The Open Cybersecurity Alliance (OCA) recently announced the availability of the Open Data Exchange Layer (OpenDXL) Ontology. According to the OCA, the OpenDXL Ontology is the first open-source language for connecting cybersecurity tools through a common messaging framework. Considering that one of the challenges of any level of integration is accuracy and timeliness, what does the availability of the Ontology mean for enterprises?
The OpenDXL is a common messaging framework designed to connect security tools. According to OpenDXL, over 4,100 vendors and enterprises are already using it to develop and share integrations with other tools. What is new here is the Ontology?
When a product refreshes, all the integrations to it needs to be refreshed as well. Typically, a large product will have several integrations. When there is a large number of integrations of say, security products, the scenario becomes complex because in the open-source space, an increasing number of integrations, are given away free or for a low cost. This leads to a lot of orphaned code. How does the OpenDXL Ontology mitigate this scenario?
The OpenDXL Ontology offers a single, common language for these notifications, information, and actions across security products. Any vendor can adopt it to communicate in a standard way with all other tools under this umbrella. This provides companies with a set of tooling that can be applied once and automatically reused everywhere across all product categories, while also eliminating the need to update integrations when product versions and functionalities change. To simplify, the OpenDXL Ontology streamlines the movement of data between applications.
Security teams will see this as a big bonus. To be able to get an alert that can quickly update all the tools they support in one go is a major step forward. Those who will gain the most, however, are those supporting multiple customers and having to work across a fractured security landscape.
Therefore, the availability of the OpenDXL Ontology is a welcome development. There are, however, challenges. For instance, there is a question around how existing OpenDXL integrations can be absorbed into the Ontology. It is, also, unclear, how much work, if any, will need to be done by end-user organizations. Furthermore, there is a lot of community work around the OpenDXL, which means there is ample scope for orphaned or abandoned integrations. Therefore, enterprises are looking at both, the OCA and the OpenDXL, for a clear statement as to how integrations will be verified.
For now, a single, common language to bind all the security tools is a significant development. Nevertheless, questions such as will it just be the major cybersecurity vendors or will a significant percentage of the industry use the tool, persist. Some of the other grey areas around the OpenDXL Ontology that needs to be resolved are the availability of resources in terms of training and education for security teams and the ease with which enterprises with ‘rolled-their-own’ cybersecurity solution can add the OpenDXL Ontology.
Click here to read the original article published by Enterprise Times.
Please give your feedback on this article or share a similar story for publishing by clicking here.
