IBM, McAfee help launch initiative for open-source cybersecurity development

The Organization for the Advancement of Structured Information Standards (OASIS), a not-for-profit consortium for open-source technology development, has launched the Open Cybersecurity Alliance (OCA) to facilitate interoperability and data sharing across cybersecurity products.

The OCA has been developed with open source code content contributed by its founders — cybersecurity unit of technology giant IBM and security software major McAfee.

The alliance brings together organisations on a common platform to develop open-source security technologies for insights, analytics and information.

Cybersecurity solutions firm Fortinet, security software solutions provider CyberArk, Israeli network security company Tufin and enterprise security software provider Indegy are also participating in the initiative. 

OCA aims to develop and promote sets of open-source content, code, tooling, patterns and practices among cybersecurity tools, said an official statement issued by McAfee. 

The platform will also help enterprise users optimise security needs by developing protocols and standards that enable tools to work together and share information across vendors. 

The OCA will serve as a platform to streamline security technologies across the threat lifecycle including processes such as threat detection, analytics and response.

“Today, organisations struggle without a standard language when sharing data between products and tools. We have seen efforts emerge to foster data exchange but what has been missing is the ability for each tool to transmit and receive these messages in a standardised format, resulting in more expensive and time-consuming integration costs. The aim of the OCA is to accelerate the open sharing concept making it easier for enterprises to manage and operate,” said Carol Geyer, chief development officer, OASIS.

IBM Security contributed its open-source software library STIX-Shifter to create a universal, out-of-the-box search capability for security products. It allows users to connect cybersecurity products to cloud, software and data repositories. 

McAfee offered its software communication platform OpenDXL to provide for an interoperable messaging format for enterprises that are part of the alliance.

OASIS, based in Massachusetts, works on the development, convergence and adoption of open-source standards for security, internet of things (IoT) and emergency management across sectors. 

The organisation helps standardise projects globally for adoption in international policy and procurement purposes. OASIS has a broad technical agenda encompassing cybersecurity, privacy, cryptography, cloud computing and IoT.

Recent findings by IBM and McAfee in cybersecurity:

A study by IBM found that the average data breach costs around Rs 13 crore. The report added that Rs. 5,019 is the per capita cost for every record that is lost or stolen. 

McAfee found in its survey that automation and gamification are crucial tools that can be leveraged to beat cybercriminals. 

In an interview with TechCircle, Vaidyanathan Iyer, security software leader, India and South Asia, IBM said that digital transformation initiatives, multi-cloud environments and migration to the cloud have increased the susceptibility of data breaches.