Today, the rapidly evolving cybersecurity threat landscape has driven an explosion of security products, generating an ever-increasing mountain of potentially valuable data and insights. But with that comes the increased complexity needed to make sense of it all and extract the real value. According to the industry analyst firm Enterprise Strategy Group organizations use on average 25 to 49 different security tools from up to 10 vendors, each of which generates large amounts of siloed data. Today, integrating security products into an established operational environment can be extremely resource intensive, time-consuming, and costly, all at the expense of hours that could be better spent hunting and responding to threats.
For too long, many cybersecurity vendors have made life harder for customers by assuring their “secret sauce” was theirs and theirs alone. Organizations were not able to get the full value from the tools they purchased because of the lack of interoperability, the expense of integration and the potentially valuable data locked away from sight in proprietary silos. This situation provides us with a real opportunity, and we intend to take advantage of it.
We have seen this play out before. Prior to the beginning of the Industrial Revolution, tools were mostly handcrafted and not precise or consistent enough to support manufacturing needs. It was widespread standardization that changed the landscape and led to the Industrial Revolution. Interchangeable parts allowed for the easy assembly of new and innovative products, cheap repairs and fewer skills and time required of workers. Best of all, it led to dramatically reduced costs across the board, for producers and consumers.
We need to foster a similar revolution in cybersecurity today.
McAfee and IBM Security have kick-started an initiative to bring real interoperability and data sharing across the cybersecurity product landscape. The Open Cybersecurity Alliance (OCA) project is comprised of like-minded global cybersecurity vendors, end users, thought leaders and individuals interested in fostering an open cybersecurity ecosystem, where products from all vendors and software publishers can freely exchange information, insights, analytics, and orchestrated response, via commonly developed code and tooling, using mutually agreed upon technologies, standards, and procedures.
The Alliance’s founders, McAfee and IBM Security, are joined in the initiative by Advanced Cyber Security Corp, Corsa, CrowdStrike, CyberArk, Cybereason, DFLabs, EclecticIQ, Electric Power Research Institute, Fortinet, Indegy, New Context, ReversingLabs, SafeBreach, Syncurity, ThreatQuotient, and Tufin.
The OCA was formed under the auspices of OASIS, a respected consortium driving the development, convergence and adoption of open standards for the global information society. The Alliance was launched as an OASIS Open Project on October 8, 2019. Participation from additional organizations and individual contributors is welcomed.
OCA’s goal is to develop and promote sets of open source common content, code, tooling, patterns, and practices for operational interoperability and data sharing among cybersecurity tools. The Alliance aims to create an environment where cybersecurity vendors do not compete on plumbing; rather, the plumbing is the foundation – the common platform — upon which cybersecurity tools are built. Cybersecurity vendors have a real adversary they are trying to defeat, and vendors should not be distracted by each of us having to replicate different ways to provide product plumbing.
For enterprise users, OCA means:
- Improving security visibility, providing the ability to discover new insights and findings that might otherwise have been missed
- Extracting real value from existing products while reducing vendor lock-in
- Connecting data and sharing insights across products
- Enabling vendors who make use of OCA code, tooling, and patterns to seamlessly interoperate, making plug-and-play integration of cybersecurity products a reality
- Facilitating a variety of security use cases, including threat hunting & detection, analytics, operations, response and more;
In short, the goal is: integrate once, reuse everywhere.
For security vendors, the benefits of supporting the OCA in products are tangible. They include:
- Reduced integration costs, improving vendors’ ability to focus on higher-value features and integrations
- Improved robustness of data integrations, allowing customers to extract more value from their products and tools
- Ease of integration for customers, allowing products to be more useful directly out of the box
- No duplication of the messaging and data exchange aspects of products
Security practitioners benefit from OCA integrated tools by:
- Increased visibility and the ability to discover new critical insights and findings that would have otherwise been missed
- Reduced procurement of unnecessary new tools
- Reduced vendor lock-in
- More rapid deployment and integration into security processes
- Overall reduction of costs for product integration
Like the beginning of the Industrial Revolution, where interchangeable parts provided the economic incentives and the foundation for true innovation, we believe that an open cybersecurity ecosystem, where products from all vendors and software publishers can freely exchange information, insights, analytics, and orchestrated responses, will lead to real advancements in cybersecurity. The OCA strives to provide that foundation for cybersecurity innovation to flourish.
Join the Open Cybersecurity Alliance today and help us start a revolution.