October 8, 2019 By Jason Keirstead 3 min read

The number of vendors and products in the cybersecurity industry is skyrocketing. On average, according to ESG, organizations deploy 25 to 49 disparate security tools from up to 10 different providers. That makes for an overwhelming torrent of data and insights.

Right now, the industry is addressing this challenge with complex and costly integrations, often requiring end users to act as system integrators and developing connectors to those point products. However, we at IBM Security believe that what is truly needed to evolve is cross-industry collaboration on common, open-source code and practices that will enable tools to freely exchange information, insights, analytics and orchestrated response. This is the mission of the Open Cybersecurity Alliance.

Introducing: The Open Cybersecurity Alliance

The Open Cybersecurity Alliance (OCA) project, an OASIS Open Project with IBM Security and McAfee as the initial contributors, is comprised of global, like-minded cybersecurity vendors, end users, thought leaders and individuals from around the world who are interested in fostering an open cybersecurity ecosystem and solving the interoperability problem. This would be done via commonly developed code and tooling, using mutually agreed-upon technologies, standards and procedures.

The focus of the OCA project is data interchange within cybersecurity operations over the threat management life cycle, including threat hunting and detection, analytics, operations and response. Our initial projects are OpenDXL Ontology, which will be utilized to facilitate data interchange, and STIX Shifter, which will be used to federate data. Additional projects will be decided upon by the Open Cybersecurity Alliance’s Project Governing Board (PGB).

Projects will often utilize and/or interoperate with complementary standards, such as STIX and OpenC2. OCA project deliverables may evolve into OASIS Standards, depending on the wishes of the OCA community.

The OCA project considers out of scope at this time the initial creation and curation of threat intelligence for sharing purposes (for example, threat intelligence platforms), as projects in these domains are more aligned with other initiatives at OASIS.

Which Organizations Are Part of This Alliance?

The following organizations sponsor the Open Cybersecurity Alliance at the time of this announcement. There are active discussions with other organizations, which may join post-launch.

What Are the Benefits for End Users?

End user organizations have consistently wanted to be able to integrate best-of-breed products and solutions into their operational environments with minimal effort and time. However, they have been unable to because of the lack of real interoperability at the communications and data levels. For end users, the inability to properly optimize and extract value from existing tool chains often leads to attempts to re-solve problems that have been already solved in other cyber domains — simply because clients do not realize a solution already exists due to failure to interoperate and extract that value.

This can lead to the unnecessary procurement of new tools to replace functions that already exist in current tools, but are being underutilized — exponentially exasperating the problem of too many nonintegrated tools in their environments. Further, poor integration can also lead to missing critical insights and findings that would have otherwise been detected if the tools were more well-integrated.

A second benefit to end users is reduction of vendor lock-in, as more tools in the cybersecurity operations ecosystem implement their integrations using OCA tooling and standards. The choice of which tools to integrate can now be placed in the hands of the end user, rather than waiting for vendors to strike agreements with one another.

Benefits for Vendors

For vendors, the ability to integrate cybersecurity products with multiple vendors using one common set of communication capabilities and tooling will greatly reduce the expense of engineering resources spent on integration. Easy integration also mitigates the problem of having to be too selective and narrow in focus when it comes to choosing which vendor technologies to integrate with. Resources previously spent on integrations can then be redeployed to other parts of the product pipeline, enabling higher value functionality to be developed in the products.

To learn more, visit the OCA website.

Watch a replay of the launch webinar

More from

How will the Merck settlement affect the insurance industry?

3 min read - A major shift in how cyber insurance works started with an attack on the pharmaceutical giant Merck. Or did it start somewhere else?In June 2017, the NotPetya incident hit some 40,000 Merck computers, destroying data and forcing a months-long recovery process. The attack affected thousands of multinational companies, including Mondelēz and Maersk. In total, the malware caused roughly $10 billion in damage.NotPetya malware exploited two Windows vulnerabilities: EternalBlue, a digital skeleton key leaked from the NSA, and Mimikatz, an exploit…

3 Strategies to overcome data security challenges in 2024

3 min read - There are over 17 billion internet-connected devices in the world — and experts expect that number will surge to almost 30 billion by 2030.This rapidly growing digital ecosystem makes it increasingly challenging to protect people’s privacy. Attackers only need to be right once to seize databases of personally identifiable information (PII), including payment card information, addresses, phone numbers and Social Security numbers.In addition to the ever-present cybersecurity threats, data security teams must consider the growing list of data compliance laws…

ICS CERT predictions for 2024: What you need to know

4 min read - As we work through the first quarter of 2024, various sectors are continuously adapting to increasingly complex cybersecurity threats. Sectors like healthcare, finance, energy and transportation are all regularly widening their digital infrastructure, resulting in larger attack surfaces and greater risk exposure.Kaspersky just released their ICS CERT Predictions for this year, outlining the key cybersecurity challenges industrial enterprises will face in the year ahead. The forecasts emphasize the persistent nature of ransomware threats, the increasing prevalence of cosmopolitical hacktivism, insights…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today