March 5, 2020 By Anshul Garg 3 min read

Over the years, organizations have added countless point products for individual use cases. This has made the integration of these cybersecurity products an increasingly daunting challenge for organizations. Effective security architecture requires products to work together to share telemetry data, identify and remediate vulnerabilities, meet compliance demands and more.

Unfortunately, this is not happening — in fact, security complexity is now the biggest challenge for organizations, according to Forrester Research. As a result, security analysts are spending time on integrations, which can lead to them missing critical vulnerabilities.

How the Open Cybersecurity Alliance Helps With Security Complexity

To help clients address this problem, industry pioneers came together to foster the interoperability of security products based on open standards. Thus, the Open Cybersecurity Alliance (OCA) was formed in October 2019.

The purpose of the OCA is to develop and promote sets of open-source common content, code, tooling, patterns and practices to maximize interoperability and the sharing of data among cybersecurity tools. The aim is to simplify the integration of security technologies across the threat life cycle — from threat hunting and detection to analytics, operations and response — so that products can work together out of the box.

For enterprise users, this means:

  • Improving security visibility and the ability to discover new insights that might otherwise go unseen
  • Extracting more value from existing products and reducing vendor lock-in
  • Connecting data and sharing insights across products

OCA founders IBM Security and McAfee were joined in the initiative by Advanced Cyber Security Corp, Corsa, CyberArk, Cybereason, DFLabs, EclecticIQ, Fortinet, Indegy, New Context, ReversingLabs, SafeBreach, Syncurity, ThreatQuotient and Tufin.

Image: Open Cybersecurity Alliance launch in October 2019

Recent Developments From the Open Cybersecurity Alliance

Since launching, the Open Cybersecurity Alliance has been working diligently and has made strong progress on its mission in the last few months. Some recent developments include:

  • Availability of OpenDXL Ontology OpenDXL Ontology, the first open-source language for connecting cybersecurity tools through a common messaging framework, is now available. With open-source code freely available to the security community, OpenDXL Ontology enables any tool to automatically gain the ability to communicate and interoperate with all other technologies using this language. By eliminating the need for custom integrations between individual products, this release marks a major milestone in the OCA’s mission to drive greater interoperability across the security industry.
  • Industry collaboration on open standards — Governed under the auspices of OASIS, the OCA now includes more than 25 member organizations and has brought two major interoperability projects into the open-source realm, with OpenDXL Ontology (contributed by McAfee) and STIX Shifter (contributed by IBM Security) now available for cross-industry collaboration and development on GitHub. New members that have joined since the launch include Armis, Center for Internet Security, Cyber NB, Cydarm, Gigamon, Raytheon, Recorded Future, sFractal Consulting and Tripwire.
  • An ecosystem for future projects — The OCA has announced the formation of its Technical Steering Committee, including leaders from AT&T, IBM Security, McAfee, Packet Clearing House and Tripwire, who will drive the technical direction and development of the organization.

Complete details of these developments can be found in a recent press release issued by the OCA and this blog by Jason Keirstead, a member of the OCA Project Governing Board.

Why Open Security Is the Way Forward

Consider the scenario in which each of the vendors in an organization’s security infrastructure brings its own proprietary tooling and protocols. There would be no way to make sense of the important and ever-growing data available. The adoption of open source and open tooling facilitates the objectives of security teams and allows them to better respond to shifts in the cybersecurity landscape. Security expert Kelly Brazil has an interesting perspective on this, even comparing the work being done by the OCA to choreography.

As a co-leader of the Marketing Group of the OCA, I could not be more excited about the progress that we have made, and I’m optimistic about what the future holds. One of the key reasons for the success of this group is the adoption of open source. Since the OCA is formed under the auspices of OASIS, has involvement from pioneers of the security industry and has shown great progress in the last few months, we can safely say that the OCA is on the path of its mission to “integrate once, reuse everywhere.”

More from

How to craft a comprehensive data cleanliness policy

3 min read - Practicing good data hygiene is critical for today’s businesses. With everything from operational efficiency to cybersecurity readiness relying on the integrity of stored data, having confidence in your organization’s data cleanliness policy is essential.But what does this involve, and how can you ensure your data cleanliness policy checks the right boxes? Luckily, there are practical steps you can follow to ensure data accuracy while mitigating the security and compliance risks that come with poor data hygiene.Understanding the 6 dimensions of…

2024 roundup: Top data breach stories and industry trends

3 min read - With 2025 on the horizon, it’s important to reflect on the developments and various setbacks that happened in cybersecurity this past year. While there have been many improvements in security technologies and growing awareness of emerging cybersecurity threats, 2024 was also a hard reminder that the ongoing fight against cyber criminals is far from over.We've summarized this past year's top five data breach stories and industry trends, with key takeaways from each that organizations should note going into the following…

Black Friday chaos: The return of Gozi malware

4 min read - On November 29th, 2024, Black Friday, shoppers flooded online stores to grab the best deals of the year. But while consumers were busy filling their carts, cyber criminals were also seizing the opportunity to exploit the shopping frenzy. Our system detected a significant surge in Gozi malware activity, targeting financial institutions across North America. The Black Friday connection Black Friday creates an ideal environment for cyber criminals to thrive. The combination of skyrocketing transaction volumes, a surge in online activity…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today