OCA Sponsors

 

What We Do

Open Cybersecurity Alliance (OCA) develops standardized data interfaces to support an open ecosystem where cybersecurity tools interoperate without the need for custom integrations.

OCA is a nonprofit, global collaboration of software providers, end users, government agencies, research institutes , and individuals committed to enabling the free exchange of information, insights, analytics, and response across cybersecurity tools. 

An open source project, OCA operates under the OASIS Open governance process, which ensures transparency, inclusiveness, and safety, with  a path to standardization and reference in international policy and procurement.

 

Why OCA?

 OCA Principles

Product Interoperability

Security Tool Integration

Open
Security

Trust &
Transparency

Collaborative Community

Open
Governance

 

OCA Goals

Interoperability

Develop and promote sets of open source content, code, tooling, patterns, and practices to maximize interoperability and the sharing of data among cybersecurity tools

Open Ecosystem

Build an open ecosystem where cybersecurity products interoperate without the need for customized integrations.

Value Increase

Extract more value from existing products and reduce costs by reducing the complexity of architecting and deploying ever-increasing cyber solutions.

Improved Visibility

Improve security visibility and ability to discover new insights that might otherwise have been missed.

 

Why OCA?

OCA is committed to solving the costly problem of siloed cyber tools and products. Our mission is to connect the fragmented cybersecurity landscape with common, open source code and practices that allow companies to “integrate once, reuse everywhere.”

For enterprise users, this means improving security visibility and the ability to discover new insights that might otherwise go unseen; extracting more value from existing products and reducing vendor lock-in; and connecting data and sharing insights across products.

 
 

OCA Sub-Projects

OCA is an incubator for a growing number of Open Source projects.
Home
Kestrel

Kestrel

Threat Hunting Language

Provides an abstraction for threat hunters to focus on what to hunt instead of how to hunt.
Learn more.

Home
STIX Shifter

STIX Shifter

Patterning Library

Allows data to be normalized across domains for comprehensive security analysis. Learn more.

Home
Pace

PACE

Posture Attribute Collection and Evaluation

A comprehensive automated strategy for understanding security posture and what to do about it. Learn more.

IOB Artwork 1
IOB

Indicators of Behavior (IOB)

Augmentation to Machine Readable CTI

A structured representation of reusable adversary behaviors, detections of those behaviors, and correlation workflows to aid network defenders. Learn more.

 
 

OCA Working Groups

Zero Trust Architecture

Working to create and further refine OCA technologies to enable a Zero Trust architecture.

Join our mailing list.

OCA Ontology

Creating a unified ontology for cybersecurity information in order to have standard ways of encoding information on data fabrics, APIs, etc.

Join our mailing list.

How You Benefit

The OCA approach will define an architecture that is distributed, modular and adaptive. OCA will provide easily extensible, common-code components and open specifications that will normalize information between disparate systems. Our framework will reduce the complexity of architecting and deploying ever-increasing cyber solutions.

Unlike vendor partner alliances, OCA is a collaborative community with open governance. OCA is working on projects that span key conversations happening in the security industry, i.e., Zero Trust, Extended Detection and Response (XDR), Posture Assessment and more. Unlike industry-specific platforms for sharing threat data, OCA is uniquely focused on product interoperability, with benefits for the entire cybersecurity community.

security

Security Vendors

  • Decrease integration and engineering costs
  • Allow clients to extract more value from your tools
  • Designate your product as an integral part of the interoperability ecosystem, promote your commitment and contributions to your customers
  • Leverage open-source connectors
  • Deliver more robust data integrations
  • Partner with others in community to offer complete solutions

Security Practitioners

  • Break down your data silos
  • Free yourself from vendor lock-in
  • Decrease tool integration resource drain
  • Avoid buying unnecessary tools
  • Get maximum value from the tools already installed
  • Decrease complexity of architecting and deploying cyber solutions
  • Share information, analytics, and orchestrated response between products

Managed Security Service Providers

  • Increase vendor options and decrease vendor dependency for your customers
  • Reuse out-of-the-box integration solutions across customers
  • Streamline customer onboarding with plug and play tools
  • Reduce development and reconfiguration costs for application/tool orchestration
  • Increase transferable skills for your analysts across domains and customers
  • Share best practices across customers
  • Achieve compliance faster

Public Sector

  • Facilitate communication between private and public-sector stakeholders
  • Promote effective federal agency participation in the voluntary standards-setting process
  • Promote interconnectivity between federal agencies
  • Decrease spending by leveraging freely available cyber standards
  • Tap into brain trust of cyber experts from private industry
  • Unify fragmented efforts and encourage convergence
  • Protect development efforts from single-vendor bias and foster a greater competitive solutions
  • Exert influence as a large-scale implementer, advocate for constituency
Join Now
 
 

OCA Member Testimonials

  • When security teams are constantly spending their time manually integrating tools and maintaining those integrations, it’s not helping anyone other than the attackers... The mission of the OCA is to create a unified security ecosystem, where businesses no longer have to build one-off manual integrations between every product, but instead can build one integration to work across all, based on a commonly accepted set of standards and code.
    Jason Keirstead, CTO of Threat Management
    IBM Security
  • Collective defense is a powerful security strategy that we need to leverage to fend off the bad guys. At Cyware, our vision is to achieve collective defense for all organizations which will be further strengthened with Cyware joining the OCA. We are really excited to be part of the OCA initiative and look forward to fostering the culture of collaboration at all the possible levels for effective threat response.
    Avkash Kathiriya - VP Research and Innovation
    Cyware Labs
  • EclecticIQ and the Open Cybersecurity Alliance (OCA) share a common belief that an open ecosystem improves cybersecurity for everyone. Our open and extensible platform makes it easy to use and share intelligence from multiple sources to detect threats earlier, remediate incidents faster, and run operations more efficiently. We applaud the OCA for driving industry-wide cooperation on protocols and standards surrounding sharing cybersecurity insights and findings.
    Ciaran Bradley, CTO
    EclecticIQ
  • The Center for Internet Security (CIS) joined the Open Cybersecurity Alliance (OCA), because we have common missions – to improve the efficacy of cybersecurity programs. Each organization plays a vital role in achieving this. CIS produces a variety of authoritative, community-developed security best practices (CIS Critical Security Controls and CIS Benchmarks), which are designed to be incorporated into interoperable software components. The OCA seeks to enable that interoperability with interface and payload definitions accompanied by running code. Together, we are helping organizations – both in the public and private sector – to better protect their customers and their own reputations.
    Center for Internet Security (CIS)