bas121 - Fotolia
The information security industry is moving towards collaborative, open and integrated security, according to security firm McAfee.
A shift in the industry’s approach is evidenced by widescale adoption of its Data Exchange Layer (DXL), including interoperability with Cisco Systems, the company said.
This shift is further evidenced by new collaborations through technology partnering programme the McAfee Security Innovation Alliance, it added.
“We must empower security teams to stop spending their time on tedious integrations and manual tasks, and instead focus on defending against adversaries,” said Raja Patel, general manager corporate products at McAfee.
“Organisations should focus on maximising the value of their environment with solutions that integrate, as opposed to layering new technologies that don’t speak to each other. Collaboration like we are doing with Cisco, IBM Security and others throughout the security industry is critical to closing information gaps, breaking silos and providing the visibility we need to protect our most important assets from cyber criminals.”
Since its launch in 2016, the OpenDXL initiative has accelerated enterprise use of DXL, a messaging bus that allows different products inside a cyber security architecture to share threat intelligence with one another, said McAfee.
This means that if a piece of malware is captured on an endpoint, for example, the associated indicators of compromise (IoCs) can be published in an automated way to every node in the security architecture via the DXL, including security appliances such as firewalls.
McAfee said the OpenDXL initiative has shown increasing adoption through enterprises developing dozens of solutions completed via the software developer kit (SDK), published to the GitHub source code repository and OpenDXL.com, a dedicated open source web community.
Stepping up industry momentum, McAfee and Cisco announced at the MPOWER Cybersecurity Summit in Las Vegas that DXL and Cisco pxGrid, the open security information grid by Cisco, now work together to share threat event context and enable automation between the network and endpoint.
Read more about threat intelligence
- There are five key challenges to cyber threat intelligence sharing, according to a report by McAfee Labs.
- How to use threat intelligence in your business.
- Threat intelligence tools are a growing market, and enterprises need to be able to see through the hype to get the best product for them.
- Learn how threat intelligence services benefit enterprise security and how to subscribe to the right threat intelligence service.
With the DXL and pxGrid interoperating, organisations can now drive integrations with security technology from hundreds of suppliers, while through the OpenDXL initiative, integration and orchestration are now extended to open source and enterprise applications.
According to the two firms, the interoperability of DXL and pxGrid creates a universal, unified and responsive security infrastructure for threat detection and response, with close to 100 integrated partners between them.
The interoperability of DXL and pxGrid means that automated processes can cross previously siloed tools, and link endpoint, network and security operation domains, closing security gaps that prevent efficient and effective threat management.
Bi-directional data flow also provides integrated applications with detailed information, giving analysts visibility into critical data, including what is on their network, current security posture, and privilege levels.
“Industry and enterprise leaders have long called for greater visibility and efficacy in security operations, and interoperability between Cisco pxGrid and DXL achieves this at scale due to the wide cross-section of customers we each serve and the many that we share,” said Jeff Reed, senior vice-president, product management, Security Business Group, Cisco.
“We have found that many organisations work with upwards of five security vendors, and they struggle to integrate up to 50 security products, resulting in security gaps that leave them vulnerable. Defenders now have access to the industry’s most extensive and diverse set of services between network, endpoint and security operations.”
On the anniversary of the OpenDXL initiative, McAfee also released DXL 4.0 and new open source tools that provide an enterprise-class environment for developers to facilitate effective use and accelerate creation.
Newly released DXL features include:
- All software required to connect DXL and pxGrid and set automated policies to respond to potential threats.
- Automated incident response with McAfee ePolicy Orchestrator automatically reacting to threat events, sending data to DXL to disseminate to connected products for action.
- Improved management through simplified client provisioning and process updates with new DXL ePO extension and client enhancements.
New contributions to the OpenDXL community include:
- Simplified development and testing, with a new interactive development environment and standalone DXL Broker that McAfee claims enables users to set up a working DXL infrastructure and development environment in five minutes or less.
- Simplified pxGrid integration with the new OpenDXL pxGrid Python client optimised to support interactions between OpenDXL services and pxGrid.
McAfee said the McAfee Security Innovation Alliance ecosystem continues to flourish, with the addition of nearly 20 new partners bringing the total to more than 130.
“I think we have done a great job in adding some really big players, in addition to some great focused players in this industry,” said Chris Young, CEO at McAfee.
The alliance’s mission is to accelerate the development of interoperable security products and to simplify the integration of products within complex customer environments.
According to McAfee, the alliance is enabling the cyber security industry to deliver an integrated, connected security ecosystem that maximises the investment customers are making in their cyber security infrastructure, while shortening response times from security events and more easily remediate compromised systems, leading to a simplified threat defence lifecycle.