Over the years, organizations have added countless point products for individual use cases. This has made the integration of these cybersecurity products an increasingly daunting challenge for organizations. Effective security architecture requires products to work together to share telemetry data, identify and remediate vulnerabilities, meet compliance demands and more.

Unfortunately, this is not happening — in fact, security complexity is now the biggest challenge for organizations, according to Forrester Research. As a result, security analysts are spending time on integrations, which can lead to them missing critical vulnerabilities.

How the Open Cybersecurity Alliance Helps With Security Complexity

To help clients address this problem, industry pioneers came together to foster the interoperability of security products based on open standards. Thus, the Open Cybersecurity Alliance (OCA) was formed in October 2019.

The purpose of the OCA is to develop and promote sets of open-source common content, code, tooling, patterns and practices to maximize interoperability and the sharing of data among cybersecurity tools. The aim is to simplify the integration of security technologies across the threat life cycle — from threat hunting and detection to analytics, operations and response — so that products can work together out of the box.

For enterprise users, this means:

  • Improving security visibility and the ability to discover new insights that might otherwise go unseen
  • Extracting more value from existing products and reducing vendor lock-in
  • Connecting data and sharing insights across products

OCA founders IBM Security and McAfee were joined in the initiative by Advanced Cyber Security Corp, Corsa, CyberArk, Cybereason, DFLabs, EclecticIQ, Fortinet, Indegy, New Context, ReversingLabs, SafeBreach, Syncurity, ThreatQuotient and Tufin.

Image: Open Cybersecurity Alliance launch in October 2019

Recent Developments From the Open Cybersecurity Alliance

Since launching, the Open Cybersecurity Alliance has been working diligently and has made strong progress on its mission in the last few months. Some recent developments include:

  • Availability of OpenDXL Ontology OpenDXL Ontology, the first open-source language for connecting cybersecurity tools through a common messaging framework, is now available. With open-source code freely available to the security community, OpenDXL Ontology enables any tool to automatically gain the ability to communicate and interoperate with all other technologies using this language. By eliminating the need for custom integrations between individual products, this release marks a major milestone in the OCA’s mission to drive greater interoperability across the security industry.
  • Industry collaboration on open standards — Governed under the auspices of OASIS, the OCA now includes more than 25 member organizations and has brought two major interoperability projects into the open-source realm, with OpenDXL Ontology (contributed by McAfee) and STIX Shifter (contributed by IBM Security) now available for cross-industry collaboration and development on GitHub. New members that have joined since the launch include Armis, Center for Internet Security, Cyber NB, Cydarm, Gigamon, Raytheon, Recorded Future, sFractal Consulting and Tripwire.
  • An ecosystem for future projects — The OCA has announced the formation of its Technical Steering Committee, including leaders from AT&T, IBM Security, McAfee, Packet Clearing House and Tripwire, who will drive the technical direction and development of the organization.

Complete details of these developments can be found in a recent press release issued by the OCA and this blog by Jason Keirstead, a member of the OCA Project Governing Board.

Why Open Security Is the Way Forward

Consider the scenario in which each of the vendors in an organization’s security infrastructure brings its own proprietary tooling and protocols. There would be no way to make sense of the important and ever-growing data available. The adoption of open source and open tooling facilitates the objectives of security teams and allows them to better respond to shifts in the cybersecurity landscape. Security expert Kelly Brazil has an interesting perspective on this, even comparing the work being done by the OCA to choreography.

As a co-leader of the Marketing Group of the OCA, I could not be more excited about the progress that we have made, and I’m optimistic about what the future holds. One of the key reasons for the success of this group is the adoption of open source. Since the OCA is formed under the auspices of OASIS, has involvement from pioneers of the security industry and has shown great progress in the last few months, we can safely say that the OCA is on the path of its mission to “integrate once, reuse everywhere.”

More from

Data never dies: The immortal battle of data privacy

4 min read - More than two hundred years ago, Benjamin Franklin said there is nothing certain but death and taxes. If Franklin were alive today, he would add one more certainty to his list: your digital profile. Between the data compiled and stored by employers, private businesses, government agencies and social media sites, the personal information of nearly every single individual is anywhere and everywhere. When someone dies, that data becomes the responsibility of the estate; but what happens to the privacy rights…

Vulnerability resolution enhanced by integrations

2 min read - Why speed is of the essence in today's cybersecurity landscape? How are you quickly achieving vulnerability resolution? Identifying vulnerabilities should be part of the daily process within an organization. It's an important piece of maintaining an organization’s security posture. However, the complicated nature of modern technologies — and the pace of change — often make vulnerability management a challenging task. In the past, many organizations had to support manual integration work to get different security systems to ‘talk’ to each…

How I got started: SIEM engineer

3 min read - As careers in cybersecurity become increasingly more specialized, Security Information and Event Management (SIEM) engineers are playing a more prominent role. These professionals are like forensic specialists but are also on the front lines protecting sensitive information from the relentless onslaught of cyber threats. SIEM engineers meticulously monitor, analyze and manage security events and incidents within an organization. They leverage SIEM tools to aggregate and correlate data, enabling them to detect anomalies, identify potential threats and respond swiftly to security…

Tequila OS 2.0: The first forensic Linux distribution in Latin America

3 min read - Incident response teams are stretched thin, and the threats are only intensifying. But new tools are helping bridge the gap for cybersecurity pros in Latin America. IBM Security X-Force Threat Intelligence Index 2023 found that 12% of the security incidents X-force responded to were in Latin America. In comparison, 31% were in the Asia-Pacific, followed by Europe with 28%, North America with 25% and the Middle East with 4%. In the Latin American region, Brazil had 67% of incidents that…