The number of vendors and products in the cybersecurity industry is skyrocketing. On average, according to ESG, organizations deploy 25 to 49 disparate security tools from up to 10 different providers. That makes for an overwhelming torrent of data and insights.

Right now, the industry is addressing this challenge with complex and costly integrations, often requiring end users to act as system integrators and developing connectors to those point products. However, we at IBM Security believe that what is truly needed to evolve is cross-industry collaboration on common, open-source code and practices that will enable tools to freely exchange information, insights, analytics and orchestrated response. This is the mission of the Open Cybersecurity Alliance.

Introducing: The Open Cybersecurity Alliance

The Open Cybersecurity Alliance (OCA) project, an OASIS Open Project with IBM Security and McAfee as the initial contributors, is comprised of global, like-minded cybersecurity vendors, end users, thought leaders and individuals from around the world who are interested in fostering an open cybersecurity ecosystem and solving the interoperability problem. This would be done via commonly developed code and tooling, using mutually agreed-upon technologies, standards and procedures.

The focus of the OCA project is data interchange within cybersecurity operations over the threat management life cycle, including threat hunting and detection, analytics, operations and response. Our initial projects are OpenDXL Ontology, which will be utilized to facilitate data interchange, and STIX Shifter, which will be used to federate data. Additional projects will be decided upon by the Open Cybersecurity Alliance’s Project Governing Board (PGB).

Projects will often utilize and/or interoperate with complementary standards, such as STIX and OpenC2. OCA project deliverables may evolve into OASIS Standards, depending on the wishes of the OCA community.

The OCA project considers out of scope at this time the initial creation and curation of threat intelligence for sharing purposes (for example, threat intelligence platforms), as projects in these domains are more aligned with other initiatives at OASIS.

Which Organizations Are Part of This Alliance?

The following organizations sponsor the Open Cybersecurity Alliance at the time of this announcement. There are active discussions with other organizations, which may join post-launch.

What Are the Benefits for End Users?

End user organizations have consistently wanted to be able to integrate best-of-breed products and solutions into their operational environments with minimal effort and time. However, they have been unable to because of the lack of real interoperability at the communications and data levels. For end users, the inability to properly optimize and extract value from existing tool chains often leads to attempts to re-solve problems that have been already solved in other cyber domains — simply because clients do not realize a solution already exists due to failure to interoperate and extract that value.

This can lead to the unnecessary procurement of new tools to replace functions that already exist in current tools, but are being underutilized — exponentially exasperating the problem of too many nonintegrated tools in their environments. Further, poor integration can also lead to missing critical insights and findings that would have otherwise been detected if the tools were more well-integrated.

A second benefit to end users is reduction of vendor lock-in, as more tools in the cybersecurity operations ecosystem implement their integrations using OCA tooling and standards. The choice of which tools to integrate can now be placed in the hands of the end user, rather than waiting for vendors to strike agreements with one another.

Benefits for Vendors

For vendors, the ability to integrate cybersecurity products with multiple vendors using one common set of communication capabilities and tooling will greatly reduce the expense of engineering resources spent on integration. Easy integration also mitigates the problem of having to be too selective and narrow in focus when it comes to choosing which vendor technologies to integrate with. Resources previously spent on integrations can then be redeployed to other parts of the product pipeline, enabling higher value functionality to be developed in the products.

To learn more, visit the OCA website.

Watch a replay of the launch webinar

More from

Worms of Wisdom: How WannaCry Shapes Cybersecurity Today

WannaCry wasn't a particularly complex or innovative ransomware attack. What made it unique, however, was its rapid spread. Using the EternalBlue exploit, malware could quickly move from device to device, leveraging a flaw in the Microsoft Windows Server Message Block (SMB) protocol. As a result, when the WannaCry "ransomworm" hit networks in 2017, it expanded to wreak havoc on high-profile systems worldwide. While the discovery of a "kill switch" in the code blunted the spread of the attack and newly…

Emotional Blowback: Dealing With Post-Incident Stress

Cyberattacks are on the rise as adversaries find new ways of creating chaos and increasing profits. Attacks evolve constantly and often involve real-world consequences. The growing criminal Software-as-a-Service enterprise puts ready-made tools in the hands of threat actors who can use them against the software supply chain and other critical systems. And then there's the threat of nation-state attacks, with major incidents reported every month and no sign of them slowing. Amidst these growing concerns, cybersecurity professionals continue to report…

RansomExx Upgrades to Rust

IBM Security X-Force Threat Researchers have discovered a new variant of the RansomExx ransomware that has been rewritten in the Rust programming language, joining a growing trend of ransomware developers switching to the language. Malware written in Rust often benefits from lower AV detection rates (compared to those written in more common languages) and this may have been the primary reason to use the language. For example, the sample analyzed in this report was not detected as malicious in the…

Why Operational Technology Security Cannot Be Avoided

Operational technology (OT) includes any hardware and software that directly monitors and controls industrial equipment and all its assets, processes and events to detect or initiate a change. Yet despite occupying a critical role in a large number of essential industries, OT security is also uniquely vulnerable to attack. From power grids to nuclear plants, attacks on OT systems have caused devastating work interruptions and physical damage in industries across the globe. In fact, cyberattacks with OT targets have substantially…