October 8, 2019 By Jason Keirstead 3 min read

The number of vendors and products in the cybersecurity industry is skyrocketing. On average, according to ESG, organizations deploy 25 to 49 disparate security tools from up to 10 different providers. That makes for an overwhelming torrent of data and insights.

Right now, the industry is addressing this challenge with complex and costly integrations, often requiring end users to act as system integrators and developing connectors to those point products. However, we at IBM Security believe that what is truly needed to evolve is cross-industry collaboration on common, open-source code and practices that will enable tools to freely exchange information, insights, analytics and orchestrated response. This is the mission of the Open Cybersecurity Alliance.

Introducing: The Open Cybersecurity Alliance

The Open Cybersecurity Alliance (OCA) project, an OASIS Open Project with IBM Security and McAfee as the initial contributors, is comprised of global, like-minded cybersecurity vendors, end users, thought leaders and individuals from around the world who are interested in fostering an open cybersecurity ecosystem and solving the interoperability problem. This would be done via commonly developed code and tooling, using mutually agreed-upon technologies, standards and procedures.

The focus of the OCA project is data interchange within cybersecurity operations over the threat management life cycle, including threat hunting and detection, analytics, operations and response. Our initial projects are OpenDXL Ontology, which will be utilized to facilitate data interchange, and STIX Shifter, which will be used to federate data. Additional projects will be decided upon by the Open Cybersecurity Alliance’s Project Governing Board (PGB).

Projects will often utilize and/or interoperate with complementary standards, such as STIX and OpenC2. OCA project deliverables may evolve into OASIS Standards, depending on the wishes of the OCA community.

The OCA project considers out of scope at this time the initial creation and curation of threat intelligence for sharing purposes (for example, threat intelligence platforms), as projects in these domains are more aligned with other initiatives at OASIS.

Which Organizations Are Part of This Alliance?

The following organizations sponsor the Open Cybersecurity Alliance at the time of this announcement. There are active discussions with other organizations, which may join post-launch.

What Are the Benefits for End Users?

End user organizations have consistently wanted to be able to integrate best-of-breed products and solutions into their operational environments with minimal effort and time. However, they have been unable to because of the lack of real interoperability at the communications and data levels. For end users, the inability to properly optimize and extract value from existing tool chains often leads to attempts to re-solve problems that have been already solved in other cyber domains — simply because clients do not realize a solution already exists due to failure to interoperate and extract that value.

This can lead to the unnecessary procurement of new tools to replace functions that already exist in current tools, but are being underutilized — exponentially exasperating the problem of too many nonintegrated tools in their environments. Further, poor integration can also lead to missing critical insights and findings that would have otherwise been detected if the tools were more well-integrated.

A second benefit to end users is reduction of vendor lock-in, as more tools in the cybersecurity operations ecosystem implement their integrations using OCA tooling and standards. The choice of which tools to integrate can now be placed in the hands of the end user, rather than waiting for vendors to strike agreements with one another.

Benefits for Vendors

For vendors, the ability to integrate cybersecurity products with multiple vendors using one common set of communication capabilities and tooling will greatly reduce the expense of engineering resources spent on integration. Easy integration also mitigates the problem of having to be too selective and narrow in focus when it comes to choosing which vendor technologies to integrate with. Resources previously spent on integrations can then be redeployed to other parts of the product pipeline, enabling higher value functionality to be developed in the products.

To learn more, visit the OCA website.

Watch a replay of the launch webinar

More from

Cybersecurity dominates concerns among the C-suite, small businesses and the nation

4 min read - Once relegated to the fringes of business operations, cybersecurity has evolved into a front-and-center concern for organizations worldwide. What was once considered a technical issue managed by IT departments has become a boardroom topic of utmost importance. With the rise of sophisticated cyberattacks, the growing use of generative AI by threat actors and massive data breach costs, it is no longer a question of whether cybersecurity matters but how deeply it affects every facet of modern operations.The 2024 Allianz Risk…

Autonomous security for cloud in AWS: Harnessing the power of AI for a secure future

3 min read - As the digital world evolves, businesses increasingly rely on cloud solutions to store data, run operations and manage applications. However, with this growth comes the challenge of ensuring that cloud environments remain secure and compliant with ever-changing regulations. This is where the idea of autonomous security for cloud (ASC) comes into play.Security and compliance aren't just technical buzzwords; they are crucial for businesses of all sizes. With data breaches and cyber threats on the rise, having systems that ensure your…

Adversarial advantage: Using nation-state threat analysis to strengthen U.S. cybersecurity

4 min read - Nation-state adversaries are changing their approach, pivoting from data destruction to prioritizing stealth and espionage. According to the Microsoft 2023 Digital Defense Report, "nation-state attackers are increasing their investments and launching more sophisticated cyberattacks to evade detection and achieve strategic priorities."These actors pose a critical threat to United States infrastructure and protected data, and compromising either resource could put citizens at risk.Thankfully, there's an upside to these malicious efforts: information. By analyzing nation-state tactics, government agencies and private enterprises are…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today