Not only do we have to deal with the growing threat of cybercrime, but the evolution of cybersecurity platforms creates its own issues too. Fragmentation and a lack of interoperability between cybersecurity products could be hindering the fight against cyber threats as businesses invest in more and more tools they might not be getting the best from.
IBM, McAfee, and 16 other key cybersecurity industry players collaborating under the OASIS International Consortium banner have announced an Open Cybersecurity Alliance (OCA). The OCA, as per ZDNet reporting, plans to connect market products as work to solve interoperability and create data-sharing practices.
Any company can contribute to the OCA
The newly formed OCA project has issued an open invitation and call for participation to any company who would like to contribute. Participants do not have to be members of the non-profit consortium OASIS which works to create open standards for our “global information society.”
“OASIS promotes industry consensus and produces worldwide standards for security, Internet of Things, cloud computing, energy, content technologies, emergency management, and other areas.”
The new project will be led by IBM and McAfee who are initially joined by Advanced Cyber Security Corp, Corsa, CyberArk, Cybereason, DFLabs, Crowdstrike, Electric Power Research Institute, EclecticIQ, Fortinet, Indegy, New Context, ReversingLabs, Safe Breach, Syncurity, Threat Quotient, and Tufin.
An open cybersecurity ecosystem
Project participants can contribute threat insights, code or expertise. As per OASIS the OCA consists of cybersecurity vendors, users, thought leaders and individuals who are interested in “fostering an open cybersecurity ecosystem,” where, it says:
“Products from all vendors and software publishers can freely exchange information, insights, analytics, and orchestrated response, via commonly developed code and tooling, using mutually agreed upon technologies, data standards, and procedures.”
The OCA is answering a cybersecurity industry challenge where it adds:
“Cybersecurity teams are on average using 25 to 49 different security tools from up to 10 different vendors, each of which generate an explosion of data & insights.”
– Check out our hilarious security awareness training series:
Answering an efficiency challenge for better cybersecurity
A lack of industry collaboration and data sharing, including the findings from insights and incidents, creates a reduction in efficiency across the cybersecurity battle and produces interoperability problems for end users of cybersecurity products.
The OCA hopes to develop common code and tooling as well as better data-sharing practices for a more seamless cybersecurity software experience for those who utilise it. It says:
“End user organisations have consistently wanted to be able to integrate ‘best-of-breed’ products and solutions into their operational environments with minimal effort and time. However, they have been unable to because of the lack of real interoperability at the communications and data levels.”
End users of cybersecurity software may not realise some of their cybersecurity threats and challenges may have been resolved in products they use for other purposes. They may end up investing in new software unnecessarily or not getting the most out of existing platform subscriptions.
“Further, poor integration can also lead to missing critical insights and findings that would have otherwise been detected if the tools were more well-integrated.”
For the everyday business, the work of the OCA may well result in better performing cybersecurity products and reduced unnecessary investment, leaving funds available to invest in other methods to fight cybercrime.