Open-source options offer increased SOC tool interoperability
Anecdotal evidence of security operations center (SOC) tool overload is overwhelming — at CSO we hear complaints from industry sources about this problem all the time — but the 2019 SANS SOC Survey attempted to quantify the problem. For most survey respondents, there were roughly equal numbers of SOC analysts as there were full-time employees tasked with maintaining the SOC security tools. That’s on top of the expense of purchasing those security tools in the first place.
To solve this problem, IBM and McAfee launched the Open Cybersecurity Alliance (OCA) in October 2019. Together they have released two open-source projects meant to improve interoperability among enterprise security tools. One, STIX Shifter, enables federated search for indicators of compromise (IoC) across different security tools. The other, OpenDXL, is an open messaging format so that tools can share information, notifications and commands in a standardized way.