October 8, 2019 By Jason Keirstead 3 min read

The number of vendors and products in the cybersecurity industry is skyrocketing. On average, according to ESG, organizations deploy 25 to 49 disparate security tools from up to 10 different providers. That makes for an overwhelming torrent of data and insights.

Right now, the industry is addressing this challenge with complex and costly integrations, often requiring end users to act as system integrators and developing connectors to those point products. However, we at IBM Security believe that what is truly needed to evolve is cross-industry collaboration on common, open-source code and practices that will enable tools to freely exchange information, insights, analytics and orchestrated response. This is the mission of the Open Cybersecurity Alliance.

Introducing: The Open Cybersecurity Alliance

The Open Cybersecurity Alliance (OCA) project, an OASIS Open Project with IBM Security and McAfee as the initial contributors, is comprised of global, like-minded cybersecurity vendors, end users, thought leaders and individuals from around the world who are interested in fostering an open cybersecurity ecosystem and solving the interoperability problem. This would be done via commonly developed code and tooling, using mutually agreed-upon technologies, standards and procedures.

The focus of the OCA project is data interchange within cybersecurity operations over the threat management life cycle, including threat hunting and detection, analytics, operations and response. Our initial projects are OpenDXL Ontology, which will be utilized to facilitate data interchange, and STIX Shifter, which will be used to federate data. Additional projects will be decided upon by the Open Cybersecurity Alliance’s Project Governing Board (PGB).

Projects will often utilize and/or interoperate with complementary standards, such as STIX and OpenC2. OCA project deliverables may evolve into OASIS Standards, depending on the wishes of the OCA community.

The OCA project considers out of scope at this time the initial creation and curation of threat intelligence for sharing purposes (for example, threat intelligence platforms), as projects in these domains are more aligned with other initiatives at OASIS.

Which Organizations Are Part of This Alliance?

The following organizations sponsor the Open Cybersecurity Alliance at the time of this announcement. There are active discussions with other organizations, which may join post-launch.

What Are the Benefits for End Users?

End user organizations have consistently wanted to be able to integrate best-of-breed products and solutions into their operational environments with minimal effort and time. However, they have been unable to because of the lack of real interoperability at the communications and data levels. For end users, the inability to properly optimize and extract value from existing tool chains often leads to attempts to re-solve problems that have been already solved in other cyber domains — simply because clients do not realize a solution already exists due to failure to interoperate and extract that value.

This can lead to the unnecessary procurement of new tools to replace functions that already exist in current tools, but are being underutilized — exponentially exasperating the problem of too many nonintegrated tools in their environments. Further, poor integration can also lead to missing critical insights and findings that would have otherwise been detected if the tools were more well-integrated.

A second benefit to end users is reduction of vendor lock-in, as more tools in the cybersecurity operations ecosystem implement their integrations using OCA tooling and standards. The choice of which tools to integrate can now be placed in the hands of the end user, rather than waiting for vendors to strike agreements with one another.

Benefits for Vendors

For vendors, the ability to integrate cybersecurity products with multiple vendors using one common set of communication capabilities and tooling will greatly reduce the expense of engineering resources spent on integration. Easy integration also mitigates the problem of having to be too selective and narrow in focus when it comes to choosing which vendor technologies to integrate with. Resources previously spent on integrations can then be redeployed to other parts of the product pipeline, enabling higher value functionality to be developed in the products.

To learn more, visit the OCA website.

Watch a replay of the launch webinar

More from

Cyberattack on American Water: A warning to critical infrastructure

3 min read - American Water, the largest publicly traded United States water and wastewater utility, recently experienced a cybersecurity incident that forced the company to disconnect key systems, including its customer billing platform. As the company’s investigation continues, there are growing concerns about the vulnerabilities that persist in the water sector, which has increasingly become a target for cyberattacks. The breach is a stark reminder of the critical infrastructure risks that have long plagued the industry. While the water utility has confirmed that…

What’s behind unchecked CVE proliferation, and what to do about it

4 min read - The volume of Common Vulnerabilities and Exposures (CVEs) has reached staggering levels, placing immense pressure on organizations' cyber defenses. According to SecurityScorecard, there were 29,000 vulnerabilities recorded in 2023, and by mid-2024, nearly 27,500 had already been identified.Meanwhile, Coalition's 2024 Cyber Threat Index forecasts that the total number of CVEs for 2024 will hit 34,888—a 25% increase compared to the previous year. This upward trend presents a significant challenge for organizations trying to manage vulnerabilities and mitigate potential exploits.What’s behind…

Quishing: A growing threat hiding in plain sight

4 min read - Our mobile devices go everywhere we go, and we can use them for almost anything. For businesses, the accessibility of mobile devices has also made it easier to create more interactive ways to introduce new products and services while improving user experiences across different industries. Quick-response (QR) codes are a good example of this in action and help mobile devices quickly navigate to web pages or install new software by simply scanning an image.However, legitimate organizations aren’t the only ones…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today