Eighteen leading cybersecurity companies say they are teaming up to improve cross-product interoperability – an unusual alliance for a highly competitive market.
They have committed to developing “protocols and standards which enable tools to work together and share information across vendors”.
Open Cybersecurity Alliance: Why the Teamwork?
Large organisations typically use 25 to 49 different security tools provided by up to ten vendors, according to research from the Enterprise Strategy Group.
This heterogeneous security landscape has resulted in closed off data lakes and the withholding of information between vendors.
As IBM’s Jason Keirstead put it today: “When security teams are constantly spending their time manually integrating tools and maintaining those integrations, it’s not helping anyone other than the attackers.”
“The mission of the OCA is to create a unified security ecosystem, where businesses no longer have to build one-off manual integrations between every product, but instead can build one integration to work across all, based on a commonly accepted set of standards and code.”
So far the alliance has been joined by the following cybersecurity firms; Advanced Cyber Security Corp, Corsa, CrowdStrike, CyberArk, Cybereason, DFLabs, EclecticIQ, Electric Power Research Institute, Fortinet, Indegy, New Context, ReversingLabs, SafeBreach, Syncurity, ThreatQuotient, and Tufin.
Open Source for the Open Cybersecurity Alliance…
IBM and McAfee are leading the alliance and have already opened up two projects that will form part of the OCA’s initial technological offering.
IBM has released its STIX-Shifter onto Github: this is an open source library that can identify and format data about potential threats contained within data repositories. This formatting means it can be digested and integrated with any security tool that is part of the alliance.
McAfee, meanwhile, has developed a cybersecurity messaging format, named OpenDXL, that will be available under the Apache 2.0 license.
OpenDXL uses the Data Exchange Layer (DXL), which many vendors and enterprises already rely on. OpenDXL is an open standard developed by McAfee that connects products independent of the underlying proprietary architecture, without relying on vendor-specific APIs and requirements.)
Carol Geyer, chief development officer of OASIS commented in the release that: “Today, organizations struggle without a standard language when sharing data between products and tools.”
“We have seen efforts emerge to foster data exchange, but what has been missing is the ability for each tool to transmit and receive these messages in a standardized format, resulting in more expensive and time-consuming integration costs.
“The aim of the OCA is to accelerate the open sharing concept making it easier for enterprises to manage and operate.”