OCA Sponsors
What We Do
Open Cybersecurity Alliance (OCA) develops standardized data interfaces to support an open ecosystem where cybersecurity tools interoperate without the need for custom integrations.
OCA is a nonprofit, global collaboration of software providers, end users, government agencies, research institutes , and individuals committed to enabling the free exchange of information, insights, analytics, and response across cybersecurity tools.
An open source project, OCA operates under the OASIS Open governance process, which ensures transparency, inclusiveness, and safety, with a path to standardization and reference in international policy and procurement.
OCA Principles
Product Interoperability
Security Tool Integration
Open
Security
Trust &
Transparency
Collaborative Community
Open
Governance
OCA Goals
Interoperability
Develop and promote sets of open source content, code, tooling, patterns, and practices to maximize interoperability and the sharing of data among cybersecurity tools
Open Ecosystem
Build an open ecosystem where cybersecurity products interoperate without the need for customized integrations.
Value Increase
Extract more value from existing products and reduce costs by reducing the complexity of architecting and deploying ever-increasing cyber solutions.
Improved Visibility
Improve security visibility and ability to discover new insights that might otherwise have been missed.
Why OCA?
OCA is committed to solving the costly problem of siloed cyber tools and products. Our mission is to connect the fragmented cybersecurity landscape with common, open source code and practices that allow companies to “integrate once, reuse everywhere.”
For enterprise users, this means improving security visibility and the ability to discover new insights that might otherwise go unseen; extracting more value from existing products and reducing vendor lock-in; and connecting data and sharing insights across products.
OCA Sub-Projects
Kestrel
Threat Hunting Language
Provides an abstraction for threat hunters to focus on what to hunt instead of how to hunt.
Learn more.
STIX Shifter
Patterning Library
Allows data to be normalized across domains for comprehensive security analysis. Learn more.
PACE
Posture Attribute Collection and Evaluation
A comprehensive automated strategy for understanding security posture and what to do about it. Learn more.
Indicators of Behavior (IOB)
Augmentation to Machine Readable CTI
A structured representation of reusable adversary behaviors, detections of those behaviors, and correlation workflows to aid network defenders. Learn more.
CASP
Cybersecurity Automation Sub-Project
Prototyping, testing, and specifying interoperability among cybersecurity automation technologies. Learn more
OXA
Open XDR Architecture
Defining interactions between security products, using open standards and APIs, in order to enable a composable security architecture. Learn more
CACAO Roaster
Editor for CACAO Playbooks
Allows defenders in a no-code graphical manner to design and generate CACAO playbooks to orchestrate and automate their cybersecurity operations.
Learn more.
OCA Working Groups
Zero Trust Architecture
Working to create and further refine OCA technologies to enable a Zero Trust architecture.
OCA Ontology
Creating a unified ontology for cybersecurity information in order to have standard ways of encoding information on data fabrics, APIs, etc.
Join our mailing list.
How You Benefit
The OCA approach will define an architecture that is distributed, modular and adaptive. OCA will provide easily extensible, common-code components and open specifications that will normalize information between disparate systems. Our framework will reduce the complexity of architecting and deploying ever-increasing cyber solutions.
Unlike vendor partner alliances, OCA is a collaborative community with open governance. OCA is working on projects that span key conversations happening in the security industry, i.e., Zero Trust, Extended Detection and Response (XDR), Posture Assessment and more. Unlike industry-specific platforms for sharing threat data, OCA is uniquely focused on product interoperability, with benefits for the entire cybersecurity community.
Security Vendors
- Decrease integration and engineering costs
- Allow clients to extract more value from your tools
- Designate your product as an integral part of the interoperability ecosystem, promote your commitment and contributions to your customers
- Leverage open-source connectors
- Deliver more robust data integrations
- Partner with others in community to offer complete solutions
Security Practitioners
- Break down your data silos
- Free yourself from vendor lock-in
- Decrease tool integration resource drain
- Avoid buying unnecessary tools
- Get maximum value from the tools already installed
- Decrease complexity of architecting and deploying cyber solutions
- Share information, analytics, and orchestrated response between products
Managed Security Service Providers
- Increase vendor options and decrease vendor dependency for your customers
- Reuse out-of-the-box integration solutions across customers
- Streamline customer onboarding with plug and play tools
- Reduce development and reconfiguration costs for application/tool orchestration
- Increase transferable skills for your analysts across domains and customers
- Share best practices across customers
- Achieve compliance faster
Public Sector
- Facilitate communication between private and public-sector stakeholders
- Promote effective federal agency participation in the voluntary standards-setting process
- Promote interconnectivity between federal agencies
- Decrease spending by leveraging freely available cyber standards
- Tap into brain trust of cyber experts from private industry
- Unify fragmented efforts and encourage convergence
- Protect development efforts from single-vendor bias and foster a greater competitive solutions
- Exert influence as a large-scale implementer, advocate for constituency
OCA Member Testimonials
When security teams are constantly spending their time manually integrating tools and maintaining those integrations, it’s not helping anyone other than the attackers... The mission of the OCA is to create a unified security ecosystem, where businesses no longer have to build one-off manual integrations between every product, but instead can build one integration to work across all, based on a commonly accepted set of standards and code.
Collective defense is a powerful security strategy that we need to leverage to fend off the bad guys. At Cyware, our vision is to achieve collective defense for all organizations which will be further strengthened with Cyware joining the OCA. We are really excited to be part of the OCA initiative and look forward to fostering the culture of collaboration at all the possible levels for effective threat response.
EclecticIQ and the Open Cybersecurity Alliance (OCA) share a common belief that an open ecosystem improves cybersecurity for everyone. Our open and extensible platform makes it easy to use and share intelligence from multiple sources to detect threats earlier, remediate incidents faster, and run operations more efficiently. We applaud the OCA for driving industry-wide cooperation on protocols and standards surrounding sharing cybersecurity insights and findings.
The Center for Internet Security (CIS) joined the Open Cybersecurity Alliance (OCA), because we have common missions – to improve the efficacy of cybersecurity programs. Each organization plays a vital role in achieving this. CIS produces a variety of authoritative, community-developed security best practices (CIS Critical Security Controls and CIS Benchmarks), which are designed to be incorporated into interoperable software components. The OCA seeks to enable that interoperability with interface and payload definitions accompanied by running code. Together, we are helping organizations – both in the public and private sector – to better protect their customers and their own reputations.