In the open source community, a language framework has been released that aims to break the gaps between its security tools. cyberspace. Open Alliance for Cybersecurity (OCA), a consortium of cyber providers, reported that OpenDXL Ontology is "the first open source language for connecting electronic security tools through a common messaging platform". This consortium includes IBM, Crowdstrike and McAfee.
OpenDXL Ontolgy, now available, aims to create a common language between cybersecurity tools and systems, eliminating the need for custom integration between products that can be more effective when communicating with each other (such as systems). endpoint, firewalls and behavioral monitors) but suffer from vendor fragmentation and architecture. This is not the first open source project developed by OCA. Open Data Exchange Layer (OpenDXL) is an open messaging platform already used by some 4.000 organizations to improve tool integration. Ontology aims to improve the exchange through a language that can be used by any vendor, providing a set of tools that can be reused in various cyber security products. OCA points out that another advantage of the platform and tool open source is to eliminate the requirements for updating integrations when software versions or functionalities change.
Additionally, according to the OCA, if a particular tool detects one violated device, will be able to automatically update all other tools but also to quarantine the device using a standard message form that can be read by everyone. While in the past this could only happen with custom integrations between individual products, it can now be automatically enabled among all the tools that adopt OpenDX Ontology. Established in October 2019 under OASIS led by IBM and McAfee, OCA now comprises 26 companies. Its new members include Armis, Recorded Future, Gigamon and Tripwire. Finally, OpenDXL Ontology is available at Github. Along with the new project, the OCA community is also developing STIX-Shifter, a search feature for security tools.