This blog post was written by Raja Patel.
There are a lot of cyberthreats out there. And some may take comfort that there are 1,300 cybersecurity software firms battling against them. That might seem like a lot, but in the face of thousands of online dangers, it’s a battle that’s not always won. Most of these cybersecurity organizations are, in fact, taking on the challenge in relative vacuums, each trying to solve the same problems in different ways. This essentially creates separate battlefields, versus operating together in this overwhelming cyber war.
We know there is a need to reduce complexity, especially given the struggle to get enough IT security expertise and headcount, and users complain it’s difficult to get multiple products working together and maintaining those integrations. In fact, 67%1 of customer respondents indicate that analytics and operations investments are being impaired because of too many point solutions, instead of using an integrated platform. So it’s important to take a closer look at how cybersecurity firms work, and work together.
This is the challenge that led McAfee to create the “Data Exchange Layer” (DXL) in 2014. The idea is simple: companies collaborate in an information/intelligence exchange. The DXL communication fabric connects and optimizes security actions across multiple vendor products, as well as internally developed and open-source solutions. Enterprises gain secure, near real-time access to new data and instant interactions with other products.
As of today, the DXL ecosystem has more than a dozen participants, including Aruba, Check Point, Cisco, Huawei, Interset, SAS, and Titus. And in the past six months alone 24 companies have begun the process to join, including IBM Security, Juniper, and VM Ware.
The DXL concept got a big boost in 2016, when McAfee announced it would open the DXL source code to developers (the “Open DXL” initiative). OpenDXL helps developers and enterprises freely leverage DXL, giving the “keys to the kingdom” to 1,500 software developers to date. That’s an additional 1,500 software developers fighting for everyone’s safety.
The OpenDXL.com website is the focal point for the OpenDXL community and allows developers to imagine, discover, build, deploy, or discuss services for the DXL communications fabric. The goal is to empower DXL integrations, provide a catalog of available apps, and nurture new ideas.
The OpenDXL initiative has shown increasing adoption, with 57 community-built integrations on opendxl.com to date. Solutions are aided via a software developer kit (SDK), published to the GitHub source code repository and OpenDXL.com. Through the OpenDXL initiative, integration and orchestration are now extended to open-source and enterprise applications.
Joining with Cisco
DXL continues to evolve with a robust platform to arm for cybersecurity warfare. In late 2017 McAfee and Cisco began a joint integration between DXL and Cisco’s own messaging fabric, PxGrid, creating the industry’s largest threat protection integration (100 partners) ecosystem.
Industry and enterprise leaders have long called for greater visibility and efficacy in security operations. Cisco pxGrid and DXL interoperability mark the first time this has been achieved at such scale. Together this joint system provides customers with visibility and real-time security orchestration, sharing information between the network and the endpoint. Bi-directional data flow enriches integrated applications with detailed information, allowing analysts visibility into critical data such as what is on their network, current security posture, privilege levels, and more. With the two fabrics interoperating, organizations can now drive integrations with security solutions from hundreds of vendors.
McAfee teams also contributed several new projects to OpenDXL.com, including a Docker-based development environment that gets people up and running in five minutes. Companies such as MGM and AT&T have embraced the concept. Today DXL has over 3,000 customers and seven million installed clients with automated processes that can cross previously siloed tools. This allows users to efficiently and effectively manage threats by linking endpoint, network and security operation domains to close security gaps.
It may not surprise people that there is a shortage of developers in the cybersecurity industry. And as the digital world grows into new fields like artificial intelligence, and the Internet of Things puts cybersecurity squarely into our homes, the threats will also grow. We must work together as an industry.
This is just the beginning of an important movement. We are at a crossroads. We need to challenge our own beliefs.
We must empower security teams to stop spending their time on tedious integrations and manual tasks, and instead focus on defending against adversaries. Organizations should look to maximize the value of their environment with solutions that integrate. Layering new technologies that don’t speak to each other only creates gaps that adversaries can exploit. Collaboration throughout the security industry is critical to closing information gaps, breaking silos and providing the visibility we need to protect our most important assets from cybercriminals.
In short, we need to talk to each other. And the tools we develop need to talk to each other, and work together.
Are your tools open to talk?
1McAfee ePO study, 2018