WASHINGTON, DC -- Cyber Domain Ontology, a project dedicated to developing and promoting the adoption of a community-developed ecosystem for standardized information representation across the cyber domain, today announced the release of a cyber standard to increase the efficiency and effectiveness of cybersecurity and cyber-investigation operations.
To combat cybercrimes and cybersecurity incidents effectively, it is essential to advance automated correlation across diverse data sources and intelligent analysis of structured information. This can be enabled using a shared smart "cyber language" to express and exchange information. To this end, the release of CASE/UCO version 1.0.0 in August 2022 provides a stable foundation for interoperability and advanced analysis across a broad range of cyber domains, including digital forensics, incident response, cyber risk management, computer/network protection, supply chain security, and threat intelligence.
Organizations around the world are adopting CASE/UCO, and developers are adding CASE/UCO support to their digital investigation tools, including MSAB. The automated normalization and combination of multiple data sources create new opportunities for correlation and investigative intelligence, as already demonstrated by Siren.io. Responding to cyber attacks and investigating cyber crimes often involves multiple organizations, sometimes in different countries. To avoid miscommunication and missed opportunities, they need a common cyber language to share information in a manner that maintains its meaning and context.
“Automated correlation and analysis of data from multiple sources depend on a common language, even within a single organization with diverse security systems or an investigation involving multiple sources of digital evidence,” said Eoghan Casey, Chair of the Technical Steering Committee that oversees CASE and UCO. “In a cyber security context, feeding the findings from EDR and XDR systems into automated incident response and digital forensic processes while maintaining provenance helps organizations analyze and resolve problems more quickly and comprehensively at a lower cost. In a cybercrime context, exporting evidence from various tools into a single standardized repository while maintaining provenance helps agencies conduct investigations more efficiently while maintaining quality.”
The power of CASE/UCO is that it provides a common language to support automated normalization, combination, and validation of varied information sources to facilitate analysis and exploration of investigative questions (who, when, how long, where). Systems that support CASE/UCO facilitate the correlation of differing data sources and exploration of investigative questions, giving analysts a more comprehensive and cohesive view of available information, and opening new opportunities for searching, pivoting, contextual analysis, pattern recognition, machine learning, and visualization.
“Widespread adoption of this shared cyber language is essential to create a culture of common comprehension and collaborative problem solving across cyber-investigation domains, including corporate cyber security, criminal investigations, and intelligence operations,” Casey says.
CASE/UCO is vital to streamlining the exchange of information in day-to-day cybersecurity and cyber-investigation operations. The language also facilitates data mining and machine learning by providing a structured representation and processing digital traces. CASE/UCO ensures traceability throughout the treatment of data and keeps track of associated contextual information including when, where, and who used which tools to perform investigative actions on data sources. In addition, CASE/UCO supports data marking for sharing information at different levels of trust and classification, and for protecting sensitive and private information.
Development of CASE (Cyber-investigation Analysis Standard Expression) and UCO (Unified Cyber Ontology) began in 2014. In 2021, in response to international interest, this initiative became an open-source standard under the Linux Foundation, with hundreds of participants in the industry, government, and academia around the globe. Virtually all innovative digital companies are members of this foundation, which assists with innovative open-source projects. Today, over 50 organizations from some 20 countries are involved in the development and implementation of CASE/UCO, including government agencies, businesses, and universities.
The project welcomes anyone interested in improving the possibilities for responding to cyber-attacks and crimes involving digital evidence. For more information, visit https://cyberdomainontology.org.
SOURCE: Cyber Domain Ontology
Copyright 2023 EZ Newswire