The OASIS international consortium has announced an industry initiative to bring interoperability and data sharing across cybersecurity products. With initial open source content and code contributed by IBM Security and McAfee, and formed under the auspices of OASIS, the Open Cybersecurity Alliance (OCA) brings together organizations and individuals from around the world to develop open source security technologies that can freely exchange information, insights, analytics and orchestrated responses.
According to industry analyst firm, Enterprise Strategy Group, organizations use 25 to 49 different security tools from up to 10 vendors on average, each of which generates siloed data.
To accelerate and optimize security for enterprise users, the OCA will develop protocols and standards that enable tools to work together and share information across vendors. The aim is to simplify the integration of security technologies across the threat lifecycle – from threat hunting and detection, to analytics, operations and response — so that products can work together out of the box.
The purpose of the OCA is to develop and promote sets of open source common content, code, tooling, patterns and practices for interoperability and sharing data among cybersecurity tools. For users, this means:
Improving security visibility and ability to discover new insights and findings that might otherwise have been missed;
Extracting more value from existing products and reducing vendor lock-in;
Connecting data and sharing insights across products.
Initial technology contributions to the open project are as follows, with additions expected as part of ongoing work:
- STIX-Shifter (from
IBM Security): This project aims to create a universal, out-of-the box
search capability for security products of all types, by providing a way
to connect security products to other security, cloud and software data
repositories via a standardized cybersecurity data model (STIX 2).
STIX-Shifter is an open source library which can identify information
about potential threats within a wide variety of data repositories and
translate it into a format that can be digested and analyzed by any
security tool that has this standard enabled.
- OpenDXL Standard Ontology (from McAfee) focused on the development of an open and interoperable cybersecurity messaging format for use with the OpenDXL messaging bus. The OpenDXL Standard Ontology will be offered under the Apache 2.0 license.
This article was originally published on ————————- More info
Cyber Security Specialist 