Being among innovative cybersecurity startups, ReversingLabs seeks to help enterprises be more secure and was excited to join the Open Cybersecurity Alliance (OCA) project launch. The OCA is comprised of global like-minded cybersecurity vendors, end users, and individuals who are interested in fostering an open cybersecurity ecosystem, where products from all vendors and publishers can freely exchange information, insights, analytics, and orchestrated response via commonly developed code and tooling, using mutually agreed upon technologies, data standards, and procedures. All of this would be done out of the box.
The cybersecurity industry has an ever-growing number of vendors and products, resulting in the fact that enterprise cybersecurity teams are on average using 25 to 49 different security tools from up to 10 different vendors, each of which generate an explosion of data & insights (Enterprise Strategy Group). The value of integrating security tools cannot be disputed, and IDC identified the top benefits being:
- streamlined security management,
- consolidated vendors & policy management,
- data exchange, and
- workflow automation.
While these tools have one-off integrations amongst one another, there is a lack of industry-wide vendor cooperation on protocols and standards surrounding sharing cybersecurity insight and findings data.
So with the recent announcement of the OCA, an OASIS open project with 18 founding alliance members, including initial contributors IBM Security and McAfee along with Advanced Cyber Security Corp, Corsa, CrowdStrike, CyberArk, Cybereason, DFLabs, EclecticIQ, Electric Power Research Institute, Fortinet, Indegy, New Context, ReversingLabs, SafeBreach, Syncurity, ThreatQuotient, and Tufin, the process has begun to connect the fragmented cybersecurity landscape with common, open-source code and practices for security tools. To achieve this, the project hopes to enable disparate security products to freely exchange information, out of the box, using mutually agreed upon technologies, standards, and procedures.
This interoperability would have huge benefits for the end users and organizations. Some of these benefits include:
- Improving security effectiveness and visibility to discover new findings that might have otherwise been missed;
- Extracting more value from existing products and reducing vendor lock-in;
- Connecting data and sharing insights across products;
In acknowledgement of this initiative, there has been tremendous support and coverage highlighted below:
- CBR (Computer Business Review): 18 Cybersecurity Firms Team Up to Plug their Products Together by Conor Reynolds
- Computer Weekly: IBM, McAfee among founders of open source security alliance by Alex Scroxton
- ComputerWeekly Microscope: Vendors launch security alliance increase interoperability by Simon Quicke
- FierceTelecom: IBM and McAfee primary backers of new open source cybersecurity group by Mike Robuck
- Infosecurity: Industry Leaders Throw Weight Behind Interoperability Alliance by Sarah Coble
- SDx Central: IBM Security, McAfee Spearhead Open Cybersecurity Alliance by Jessica Lyons Hardcastle
- Security Boulevard: OASIS to Lead Cybersecurity Interoperability Initiative by Michael Vizard
- Security Intelligence: Open Cybersecurity Alliance: An Open Source Initiative for Enabling Improved Interoperability by Jason Keirstead
- Security Magazine: Cybersecurity Leaders Launch Initiative for Interoperable Security Technologies
- SecurityWeek: Cybersecurity Firms Partner on Open Source Security Technology Development by Ionut Arghire
- SiliconAngle: Alliance including IBM and McAfee aims to make cybersecurity products interoperable by Duncan Riley
- ZDNet: Cybersecurity giants join forces to combat cyberthreats under OASIS umbrella by Charlie Osborne
- Telecompaper: IBM Security, McAfee become founding partners of new Open Cybersecurity Alliance
The OCA welcomes participation from additional organizations and individual contributors, so please contact the alliance for further details.
- Update your understanding: Buyer's Guide for Software Supply Chain Security
- Join the Webinar: Why you need to upgrade your AppSec for the new era
- Get the report and take action: The State of Supply Chain Security 2024
- Join the discussion: State of Software Supply Chain Security Webinar
- See Gartner's guidance on managing software supply chain risk