A new language framework designed to breach fragmentation gaps between cybersecurity tools has been released to the open source community.
Launched by the Open Cybersecurity Alliance (OCA), a consortium of cybersecurity vendors including IBM, Crowdstrike, and McAfee, on Monday, the OCA said that OpenDXL Ontology is the "first open source language for connecting cybersecurity tools through a common messaging framework."
OpenDXL Ontology, now available, aims to create a common language between cybersecurity tools and systems by removing the need for custom integrations between products that can be most effective when communicating with each other -- such as endpoint systems, firewalls, and behavior monitors -- but suffer from fragmentation and vendor-specific architecture.
This is not the first open source project developed by the consortium. The Open Data Exchange Layer (OpenDXL) is an open messaging framework already used by roughly 4,000 organizations to improve tool integration.
Ontology aims to improve sharing by way of a language that is usable by any vendor, providing one set of tooling that can be reused across various cybersecurity products.
OCA says that an additional benefit of the open source framework and tooling is the elimination of requirements to update integrations when software versions or functionalities change.
"For example, if a certain tool that detects a compromised device, it could automatically notify all other tools and even quarantine that device using a standard message format readable by all," OCA says. "While previously this was only possible with custom integrations between individual products, it will now be automatically enabled between all tools that adopt OpenDXL Ontology."
Under OASIS, the OCA was formed in October 2019. Led by IBM and McAfee, the cybersecurity consortium now includes 26 companies. New members include Armis, Recorded Future, Gigamon, and Tripwire.
The organization's mantra is "integrate once, reuse everywhere," and it is hoped that OpenDXL Ontology, by being made available to the open source community, will result in new use cases and further development.
OpenDXL Ontology is available on Github.
Alongside the new project, the OCA community is also developing STIX-Shifter, a search function for security tools.
Previous and related coverage
- Cybersecurity: Under half of organisations are fully prepared to deal with cyberattacks
- The Linux Foundation identifies most important open-source software components and their problems
- Cybersecurity warning: Almost half of connected medical devices are vulnerable to hackers exploiting BlueKeep
Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0