity Schema Framework (OCSF) is an open-source project that provides a standard format and data model to analyze security logs and alerts; this framework aims to improve the efficiency in detecting, investigating and handling attacks and improve integration and interoperability among security tools. Significant cost reductions are associated with data normalization and integration. OpenSearch defines simple formats for sharing data, enabling interoperability among different security tools and providing a way for security teams to visualize and manage data from various sources without redundant configurations. 

Finally, OAS, formerly known as Swagger, is an open-source software framework developed to describe, produce, consume and visualize RESTful web services. It’s a standardized, language-agnostic format for describing HTTP APIs. OAS provides a framework for defining the structure, functionality and behavior of RESTful APIs in a way that is both human-readable and machine-readable. 

Security intelligence and management software maker Exabeam is a recent example of vendors embracing open frameworks. Steve Wilson, Exabeam’s chief product officer, said organizations today seek ways to optimize their entire threat detection, investigation and response capabilities, and by adopting OAS into its New-Scale Security Operations Platform, Exabeam is helping them do that. Wilson explained that the move will make it more straightforward for security operations teams to automate cloud-native workflows and playbooks.  

“When you think about the life cycle inside a security operation center, you have a team looking for threats. They detect something and then want to take action based on a human judgment or an AI-enhanced suggestion to mitigate the risk. They want to have a set of built playbooks that automate these activities,” he added. 

With OAS compatibility, the cloud-native New-Scale Security Operations Platform enables security teams to quickly create automation and playbooks using their preferred tools to choose best-in-breed toolsets rather than all-in-one toolsets more readily. Wilson said the existing low code/no-code capabilities and the new integration allow experienced developers and less skilled practitioners to focus on rapid threat response. 

“You don’t need a developer to read all the Java documentation to understand what you’re doing. Now, [automations] have a ready-made description of different actions you can take with the API. Here’s how these actions are constructed. Here’s the data you need to execute the action,” Wilson explained. “Now you can take a standard file, and more security products, especially cloud-native products, come with an open API standard file, and you essentially drag that standard file into the platform and it will recognize the security product you’re using and enable you to create a workbook with absolutely no coding.” 

The release introduces several game-changing enhancements to the New-Scale Platform, including New-Scale Analytics, an advanced threat detection system that Wilson said learns over time and incorporates business factors into risk scoring, reducing noise and dramatically reducing manual tuning. Also, New-Scale’s Threat Center now acts as a comprehensive analyst workbench and integrates with Exabeam Copilot’s generative AI capabilities to help improve SOC analyst productivity. A new detection grouping feature in Threat Center consolidates relevant detections, enabling analysts to assess and address threats more quickly. 

Sebastian Bittig, director of cyber defense at r-tec IT Security GmbH, said in an Exabeam statement that with the OAS integration, Exabeam is helping to redefine how they operate their SOC with more seamless integration into the company’s existing security toolsets and has “unlocked unparalleled visibility and efficiency.” 

However, challenges arise when using standards to reduce vendor lock-in and lower costs, especially when integrating and automating more complicated tasks. “Standards work best with lowest common denominator activity, so if you have more unique or complicated use cases, you will likely still need to rely on your vendors to extend capabilities,” added Farnum. “Companies have to be careful when it comes to how much they depend on their vendors’ advanced features, or they can potentially get the lock-in they were trying to avoid,” he said. 

Recent Articles By Author

• Emerging Agentic AI Security Vulnerabilities Expose Enterprise Systems to Widespread Identity-based Attacks 
• Mapping Mayhem: Security’s Blind Spots in Identity Security
• Alert Fatigue and Talent Gaps Fuel AppSec Weaknesses

More from George V. Hulme