Open Cybersecurity Alliance: In Pursuit of InteroperabilityWith 18 Vendors on Board, Experts Assess New Group's Chances for Success
Eighteen technology companies have formed the Open Cybersecurity Alliance to foster the development of open source tools to improve interoperability and data sharing between cybersecurity applications.
See Also: Automating Security Operations
But some observers say getting all the players to agree on a common platform will be challenging.
The initial open source content and code will come from IBM and McAfee, which has been spearheading the project.
The new alliance was formed under the auspices of OASIS, a consortium driving the development, convergence and adoption of open standards. It was launched as an OASIS Open Project on Oct. 8.
In addition to IBM and McAfee, initial members of the alliance include: Advanced Cyber Security Corp., Corsa, CrowdStrike, CyberArk, Cybereason, DFLabs, EclecticIQ, Electric Power Research Institute, Fortinet, Indegy, New Context, ReversingLabs, SafeBreach, Syncurity, ThreatQuotient and Tufin. The group says it will continue to welcome new members.
Open Sharing Concept
“Today, organizations struggle without a standard language when sharing data between products and tools," says Carol Geyer, chief development officer at OASIS. "We have seen efforts emerge to foster data exchange, but what has been missing is the ability for each tool to transmit and receive these messages in a standardized format, resulting in more expensive and time-consuming integration costs. The Open Cybersecurity Alliance aims to accelerate the open sharing concept making it easier for enterprises to manage and operate."
But the new collaborative effort will face some hurdles, says Tom Wills, an advisory board member at Evrensel Capital Partners.
“All technology consortia of this nature face the challenge of each member preferring its own proprietary format or process it may have invested in,” he says. “The success comes down to how well the members navigate their differences and arrive at a common standard.”
By developing protocols and standards, the new alliance hopes to enable products across the cybersecurity ecosystem to interoperate and share information, says Rajesh Maurya, regional vice president, India and SAARC, at Fortinet.
Maurya says an open platform could help enterprises to:
- Improve security visibility and develop the ability to discover new insights and findings that might otherwise have been missed;
- Extract more value from products and reducing vendor lock-in;
- Improve the sharing of data across products.
“When security teams are constantly spending their time manually integrating tools and maintaining those integrations, it’s not helping anyone other than attackers,” IBM’s Jason Keirstead tells Computer Business Review.
“OCA’s mission is to create a unified security ecosystem, where businesses no longer have to build one-off manual integrations between every product, but build one integration to work across all, based on a commonly accepted set of standards and code,” he adds.
OCA’s open platform will use IBM’s STIX-Shifter, an open source library, to study repositories of data gathered from the security tools and identify information about potential threats, together with McAfee’s OpenDXL Standard Ontology to build an interoperable cybersecurity messaging platform.
The group’s goal is to enable organizations to seamlessly exchange data between products and tools from any provider that adopts the OCA project’s standards, says J. Long, vice president of business development at McAfee.
Challenges to Overcome
But Sriram Natarajan, president of Quinte Financial Technologies, a global outsourcing services company, says that getting all players to agree on a common platform will be a challenge, as will ensuring compliance with the EU's tough General Data Protection Regulation.
“Not many companies trust sharing of data across vendors, and there’s no clarity on how the data shared is being used and how this open source code will comply with GDPR requirements,” Natarajan says.
Early last year, some U.S. financial services companies, including American Express, Bank of America, JPMorgan Chase and Wells Fargo, formed an industry consortium, TruSight, in an effort to transform third-party risk management by sharing best practices and standardizing processes. But that collaborative effort is off to a slow start, Natarajan says, which demonstrates how such coalitions so often struggle.
“The biggest concern is that the ultimate liability rests with the organization that leverages it. Even if there’s back-to-back recourse on their contracts, organizations face orchestration challenges,” Natarajan says.
Some Adaptation Required
Orchestration challenges aside, most security tools operate in isolation, generate voluminous log data and don’t easily share or correlate data with other technologies, says Fortinet’s Maurya, noting that is the precise reason why open source standards are so needed.
Working with the consortium, however, will require some customer adaption. “The user organization will likely have to change some of its own processes to realize the benefits of the consortium’s standardized formats and processes,” Wills says.
Ultimately, however, an enterprise that uses three different brands of routers and switches - for example - will in theory be able to use the OCA standards to easily harvest and ingest data from every one of those devices without having to use any costly, manual conversion, he says.