IBM, McAfee among founders of open source security alliance

IBM Security and McAfee have been named as two of the founding members of a new cyber security alliance designed to bring together businesses, individuals and other stakeholders from around the world to advance Open Source security technology.

Dubbed the Open Cybersecurity Alliance, or OCA, the group aims to “connect the fragmented cyber security landscape with common, open source code and practices”. It will be run under the auspices of Oasis, a member-driven standards body that offers projects, paths to standardisation, and de jure approval for reference in international policy and procurement.

Besides IBM Security and McAfee, which are contributing the initial open source content and code, the group includes Advanced Cyber Security Corp, Corsa, CyberArk, Cybereason, DFLabs, EclectiqIQ, Fortinet, Indegy, New Context, ReversingLabs, SafeBreach, Syncurity, Threat Quotient and Tufin.

By developing and promoting open source content, code, tooling, patterns and practices for interoperability and data sharing, the OCA hopes to address the frequent issues that arise from the sheer number of cyber security tools in use at the average enterprise – which can range from 25 to 49 on average, according to a recent Enterprise Strategy Group report.

Connecting these tools needs complex integration and takes up time that security professionals could better spend doing actual security, said the OCA.

By developing protocols and standards that help these diverse tools work together and share information across suppliers, the group wants to simplify how tools are integrated across the security sector, from threat hunting and detection, to analytics, operations, and response.

This will help customers improve visibility, discover new threats that they might have missed, get more value out of their existing products, reduce supplier lock-in, and share insights across products and platforms.

“Today, organisations struggle without a standard language when sharing data between products and tools,” said Carol Geyer, chief development officer of Oasis.

“We have seen efforts emerge to foster data exchange, but what has been missing is the ability for each tool to transmit and receive these messages in a standardised format, resulting in more expensive and time-consuming integration costs. The aim of the OCA is to accelerate the open sharing concept making it easier for enterprises to manage and operate.”

IBM Security Threat Management’s chief architect, Jason Keirstead, added: “When security teams are constantly spending their time manually integrating tools and maintaining those integrations, it’s not helping anyone other than the attackers.

“The mission of the OCA is to create a unified security ecosystem, where businesses no longer have to build one-off manual integrations between every product, but instead can build one integration to work across all, based on a commonly accepted set of standards and code.”

DJ Long, McAfee vice-president of business development, said that since cyber criminals maximised the damage they caused by collaborating, the best defensive strategy would appear to be to collaborate as well.

“The OCA creed is ‘Integrate once, reuse everywhere’, which builds on McAfee’s open philosophy that lead to the OpenDXL project in 2016. Organisations will be able to seamlessly exchange data between products and tools from any provider that adopts the OCA project deliverables. We’re looking at the potential for unprecedented real-time security intelligence,” he said. 

There are two initial contributions from the project, from IBM and McAfee respectively. The first is STIX-Shifter, which aims to create a universal search capability for security products by connecting them to other security, cloud and software data repositories via a standardised data model, in effect an open source library of threats. The second is OpenDXL Standard Ontology, which will explore the development of an open, interoperable cyber security messaging format.