March 5, 2020 By Anshul Garg 3 min read

Over the years, organizations have added countless point products for individual use cases. This has made the integration of these cybersecurity products an increasingly daunting challenge for organizations. Effective security architecture requires products to work together to share telemetry data, identify and remediate vulnerabilities, meet compliance demands and more.

Unfortunately, this is not happening — in fact, security complexity is now the biggest challenge for organizations, according to Forrester Research. As a result, security analysts are spending time on integrations, which can lead to them missing critical vulnerabilities.

How the Open Cybersecurity Alliance Helps With Security Complexity

To help clients address this problem, industry pioneers came together to foster the interoperability of security products based on open standards. Thus, the Open Cybersecurity Alliance (OCA) was formed in October 2019.

The purpose of the OCA is to develop and promote sets of open-source common content, code, tooling, patterns and practices to maximize interoperability and the sharing of data among cybersecurity tools. The aim is to simplify the integration of security technologies across the threat life cycle — from threat hunting and detection to analytics, operations and response — so that products can work together out of the box.

For enterprise users, this means:

  • Improving security visibility and the ability to discover new insights that might otherwise go unseen
  • Extracting more value from existing products and reducing vendor lock-in
  • Connecting data and sharing insights across products

OCA founders IBM Security and McAfee were joined in the initiative by Advanced Cyber Security Corp, Corsa, CyberArk, Cybereason, DFLabs, EclecticIQ, Fortinet, Indegy, New Context, ReversingLabs, SafeBreach, Syncurity, ThreatQuotient and Tufin.

Image: Open Cybersecurity Alliance launch in October 2019

Recent Developments From the Open Cybersecurity Alliance

Since launching, the Open Cybersecurity Alliance has been working diligently and has made strong progress on its mission in the last few months. Some recent developments include:

  • Availability of OpenDXL Ontology OpenDXL Ontology, the first open-source language for connecting cybersecurity tools through a common messaging framework, is now available. With open-source code freely available to the security community, OpenDXL Ontology enables any tool to automatically gain the ability to communicate and interoperate with all other technologies using this language. By eliminating the need for custom integrations between individual products, this release marks a major milestone in the OCA’s mission to drive greater interoperability across the security industry.
  • Industry collaboration on open standards — Governed under the auspices of OASIS, the OCA now includes more than 25 member organizations and has brought two major interoperability projects into the open-source realm, with OpenDXL Ontology (contributed by McAfee) and STIX Shifter (contributed by IBM Security) now available for cross-industry collaboration and development on GitHub. New members that have joined since the launch include Armis, Center for Internet Security, Cyber NB, Cydarm, Gigamon, Raytheon, Recorded Future, sFractal Consulting and Tripwire.
  • An ecosystem for future projects — The OCA has announced the formation of its Technical Steering Committee, including leaders from AT&T, IBM Security, McAfee, Packet Clearing House and Tripwire, who will drive the technical direction and development of the organization.

Complete details of these developments can be found in a recent press release issued by the OCA and this blog by Jason Keirstead, a member of the OCA Project Governing Board.

Why Open Security Is the Way Forward

Consider the scenario in which each of the vendors in an organization’s security infrastructure brings its own proprietary tooling and protocols. There would be no way to make sense of the important and ever-growing data available. The adoption of open source and open tooling facilitates the objectives of security teams and allows them to better respond to shifts in the cybersecurity landscape. Security expert Kelly Brazil has an interesting perspective on this, even comparing the work being done by the OCA to choreography.

As a co-leader of the Marketing Group of the OCA, I could not be more excited about the progress that we have made, and I’m optimistic about what the future holds. One of the key reasons for the success of this group is the adoption of open source. Since the OCA is formed under the auspices of OASIS, has involvement from pioneers of the security industry and has shown great progress in the last few months, we can safely say that the OCA is on the path of its mission to “integrate once, reuse everywhere.”

More from

Crisis communication: What NOT to do

4 min read - Read the 1st blog in this series, Cybersecurity crisis communication: What to doWhen an organization experiences a cyberattack, tensions are high, customers are concerned and the business is typically not operating at full capacity. Every move you make at this point makes a difference to your company’s future, and even a seemingly small mistake can cause permanent reputational damage.Because of the stress and many moving parts that are involved, businesses often fall short when it comes to communication in a crisis.…

The future of cybersecurity: What to expect at Black Hat 2024

3 min read - The cybersecurity landscape continues to evolve at a breakneck pace. New threats emerge daily, and the stakes have never been higher, especially as artificial intelligence (AI) is infused into every aspect of business. As security and business leaders, it's crucial to stay ahead of the curve and ensure your organization is equipped to handle the ever-changing threat landscape. For over two decades, Black Hat has been the premier gathering of cybersecurity professionals, providing a platform for experts to share knowledge,…

Recent CrowdStrike outage: What you should know

3 min read - On Friday, July 19, 2024, nearly 8.5 million Microsoft devices were affected by a faulty system update, causing a major outage of businesses and services worldwide. This equates to nearly 1% of all Microsoft systems globally and has led to significant disruptions to airlines, police departments, banks, hospitals, emergency call centers and hundreds of thousands of other private and public businesses. What caused this outage in Microsoft systems? The global outage of specific Microsoft-enabled systems and servers was isolated to…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today