The number of vendors and products in the cybersecurity industry is skyrocketing. On average, according to ESG, organizations deploy 25 to 49 disparate security tools from up to 10 different providers. That makes for an overwhelming torrent of data and insights.
Right now, the industry is addressing this challenge with complex and costly integrations, often requiring end users to act as system integrators and developing connectors to those point products. However, we at IBM Security believe that what is truly needed to evolve is cross-industry collaboration on common, open-source code and practices that will enable tools to freely exchange information, insights, analytics and orchestrated response. This is the mission of the Open Cybersecurity Alliance.
Introducing: The Open Cybersecurity Alliance
The Open Cybersecurity Alliance (OCA) project, an OASIS Open Project with IBM Security and McAfee as the initial contributors, is comprised of global, like-minded cybersecurity vendors, end users, thought leaders and individuals from around the world who are interested in fostering an open cybersecurity ecosystem and solving the interoperability problem. This would be done via commonly developed code and tooling, using mutually agreed-upon technologies, standards and procedures.
The focus of the OCA project is data interchange within cybersecurity operations over the threat management life cycle, including threat hunting and detection, analytics, operations and response. Our initial projects are OpenDXL Ontology, which will be utilized to facilitate data interchange, and STIX Shifter, which will be used to federate data. Additional projects will be decided upon by the Open Cybersecurity Alliance’s Project Governing Board (PGB).
Projects will often utilize and/or interoperate with complementary standards, such as STIX and OpenC2. OCA project deliverables may evolve into OASIS Standards, depending on the wishes of the OCA community.
The OCA project considers out of scope at this time the initial creation and curation of threat intelligence for sharing purposes (for example, threat intelligence platforms), as projects in these domains are more aligned with other initiatives at OASIS.
Which Organizations Are Part of This Alliance?
The following organizations sponsor the Open Cybersecurity Alliance at the time of this announcement. There are active discussions with other organizations, which may join post-launch.
What Are the Benefits for End Users?
End user organizations have consistently wanted to be able to integrate best-of-breed products and solutions into their operational environments with minimal effort and time. However, they have been unable to because of the lack of real interoperability at the communications and data levels. For end users, the inability to properly optimize and extract value from existing tool chains often leads to attempts to re-solve problems that have been already solved in other cyber domains — simply because clients do not realize a solution already exists due to failure to interoperate and extract that value.
This can lead to the unnecessary procurement of new tools to replace functions that already exist in current tools, but are being underutilized — exponentially exasperating the problem of too many nonintegrated tools in their environments. Further, poor integration can also lead to missing critical insights and findings that would have otherwise been detected if the tools were more well-integrated.
A second benefit to end users is reduction of vendor lock-in, as more tools in the cybersecurity operations ecosystem implement their integrations using OCA tooling and standards. The choice of which tools to integrate can now be placed in the hands of the end user, rather than waiting for vendors to strike agreements with one another.
Benefits for Vendors
For vendors, the ability to integrate cybersecurity products with multiple vendors using one common set of communication capabilities and tooling will greatly reduce the expense of engineering resources spent on integration. Easy integration also mitigates the problem of having to be too selective and narrow in focus when it comes to choosing which vendor technologies to integrate with. Resources previously spent on integrations can then be redeployed to other parts of the product pipeline, enabling higher value functionality to be developed in the products.
To learn more, visit the OCA website.
Watch a replay of the launch webinar
Chief Architect, IBM Security Threat Management and OASIS Board of Directors member