Open security group unveils common OpenDXL language

Open Cybersecurity Alliance announces the availability of OpenDXL Ontology, the first open source language for connecting disparate security tools through a common messaging framework

The Open Cybersecurity Alliance (OCA), a group of suppliers committed to connecting the fragmented cyber security landscape with open source codes and practices, has unveiled Open Data Exchange Layer (DXL) Ontology, a new open source language designed to connect diverse security tools via a common messaging framework.

Formed in autumn 2019, the group, which is spearheaded by IBM Security and McAfee, says the new language will cut out the need for custom integrations between all the products that use it, and marks a major milestone in the group’s mission to drive more interoperability in security.

Initially developed by McAfee, the OpenDXL messaging framework is already used by more than 4,000 suppliers and enterprises to develop and share integrations between various tools.

Now, with the release of OpenDXL Ontology, OCA said it could offer a single, common language for notifications, information and actions across security products, providing users with a set of tooling that can be applied once and automatically reused everywhere, while eliminating the need to update integrations for new product versions and functionalities.

For example, a tool that detects a compromised device can now automatically notify all other tools and quarantine the device using a standard message format that all can read and understand. Up to now, this has only been possible with complex and custom integrations between individual products, creating a headache for under-pressure IT security teams and CISOs.

“The adoption of OpenDXL Ontology will help create a stronger, united front to defend and protect across all types of security tools, while reducing the burden of point integrations between individual products,” said the OCA.

Besides OpenDXL Ontology, the group is also collaborating on STIX-Shifter, a universal, out-of-the-box search capability for security products, the code for which initially came out of IBM Security. The group said hundreds of visitors had already accessed STIX Shifter on Github, with dozens of users branching off on new project forks on top of the primary code. Additional contributors are, of course, welcomed.

At the same time, the OCA has also announced the formation of a new steering committee, which will bring together leaders from members AT&T, IBM Security, McAfee, Packet Clearinghouse and Tripwire, to drive the technical direction and development of the body.

Read more about open source security

“With the adoption of public cloud and explosion of connected devices, the ability for enterprises to quickly respond to threats across ever-changing technologies, and even beyond perimeters, is critical,” said Brian Rexroad, vice-president of security platforms at AT&T. “OCA is driving an industrial shift in interoperability with the OpenDXL Ontology to support security at scale.”

Existing group members, which besides those already named include Advanced Cyber Security Corp, Corsa, CyberArk, Cybereason, DFLabs, EclectiqIQ, Fortinet, Indegy, New Context, ReversingLabs, SafeBreach, Syncurity, Threat Quotient and Tufin, have now also been joined by new members Armis, the Center for Internet Security, CyberNB, Dydarm, Gigamon, Raytheon, Recorded Future and sFractal Consulting.

Read more on Application security and coding requirements

Data Center
Data Management