Over the years, organizations have added countless point products for individual use cases. This has made the integration of these cybersecurity products an increasingly daunting challenge for organizations. Effective security architecture requires products to work together to share telemetry data, identify and remediate vulnerabilities, meet compliance demands and more.

Unfortunately, this is not happening — in fact, security complexity is now the biggest challenge for organizations, according to Forrester Research. As a result, security analysts are spending time on integrations, which can lead to them missing critical vulnerabilities.

How the Open Cybersecurity Alliance Helps With Security Complexity

To help clients address this problem, industry pioneers came together to foster the interoperability of security products based on open standards. Thus, the Open Cybersecurity Alliance (OCA) was formed in October 2019.

The purpose of the OCA is to develop and promote sets of open-source common content, code, tooling, patterns and practices to maximize interoperability and the sharing of data among cybersecurity tools. The aim is to simplify the integration of security technologies across the threat life cycle — from threat hunting and detection to analytics, operations and response — so that products can work together out of the box.

For enterprise users, this means:

  • Improving security visibility and the ability to discover new insights that might otherwise go unseen
  • Extracting more value from existing products and reducing vendor lock-in
  • Connecting data and sharing insights across products

OCA founders IBM Security and McAfee were joined in the initiative by Advanced Cyber Security Corp, Corsa, CyberArk, Cybereason, DFLabs, EclecticIQ, Fortinet, Indegy, New Context, ReversingLabs, SafeBreach, Syncurity, ThreatQuotient and Tufin.

Image: Open Cybersecurity Alliance launch in October 2019

Recent Developments From the Open Cybersecurity Alliance

Since launching, the Open Cybersecurity Alliance has been working diligently and has made strong progress on its mission in the last few months. Some recent developments include:

  • Availability of OpenDXL Ontology OpenDXL Ontology, the first open-source language for connecting cybersecurity tools through a common messaging framework, is now available. With open-source code freely available to the security community, OpenDXL Ontology enables any tool to automatically gain the ability to communicate and interoperate with all other technologies using this language. By eliminating the need for custom integrations between individual products, this release marks a major milestone in the OCA’s mission to drive greater interoperability across the security industry.
  • Industry collaboration on open standards — Governed under the auspices of OASIS, the OCA now includes more than 25 member organizations and has brought two major interoperability projects into the open-source realm, with OpenDXL Ontology (contributed by McAfee) and STIX Shifter (contributed by IBM Security) now available for cross-industry collaboration and development on GitHub. New members that have joined since the launch include Armis, Center for Internet Security, Cyber NB, Cydarm, Gigamon, Raytheon, Recorded Future, sFractal Consulting and Tripwire.
  • An ecosystem for future projects — The OCA has announced the formation of its Technical Steering Committee, including leaders from AT&T, IBM Security, McAfee, Packet Clearing House and Tripwire, who will drive the technical direction and development of the organization.

Complete details of these developments can be found in a recent press release issued by the OCA and this blog by Jason Keirstead, a member of the OCA Project Governing Board.

Why Open Security Is the Way Forward

Consider the scenario in which each of the vendors in an organization’s security infrastructure brings its own proprietary tooling and protocols. There would be no way to make sense of the important and ever-growing data available. The adoption of open source and open tooling facilitates the objectives of security teams and allows them to better respond to shifts in the cybersecurity landscape. Security expert Kelly Brazil has an interesting perspective on this, even comparing the work being done by the OCA to choreography.

As a co-leader of the Marketing Group of the OCA, I could not be more excited about the progress that we have made, and I’m optimistic about what the future holds. One of the key reasons for the success of this group is the adoption of open source. Since the OCA is formed under the auspices of OASIS, has involvement from pioneers of the security industry and has shown great progress in the last few months, we can safely say that the OCA is on the path of its mission to “integrate once, reuse everywhere.”

More from

Emotional Blowback: Dealing With Post-Incident Stress

Cyberattacks are on the rise as adversaries find new ways of creating chaos and increasing profits. Attacks evolve constantly and often involve real-world consequences. The growing criminal Software-as-a-Service enterprise puts ready-made tools in the hands of threat actors who can use them against the software supply chain and other critical systems. And then there's the threat of nation-state attacks, with major incidents reported every month and no sign of them slowing. Amidst these growing concerns, cybersecurity professionals continue to report…

RansomExx Upgrades to Rust

IBM Security X-Force Threat Researchers have discovered a new variant of the RansomExx ransomware that has been rewritten in the Rust programming language, joining a growing trend of ransomware developers switching to the language. Malware written in Rust often benefits from lower AV detection rates (compared to those written in more common languages) and this may have been the primary reason to use the language. For example, the sample analyzed in this report was not detected as malicious in the…

Why Operational Technology Security Cannot Be Avoided

Operational technology (OT) includes any hardware and software that directly monitors and controls industrial equipment and all its assets, processes and events to detect or initiate a change. Yet despite occupying a critical role in a large number of essential industries, OT security is also uniquely vulnerable to attack. From power grids to nuclear plants, attacks on OT systems have caused devastating work interruptions and physical damage in industries across the globe. In fact, cyberattacks with OT targets have substantially…

Resilient Companies Have a Disaster Recovery Plan

Historically, disaster recovery (DR) planning focused on protection against unlikely events such as fires, floods and natural disasters. Some companies mistakenly view DR as an insurance policy for which the likelihood of a claim is low. With the current financial and economic pressures, cutting or underfunding DR planning is a tempting prospect for many organizations. That impulse could be costly. Unfortunately, many companies have adopted newer technology delivery models without DR in mind, such as Cloud Infrastructure-as-a-Service (IaaS), Software-as-a-Service (SaaS)…