Forum Discussion

John_Grovender's avatar
7 months ago

NetBackup 10.4 Standardizes Security Event Pushes to Common External Platforms Using the OCSF Schema

Standardizing on one digital disc format (the Phillips standard) for audio and then video was the key to building the great leap forward for the audio-video industry back in the 1980’s. It saved all the audio vendors an ongoing battle between disc formats, which would make massive headaches for recording artists and disc manufacturers. It also paved the way for digital video disc (DVD) technology that followed.

NetBackup 10.4+ takes the same approach with pushing audit security message events to external products/platforms. Using the OCSF message schema/format, 10.4+ can update external security and monitoring products and platforms in one standardized format. The result is far fewer headaches and much better security and reporting compliance for your IT staff.

The OCSF is a big deal for the following reasons:

  • Broad security partner Integration potential: The OCSF project was initiated by a partnership between Splunk and AWS, which built on the ICD Schema developed at Symantec—now part of Broadcom
  • There are now 15 additional members, including some of the biggest names in technology and cybersecurity: Cloudflare, CrowdStrike, DTEX, IBM Security, IronNet, JupiterOne, Okta, Palo Alto Networks, Rapid7, Salesforce, Securonix, Sumo Logic, Tanium, Trend Micro, and ZScaler
  • OCSF allows customers to avoid vendor lock-in by using a widely supported format

As a result, NetBackup 10.4+ users get the following benefits:

  • Three log push format options, with one option only usable at a time: generic NetBackup, OCSF, and Microsoft Sentinel Advanced Security Information (ASIM)
  • Simultaneous NetBackup and OCSF pull formats are also available, with one option only usable at a time
  • Security solutions that utilize the OCSF schema produce data in a consistent format. At the same time they accurately capture the full meaning and relevance of audit security message event information
  • OCSF helps security teams simplify the ingestion and exchange of data between security tools. This produces faster and more accurate threat detection and investigation
  • Security vendors and other data producers adopt and extend the OCSF schema for their specific domains

Make your event monitoring and maintenance a big win by upgrading to NetBackup 10.4+ today.

No RepliesBe the first to reply