Artwork

Inhalt bereitgestellt von Fix Security. Alle Podcast-Inhalte, einschließlich Episoden, Grafiken und Podcast-Beschreibungen, werden direkt von Fix Security oder seinem Podcast-Plattformpartner hochgeladen und bereitgestellt. Wenn Sie glauben, dass jemand Ihr urheberrechtlich geschütztes Werk ohne Ihre Erlaubnis nutzt, können Sie dem hier beschriebenen Verfahren folgen https://de.player.fm/legal.
Player FM - Podcast-App
Gehen Sie mit der App Player FM offline!

Normalizing security data, federated search, and OCSF - Jonathan Rau, VP / Distinguished Engineer at Query

1:04:28
 
Teilen
 

Manage episode 420076778 series 3576155
Inhalt bereitgestellt von Fix Security. Alle Podcast-Inhalte, einschließlich Episoden, Grafiken und Podcast-Beschreibungen, werden direkt von Fix Security oder seinem Podcast-Plattformpartner hochgeladen und bereitgestellt. Wenn Sie glauben, dass jemand Ihr urheberrechtlich geschütztes Werk ohne Ihre Erlaubnis nutzt, können Sie dem hier beschriebenen Verfahren folgen https://de.player.fm/legal.

Jonathan Rau, VP/Distinguished Engineer at Query, explains the process of normalizing security data and the challenges of working with different security tools and APIs. He also simplifies the concept of security data into three categories: structured, semi-structured, and unstructured.

Finally, he discusses benefits of unifying security data, and the Open Cyber Security Schema Framework (OCSF) which Query uses as their data model. OCSF provides a standardized data model for cybersecurity events and objects, allowing for easier integration and interoperability between different security tools. The conversation also touches on the use of graphs in security data analysis, based on Jonathan's previous experience at Lightspin.

Takeaways

  • Federated search allows users to search their security data wherever it is without ingestion.
  • Normalizing security data involves mapping fields and setting constant states to handle different data formats and schemas.
  • Security data can be categorized into structured, semi-structured, and unstructured data.
  • Query simplifies the complexity of security data and provides a unified view of all security data sources.
  • The Open Cybersecurity Schema Framework (OCSF) provides a standardized data model for cybersecurity events and objects, enabling easier integration and interoperability between security tools.
  • Graph databases are useful for maintaining relationships and analyzing complex security data, but loading and querying graph data can be challenging.
  • The key benefit of unifying security data is decision support, enabling security teams to make informed decisions based on a comprehensive view of the data.
  • When building a data fabric or unifying security data, it's important to work backwards from the job to be done and focus on supporting specific use cases and decision-making needs.
  • Staying informed about data technologies and approaches is crucial for security engineers and CISOs to make informed decisions about building a data fabric.
  continue reading

9 Episoden

Artwork
iconTeilen
 
Manage episode 420076778 series 3576155
Inhalt bereitgestellt von Fix Security. Alle Podcast-Inhalte, einschließlich Episoden, Grafiken und Podcast-Beschreibungen, werden direkt von Fix Security oder seinem Podcast-Plattformpartner hochgeladen und bereitgestellt. Wenn Sie glauben, dass jemand Ihr urheberrechtlich geschütztes Werk ohne Ihre Erlaubnis nutzt, können Sie dem hier beschriebenen Verfahren folgen https://de.player.fm/legal.

Jonathan Rau, VP/Distinguished Engineer at Query, explains the process of normalizing security data and the challenges of working with different security tools and APIs. He also simplifies the concept of security data into three categories: structured, semi-structured, and unstructured.

Finally, he discusses benefits of unifying security data, and the Open Cyber Security Schema Framework (OCSF) which Query uses as their data model. OCSF provides a standardized data model for cybersecurity events and objects, allowing for easier integration and interoperability between different security tools. The conversation also touches on the use of graphs in security data analysis, based on Jonathan's previous experience at Lightspin.

Takeaways

  • Federated search allows users to search their security data wherever it is without ingestion.
  • Normalizing security data involves mapping fields and setting constant states to handle different data formats and schemas.
  • Security data can be categorized into structured, semi-structured, and unstructured data.
  • Query simplifies the complexity of security data and provides a unified view of all security data sources.
  • The Open Cybersecurity Schema Framework (OCSF) provides a standardized data model for cybersecurity events and objects, enabling easier integration and interoperability between security tools.
  • Graph databases are useful for maintaining relationships and analyzing complex security data, but loading and querying graph data can be challenging.
  • The key benefit of unifying security data is decision support, enabling security teams to make informed decisions based on a comprehensive view of the data.
  • When building a data fabric or unifying security data, it's important to work backwards from the job to be done and focus on supporting specific use cases and decision-making needs.
  • Staying informed about data technologies and approaches is crucial for security engineers and CISOs to make informed decisions about building a data fabric.
  continue reading

9 Episoden

Minden epizód

×
 
Loading …

Willkommen auf Player FM!

Player FM scannt gerade das Web nach Podcasts mit hoher Qualität, die du genießen kannst. Es ist die beste Podcast-App und funktioniert auf Android, iPhone und im Web. Melde dich an, um Abos geräteübergreifend zu synchronisieren.

 

Kurzanleitung

Hören Sie sich diese Show an, während Sie die Gegend erkunden
Abspielen