A Cloud Security Notification Framework (CSNF) under development by the Automated Cloud Governance (ACG) Working Group, an arm of the Open Network User Group (UNOG), announced today that he had adopted a data format developed by TriggerMesh to make it easier to standardize events generated by a wide range of security tools and platforms.
The UNOG ACG Task Force is sponsored by FedEx, Cigna, Raytheon Technologies and IBM Cloud. The goal is to create a standardized way to normalize the data that describes a security event as part of an effort to speed up analysis and remediation.
TriggerMesh provides an integration platform as a service (iPaaS) optimized for event-driven applications based on Kubernetes clusters. The ACG working group now incorporates the data format created by TriggerMesh to standardize events generated by multiple cloud services and applies it to cloud security.
TriggerMesh CEO Mark Hinkle said this approach will simplify security event aggregation across a wide range of security platforms, including Security Information Event Management (SIEM) platforms. and security orchestration, automation, and response (SOAR). The UNOG initiative is important because rather than being a vendor-driven specification, the CSNF is driven by enterprise IT organizations, he added.
One of the biggest challenges in cloud security is the level of effort required to extract, transform, and load (ETL) data generated by multiple cloud security tools and platforms. The ACG working group within UNOG is attempting to create a standard data format that eliminates a tedious task that helps limit the ability of cybersecurity teams to respond more adroitly to cybersecurity events.
TriggerMesh, of course, hopes adoption of the data format it created will increase demand for its iPaaS among UNOG members. The TriggerMesh platform provides access to a cloud bus to facilitate the orchestration of application flows and the consumption of events from any data center application or cloud source. It is designed to trigger serverless functions using a declarative application programming interface (API) and a set of tools to define event streams and functions. Rival approaches to integration are based on monolithic platforms that are both clumsy and more expensive to deploy and maintain, Hinkle said.
It is unclear to what extent security organizations could rally around a common data format. However, it is obvious that any organization that adopts a layered defense approach to cybersecurity that depends on multiple tools and platforms will encounter data integration issues. Of course, the longer it takes to aggregate and analyze security events, the more time cybercriminals have to wreak havoc. A standard data format for consuming security events not only reduces the time required to respond to threats, but should also reduce the total cost of security by reducing the integration effort currently required.
Naturally, it may take some time before cloud security platform vendors adopt any specification created by UNOG, but somehow the need for a specification to standardize security data is not only obvious to all, but also, arguably, long overdue.