LAS VEGAS — McAfee and IBM Security have announced that they are the founding members of the Open Cybersecurity Alliance (OCA), a group of 18 companies whose goal is to foster interoperability and easy integration between security vendors.
The project is under the auspices of OASIS (Organization for the Advancement of Structured Information Standards), a non-profit consortium that drives the development, convergence and adoption of open standards for the global information society.
Although there are several other cybersecurity coalitions (Cyber Threat Alliance, Cloud Security Alliance, and Cybersecurity Tech Accord, for example), OCA is unique in that it’s purely about developing open source code, tools, and patterns to allow vendors’ products to interoperate. The other groups focus on things like threat information exchange, or best practices.
“We feel that there’ve been great strides, particularly over the past few years, within the industry itself to encourage the interoperation of data and the exchange of data, and a lot of very robust ecosystems have formed,” explained Darren Thomas, senior product manager, Open Data Exchange Layer, McAfee. “But even though the ecosystems tend to play well within themselves, there’s not always that top level interoperability. One of the goals of the project is to develop a common language and a common structure which everybody will be able use in the very same way, driving much, much faster, and much more robust security outcomes for the industry as a whole.”
He hopes that the initiative will act as a force multiplier, with vendors making use of the project outcomes being able to seamlessly interoperate with one another through a single integration effort.
“For a security vendor, it boils down to choice,” he said. “We can’t possibly integrate with everyone as one-offs.”
Security practitioners will be able to gain new insights from their existing tools, reduce vendor lockin, and be able to cut back on purchases of new tools.
But the OCA is not trying to reinvent the wheel.
“We’re trying to leverage standards wherever they exist. We’re not trying to create competing standards,” said Jason Keirstead, chief architect, IBM Security Threat Management. “All these different deliverables that we create as part of the OASIS-Open project are 100 per cent open source. That’s one of the unique things about these projects: even though they can eventually evolve to become standards that are referenced by industry standards bodies, the initial work products are always open source. So it’s all about open source and creating actual code that will enable this interoperability.”
To get things started, McAfee has contributed its OpenDXL Standard Ontology project, which is developing a standard messaging format for use with OpenDXL (the open data exchange layer developed by McAfee and released to open source), to the Alliance, and IBM Security contributed its STIX Shifter project, centred on open and interoperable threat hunting and analytics, using the STIX 2 Cyber Observable Model as a base.
Other members at launch include Advanced Cyber Security Corp, Corsa, CrowdStrike, CyberArk, Cybereason, DFLabs, EclecticIQ, Electric Power Research Institute, Fortinet, Indegy, New Context, ReversingLabs, SafeBreach, Syncurity, ThreatQuotient, and Tufin. The Alliance is still looking for additional members.