Vendors launch security alliance to increase interoperability

Security specialists across the channel are starting to get to grips with a fresh initiative that has launched in a bid to try to more interoperability across the industry. 

IBM Security and McAfee have been joined by 14 other firms (see box below for full list), including Fortinet and CyberArk to form the OASIS consortium.  

One of the main justifications for the launch of the organisation is to try to help users deal with their bloated security estate. As resellers are only too aware the average firm uses around 40 different tools, from ten different vendors and that has resulted in an ad hoc approach being taken to dealing with threats with gaps in the defences appearing. 

Under the OASIS banner the firms will work on the Open Cybersecurity Alliance (OCA) to try to increase the interoperability between products to reduce those problems and share information around threats and the best responses. 

“Today, organisations struggle without a standard language when sharing data between products and tools,” said Carol Geyer, chief development officer of OASIS.  

“We have seen efforts emerge to foster data exchange, but what has been missing is the ability for each tool to transmit and receive these messages in a standardised format, resulting in more expensive and time-consuming integration costs. The aim of the OCA is to accelerate the open sharing concept making it easier for enterprises to manage and operate," she added. 

Given that the majority of the firms involved with the alliance operate indirect models there will be consequences for the channel as solid results start to emerge from the project. 

“When security teams are constantly spending their time manually integrating tools and maintaining those integrations, it’s not helping anyone other than the attackers,” said Jason Keirstead, chief architect, IBM Security Threat Management.  

“The mission of the OCA is to create a unified security ecosystem, where businesses no longer have to build one-off manual integrations between every product, but instead can build one integration to work across all, based on a commonly accepted set of standards and code," he added. 

Quotes from some of the other vendors involved with the initiative all stressed the importance of sharing information and the benefits of vendors working more closely together. 

“CyberArk strongly believes in the power of vendor collaboration to strengthen the enterprise security fabric. We continue to support open source initiatives that elevate that level of collaboration, and being part of the vendor community actively engaged in the Open Cybersecurity Alliance (OCA) is another important step forward," said Adam Bosnian, executive vice president, global business development at CyberArk. 

"By creating a framework to share data that improves communication and effectiveness among an ecosystem of software solutions, OCA is helping to enrich and improve the effectiveness of security solutions," he added.  

The alliance has started with a membership of 16 but has made it clear that other vendors are welcome to join.